joshuaguda281-stack/malware-analyzer

# AI 驱动的恶意软件分析器 [](https://opensource.org/licenses/MIT) [](https://www.python.org/downloads/) [](https://github.com/yourusername) 一个结合传统静态分析与人工智能驱动威胁检测的先进恶意软件分析框架，使用机器学习并集成 OpenAI GPT。 ## 🚀 功能 ### 分析能力 | 分析类型 | 描述 | AI 集成 | |---------------|-------------|----------------| | **静态分析** | PE/ELF 头、导入项、节区、字符串 | 特征提取 | | **哈希分析** | MD5、SHA1、SHA256 计算 | VirusTotal 查询 | | **YARA 扫描** | 基于模式的检测 | 规则匹配 | | **机器学习分类** | 随机森林分类器 | Scikit-learn | | **GPT 分析** | 智能威胁评估 | OpenAI API | | **行为分析** | 可疑 API 检测 | 模式识别 | ### 检测方法 - ✅ PE/ELF 文件结构分析 - ✅ 可疑 API 导入检测 - ✅ 高熵节区检测（加壳） - ✅ URL/IP/注册表提取 - ✅ YARA 规则匹配 - ✅ 机器学习分类 - ✅ GPT 驱动的智能分析 - ✅ VirusTotal 集成 ## 📋 要求 - **Python 3.8** 或更高版本 - **可选 AI 功能**：scikit-learn、numpy、openai - **API 密钥**（可选）：OpenAI、VirusTotal ## 🔧 安装 ``` # 克隆仓库 git clone https://github.com/joshuaguda281-stack/malware-analyzer.git cd malware-analyzer # 安装核心依赖项 pip install pefile yara-python requests # 安装 AI 依赖项（可选） pip install numpy scikit-learn openai # 或者一键安装全部 pip install -r requirements.txt 💻 Usage Basic Analysis # 分析可疑文件 python3 malware_analyzer.py suspicious.exe # 启用 AI 分析（默认） python3 malware_analyzer.py suspicious.exe --ai # 禁用 AI（仅传统模式） python3 malware_analyzer.py suspicious.exe --no-ai # 详细输出 python3 malware_analyzer.py suspicious.exe --verbose With VirusTotal Integration# Check against VirusTotal python3 malware_analyzer.py suspicious.exe --virustotal YOUR_API_KEY With OpenAI GPT # 设置 API 密钥 export OPENAI_API_KEY="your-key-here" # 使用 GPT 分析运行 python3 malware_analyzer.py suspicious.exe 📊 Sample Output ====================================================================== AI-POWERED MALWARE ANALYSIS FRAMEWORK Sample: suspicious.exe ====================================================================== [*] Calculating file hashes... MD5: 44d88612fea8a8f36de82e1278abb02f SHA256: e3b0c44298fc1c149afbf4c8996fb924... [*] Performing static analysis (PE)... [!] Found 12 suspicious API imports [!] High entropy sections detected (possible packing) [+] Analyzed 5 sections, 156 imports [*] Performing AI-powered threat analysis... ML Malicious Score: 85.5% GPT Verdict: MALICIOUS [*] Generating final verdict... Score: 87.3/100 Verdict: MALICIOUS Reasons: - Suspicious imports: 12 - URLs found: 3 - AI/ML score: 85.5% - GPT analysis indicates malicious ====================================================================== ANALYSIS SUMMARY ====================================================================== File: suspicious.exe Verdict: MALICIOUS Confidence: 87.3% ====================================================================== 🤖 AI Integration Details Machine Learning (Scikit-learn) Model: Random Forest Classifier Features: File size, sections, imports, entropy, network indicators Output: Maliciousness score (0-100%) OpenAI GPT Model: GPT-3.5/4 Turbo Input: File characteristics and indicators Output: Verdict with reasoning 🎯 Use Cases Security Analysts - Rapid triage of suspicious files Incident Response - Malware identification Threat Hunting - Zero-day detection Research - Malware family classification 🔧 Troubleshooting Issue Solution ImportError: No module named pefile pip install pefile AI analysis not available Install scikit-learn: pip install scikit-learn OpenAI API error Check API key and billing status 📝 Environment Variables # 可选 API 密钥 export OPENAI_API_KEY="your-openai-key" export VIRUSTOTAL_API_KEY="your-virustotal-key" 📝 License MIT License - See LICENSE file for details. 👤 Author Joshua Guda GitHub: @joshuaguda281-stack LinkedIn: Joshua Guda 🙏 Acknowledgments OpenAI for GPT API Scikit-learn for ML capabilities VirusTotal for threat intelligence YARA for pattern matching ⭐ Support If this tool helps you detect malware, please star the repository! ```

标签：AI安全, AI驱动安全, AMSI绕过, APT检测, Chat Copilot, DAST, ELF分析, GPT集成, IP提取, OpenAI API, PE分析, Python, Python3.8, Scikit-learn, URL提取, YARA扫描, 云安全监控, 云资产清单, 反病毒分析, 反编译, 可疑API检测, 哈希分析, 威胁情报, 威胁检测, 安全工具, 开发者工具, 恶意软件分析, 打包检测, 无后门, 智能检测, 机器学习分类, 机器学习模型, 注册表提取, 特征提取, 病毒总查, 网络安全, 逆向工具, 逆向工程, 随机森林, 隐私保护, 静态分析, 高熵段检测