The usage of Malheur is covered in a classic manual page (man page), including command line options, configuration files and different operation modes.
Malheur is developed in plain C. Malheur's functionality for analysis of malware behavior is organized in different modules that are documented using Doxygen annotation.
Malheur programming reference
Reference for modules and data structures
(Automatically generated from source code)
The following technical articles detail the background of analysis techniques implemented in Malheur, starting with design and extraction of behavioral patterns and reaching over to clustering and classification methods.
Automatic Analysis of Malware Behavior using Machine Learning
Konrad Rieck, Philipp Trinius, Carsten Willems, and Thorsten Holz.
Journal of Computer Security (JCS), 19 (4) 639-668, 2011.
A Malware Instruction Set for Behavior-Based Analysis
Philipp Trinius, Carsten Willems, Thorsten Holz, and Konrad Rieck
TR-2009-07, University of Mannheim, 2009