Malheur

Automatic Analysis of Malware Behavior

Documentation

Manual page

The usage of Malheur is covered in a classic manual page (man page), including command line options, configuration files and different operation modes.

Programming

Malheur is developed in plain C. Malheur's functionality for analysis of malware behavior is organized in different modules that are documented using Doxygen annotation.

Background information

The following technical articles detail the background of analysis techniques implemented in Malheur, starting with design and extraction of behavioral patterns and reaching over to clustering and classification methods.