malware

SecureWoof is an AI-powered malware scanner that provides users with an efficient and reliable method to detect and analyze potentially harmful executable files.

To accomplish this, the tool employs various techniques and open-source libraries. When a user uploads an executable file, SecureWoof conducts a series of steps to evaluate its safety.

First, the file is checked against a set of static Yara rules, which helps identify any known patterns or signatures associated with malicious code.

Next, the file is unpacked using the Retdec unpacker, a widely-used tool for decompressing files. After unpacking, the file is decompiled into a single C file using Ghidra, an open-source software package. This process enables the tool to analyze the code and understand its structure.

The decompiled file is then formatted using clang-tidy, a tool for ensuring code quality and adhering to coding standards. To further enhance the analysis, the decompiled code is embedded using FastText, a library that allows the tool to understand the semantic context of the code.

Finally, the file undergoes an evaluation for maliciousness using a trained RoBERTa transformer network. The RoBERTa and FastText models utilized by SecureWoof were trained using the SOREL-20M malware dataset, enhancing their ability to accurately identify and classify potential threats within uploaded files.

With its intelligent scanning capabilities, SecureWoof offers users an advanced solution for proactively addressing cybersecurity risks associated with executable files.