Project details for Malheur

Screenshot Malheur 0.5.4

by konrad - December 25, 2013, 13:20:31 CET [ Project Homepage BibTeX BibTeX for corresponding Paper Download ]

view (7 today), download ( 0 today ), 0 subscriptions


Malheur is a tool for the automatic analysis of malware behavior (program behavior recorded from malicious software in a sandbox environment). It has been designed to support the regular analysis of malicious software and the development of detection and defense measures. Malheur allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes.

Malheur builds on the concept of dynamic analysis: Malware binaries are collected in the wild and executed in a sandbox, where their behavior is monitored during run-time. The execution of each malware binary results in a report of recorded behavior. Malheur analyzes these reports for discovery and discrimination of malware classes using machine learning.

Malheur can be applied to recorded behavior of various format, as long as monitored events are separated by delimiter symbols, for example as in reports generated by the popular malware sandboxes CWSandbox, Anubis, Norman Sandbox and Joebox.

Changes to previous version:

Support for new version of libarchive. Minor bug fixes.

BibTeX Entry: Download
Corresponding Paper BibTeX Entry: Download
Supported Operating Systems: Posix
Data Formats: Mist, Txt
Tags: Sequence Analysis, Classification, Clustering
Archive: download here

Other available revisons

Version Changelog Date

Support for new version of libarchive. Minor bug fixes.

December 25, 2013, 13:20:31

The tool's persistent state is stored in the local state directory (i.e. /var) for better maintenance. Several minor bugs have been fixed.

December 27, 2012, 14:35:19

Another major bug due to changes in libconfig has been fixed. sigh

August 29, 2011, 09:50:27

Fixed major bug in parsing of configuration files. Woot.

August 24, 2011, 17:36:16

All configuration parameters can be specified on the command line. The manual page and documentation have been updated and extended. Minor bugs have been fixed.

April 19, 2011, 11:52:24

Several minor fixes.

August 12, 2010, 15:31:10

Initial Announcement on

January 23, 2010, 11:12:27


No one has posted any comments yet. Perhaps you'd like to be the first?

Leave a comment

You must be logged in to post comments.