MLRD is a machine learning based malware analyser written in Python 3 that can be used to detect ransomware.
+ Analyses and Extracts features from PE file headers to determine if a file is malicious or not.
+ Features include: Debug Size, Debug RVA, Major Image Version, Major OS Version, Export Size, IAT RVA, Major Linker Version, Minor Linker Version, Number Of Sections, Size Of Stack Reserve, Dll Characteristics, and Bitcoin Addresses.
+ Checks if a file contains a Bitcoin Address using YARA rules.
+ Correlate results with Virus Total, Threat Crowd, and Hybrid Analysis.
– Malicious and Benign test files for use with the program can be found in the Test Data directory.
– In this directory you will find benign windows PE files and ransomware files within a ZIP file.
– Malicious programs are contained within this directory and thus, should be handled with care.
– The ransomware distributed inside the test virtual machine have been gathered for research purposes and are only for use within the scope of this project.
– Using these programs with malicious intent is strictly prohibited.
Use and Download:
git clone https://github.com/callumlock/MLRD-Machine-Learning-Ransomware-Detection
sudo pip3 install -r requirements.txt
python3 mlrd.py -h