Bor-Code/MalwareAnalysisTool

# MalwareAnalysisTool A C++17-based security tool that performs static and dynamic analysis of Windows PE (Portable Executable) files. It features a GUI built on ImGui (docking) + GLFW + OpenGL3. ## Features - PE header parsing (DOS header, NT headers, section table) - Section-based entropy calculation (high entropy → warning for encrypted/packed content) - Dynamic analysis: monitoring process, network, and file system activity - ImGui docking-based interface ## Requirements | Tool | Minimum Version | |---|---| | CMake | 3.15 | | MSVC or MinGW-w64 | C++17 support | | Git | — | | OpenGL driver | — | ## Compilation git clone https://github.com/Bor-Code/MalwareAnalysisTool.git cd MalwareAnalysisTool cmake -B build -DCMAKE_BUILD_TYPE=Release cmake --build build --config Release Output: `build/Release/pe_analyzer.exe` ## Usage pe_analyzer.exe When the application opens, you can view the analysis results through the ImGui interface. ## Project Structure MalwareAnalysisTool/ ├── include/ │ └── analyzer/ │ ├── pe_parser.hpp # PE parser interface │ ├── dynamic_analyzer.hpp # Dynamic analysis interface │ └── utils.hpp # Utility functions ├── src/ │ ├── main.cpp # Entry point, GUI loop │ ├── pe_parser.cpp # PE format implementation │ └── dynamic_analyzer.cpp # Process/network/file monitoring ├── CMakeLists.txt └── README.md ## Roadmap - [ ] Import Address Table (IAT) parsing — to detect suspicious API calls - [ ] Color-coded terminal output for high-entropy alerts - [ ] Integration of basic API hooking mechanism ## License MIT — see the [LICENSE](LICENSE) file for details.