Skip to content

captainx-dcode/malware-analysis

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Malware Analysis

A learning + portfolio repository documenting hands-on malware analysis work, built around a reusable, defensive static-analysis pipeline pattern.

Defensive & educational scope. Everything here is for understanding and defending against malicious software. The labs are deliberately theoretical/simulated — no real malware is provided or executed. The scripts read a file's bytes and report observable indicators; they never run the sample.


Repository structure

malware-analysis/
├── README.md                  ← you are here
├── .gitignore
├── part-one/                  ← COMPLETE
│   ├── README.md              Part 1 overview + how to run
│   ├── docs/
│   │   └── documentation.md   Full unit study guide (concepts → workflow → glossary)
│   ├── pseudocode/
│   │   └── static-analysis-pipeline.md   Reusable, language-agnostic pattern
│   └── code/
│       ├── basic_analysis.py  Technical lesson — analyzes "suspicious.bin"
│       └── pdf_analysis.py     Graded lab — analyzes "suspicious.pdf"
└── part-two/                  ← PENDING (placeholder)
    └── README.md

What's here

Part Topic Status
Part One Introduction to malware analysis; static vs. dynamic; automating basic static analysis in Python ✅ Complete
Part Two To be added ⏳ Pending

The core idea: one reusable pipeline

All the static-analysis code in this repo is the same five-stage pipeline, just pointed at different artifacts:

Acquire  →  Extract  →  Fingerprint  →  Detect  →  Report
(read     (printable    (MD5 +          (keyword   (readable
 bytes)    strings)      SHA-256)        scan)       summary)
  • basic_analysis.py applies it to a generic binary (suspicious.bin).
  • pdf_analysis.py applies it to a PDF (suspicious.pdf) — only the file path and the suspicious-keyword list change.

The pattern itself is documented in part-one/pseudocode/static-analysis-pipeline.md so it can be reused for future artifact types.


Quick start

Requires only the Python 3 standard library (os, re, hashlib) — no third-party installs.

# from the repo root
cd part-one/code
python3 pdf_analysis.py        # expects a file named suspicious.pdf in the cwd
python3 basic_analysis.py      # expects a file named suspicious.bin in the cwd

Because the labs are simulated, the sample files won't normally exist — the scripts handle that gracefully and print a read-error message instead of crashing.


Author

Eugen Nyongesa — cybersecurity coursework & portfolio.

License

No license file is included yet. Add one (e.g. MIT) if you want others to reuse the code; until then, default copyright applies.

About

Defensive malware-analysis coursework: a reusable Python static-analysis pipeline (string extraction, MD5/SHA-256 hashing, IoC keyword detection) with full documentation and language-agnostic pseudocode. Simulated labs — no real malware.

Topics

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages