Metadata-Version: 2.3
Name: artsem
Version: 0.0.43
Project-URL: Documentation, https://github.com/unknown/artsem#readme
Project-URL: Issues, https://github.com/unknown/artsem/issues
Project-URL: Source, https://github.com/unknown/artsem
Author-email: uRHL <100383351@alumnos.uc3m.es>
License-Expression: MIT
Classifier: Development Status :: 4 - Beta
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: Implementation :: CPython
Classifier: Programming Language :: Python :: Implementation :: PyPy
Requires-Python: >=3.7
Description-Content-Type: text/markdown

# ARTSEM: Anti-Reversing Trace Scanner for ELF Malware

[![PyPI - Version](https://img.shields.io/pypi/v/artsem.svg)](https://pypi.org/project/artsem)
[![PyPI - Python Version](https://img.shields.io/pypi/pyversions/artsem.svg)](https://pypi.org/project/artsem)

-----

> Note: Although "Malware" is included in the name the tool can be used on any purpose Linux executables. 

**Table of Contents**
1. [Description](#description)
2. [Installation](#installation)
3. [The dataset](#the-dataset)
4. [Roadmap](#roadmap)
5. [License](#license)

---

## Description

This project aims to create an automated tool able to detect which anti-analysis techniques had been applied to a binary.

First we will analyze some techniques (anti-debugging, anti-disassembly, etc.) and the differences in the binaries when they are used.

Then, we will look for traces, patterns and other evidences that allow us to detect the usage of anti-analysis features.

Finally, we will use the tool with a real ELF malware dataset, to see which and how often these techniques are used in the wild.

## Installation

```console
pip install artsem
```

## The dataset

The **malware samples** conforming the dataset have been obtained from different sources. Thanks to you all.

* [Vx-Underground](https://github.com/vxunderground/MalwareSourceCode)
* [Malware Bazaar](https://bazaar.abuse.ch/)
* [Malware Samples](https://github.com/MalwareSamples/Linux-Malware-Samples)
* [Virus Share](https://virusshare.com/)
* [Virus Sign](https://virussign.com/index.html)
* [Contagio Dump](https://contagiodump.blogspot.com/)
* [Virus Total](https://www.virustotal.com/gui/home/upload)

---

## Roadmap

### Milestone 1

Generate a (test) dataset from known sources (e.g. 'ls'). To do so, compile the selected program with different flags and analyze the differences between all the binaries generated

### Milestone 2

Create a script able to detect the usage of different anti-analysis techniques. It will run different tests on compiled binaries looking for possible traces left by the usage of these techniques

### Milestone 3

Use the script with the malware dataset

### Milestone 4

Analyze the results. Which techniques were easier to spot? Which ones were more difficult? Are there false positives?

## License

`artsem` is distributed under the terms of the [MIT](https://spdx.org/licenses/MIT.html) license.