-
Notifications
You must be signed in to change notification settings - Fork 0
Usage
Altug Tatlisu edited this page Oct 27, 2025
·
1 revision
python cli.py file C:\path\to\sample.exeOutput:
╔═══════════════════════════════════════╗
║ PROTEUS v0.1.0 ║
║ Zero-Day Static Analysis Engine ║
╚═══════════════════════════════════════╝
[*] Analysis: sample.exe
[+] Type: PE
[+] Entropy: 6.45
[+] Threat Score: 32.50/100
[+] Verdict: CLEAN
[!] Suspicious Indicators:
- GetProcAddress
python cli.py file sample.exe --stringsAdditional output:
[*] String Analysis:
[+] Total strings: 856
[+] Encoded strings: 12
[!] URLs (2):
https://example.com/api
http://cdn.example.net
[!] Suspicious strings (5):
cmd.exe
powershell
registry
python cli.py strings sample.exepython cli.py dir C:\malware\samples --output results.jsonOutput:
[*] Scanned: 45 files
[+] Clean: 38
[!] Malicious: 7
[!] Malicious Files:
trojan.exe (Score: 78.50)
ransomware.exe (Score: 92.30)
backdoor.dll (Score: 65.20)
[*] Results saved: results.json
| Range | Classification | Description |
|---|---|---|
| 0-30 | Clean | Normal software |
| 31-59 | Suspicious | Review manually |
| 60-100 | Malicious | High threat |
| Value | Interpretation |
|---|---|
| < 6.5 | Normal |
| 6.5-7.0 | Slightly compressed |
| 7.0-7.5 | Compressed/Packed |
| > 7.5 | Encrypted/Heavily packed |
High Risk APIs:
-
VirtualAlloc- Memory allocation -
CreateRemoteThread- Code injection -
WriteProcessMemory- Process manipulation
Medium Risk APIs:
-
GetProcAddress- Dynamic API loading -
LoadLibrary- DLL loading -
ShellExecute- Command execution
import proteus
from python.analyzer import ProteusAnalyzer
# Initialize analyzer
analyzer = ProteusAnalyzer()
# Analyze file
result = analyzer.analyze_single('sample.exe')
print(f"Score: {result['score']}")
print(f"Verdict: {result['verdict']}")
# Extract strings
strings = proteus.extract_strings_from_file('sample.exe')
print(f"URLs: {strings.urls}")
print(f"IPs: {strings.ips}")from python.analyzer import ProteusAnalyzer
analyzer = ProteusAnalyzer()
analyzer.threshold = 50.0 # Lower threshold = more sensitive
result = analyzer.analyze_single('sample.exe')from pathlib import Path
from python.analyzer import ProteusAnalyzer
analyzer = ProteusAnalyzer()
samples = list(Path('samples').glob('*.exe'))
results = analyzer.analyze_directory('samples')
malicious = [r for r in results if r['verdict'] == 'MALICIOUS']
print(f"Found {len(malicious)} malicious files")- Always use isolated environments for malware analysis
- Disable network when analyzing unknown files
- Use snapshots in VMs for easy recovery
- Verify hashes of samples before analysis
- Review results manually for borderline cases