Update README.md
Browse files
README.md
CHANGED
|
@@ -1,3 +1,60 @@
|
|
| 1 |
-
---
|
| 2 |
-
|
| 3 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
---
|
| 2 |
+
---
|
| 3 |
+
title: MCMA - Malware Static Analyzer & YARA Generator
|
| 4 |
+
emoji: 🛡️
|
| 5 |
+
colorFrom: blue
|
| 6 |
+
colorTo: red
|
| 7 |
+
sdk: gradio
|
| 8 |
+
sdk_version: 5.0.0
|
| 9 |
+
app_file: app.py
|
| 10 |
+
pinned: false
|
| 11 |
+
license: mit
|
| 12 |
+
tags:
|
| 13 |
+
- cybersecurity
|
| 14 |
+
- malware-analysis
|
| 15 |
+
- yara
|
| 16 |
+
- rag
|
| 17 |
+
- llm
|
| 18 |
+
- automation
|
| 19 |
+
---
|
| 20 |
+
|
| 21 |
+
# 🛡️ MCMA – Malware Static Analyzer
|
| 22 |
+
|
| 23 |
+
**MCMA (Malware Classification & Malware Analysis)** is an AI-powered framework designed to assist security analysts and threat hunters. It performs **static analysis** on suspicious files and automatically generates **YARA rules** for detection.
|
| 24 |
+
|
| 25 |
+
Using a combination of Retrieval-Augmented Generation (RAG) and Large Language Models (LLMs), MCMA identifies suspicious patterns without executing the file, making it a safe initial step in the malware analysis pipeline.
|
| 26 |
+
|
| 27 |
+
## 🚀 Key Features
|
| 28 |
+
|
| 29 |
+
* **Static Analysis:** Extracts metadata, strings, and headers without running the binary.
|
| 30 |
+
* **AI-Driven Insights:** Uses an LLM to interpret raw file data and explain *why* a file looks suspicious.
|
| 31 |
+
* **Auto-YARA Generation:** Automatically writes syntactically correct YARA rules based on the analysis logic.
|
| 32 |
+
* **RAG Integration:** (Optional/If applicable) Retrieves context from a vector database of known malware families to improve classification accuracy.
|
| 33 |
+
|
| 34 |
+
## ⚙️ How It Works
|
| 35 |
+
|
| 36 |
+
1. **Input:** User uploads a suspicious file (PE, ELF, Script, etc.) via the Gradio UI.
|
| 37 |
+
2. **Preprocessing:** The system extracts static features (hashes, imports, exports, entropy).
|
| 38 |
+
3. **Inference:**
|
| 39 |
+
* The features are formatted into a prompt.
|
| 40 |
+
* The LLM analyzes the features against known malware behaviors.
|
| 41 |
+
4. **Output:**
|
| 42 |
+
* A JSON report detailed the findings.
|
| 43 |
+
* A generated YARA rule to detect similar samples.
|
| 44 |
+
|
| 45 |
+
## 🛠️ Installation & Usage
|
| 46 |
+
|
| 47 |
+
You can try the live demo in the [Spaces tab](https://huggingface.co/spaces/YOUR_USERNAME/YOUR_SPACE_NAME).
|
| 48 |
+
|
| 49 |
+
### Local Setup
|
| 50 |
+
|
| 51 |
+
To run this tool locally, clone the repository and install the dependencies.
|
| 52 |
+
|
| 53 |
+
```bash
|
| 54 |
+
git clone https://huggingface.co/spaces/zeltera/mcma
|
| 55 |
+
cd mcma
|
| 56 |
+
pip install -r requirements.txt
|
| 57 |
+
python app.py
|
| 58 |
+
|
| 59 |
+
license: mit
|
| 60 |
+
---
|