ZABIMARU is a comprehensive malware analysis tool designed to identify and report persistent malware on Windows systems. The tool scans for running services and startup applications, hashes their executable files, and checks them against VirusTotal. Any detected malicious files are then analyzed using Groq AI to generate a detailed malware analysis report. The tool includes a user-friendly UI built using CustomTkinter for seamless interaction.
It has a boatload of features, see FEATURES.md
- Python 3.x Libraries:
-
-requests -
-dotenv -
-reportlab -
-groq
External Tools:
-
-PowerShell for executing scripts that retrieve running services and startup programs.
git clone https://github.com/yourusername/zabimaru.git
cd zabimarupip install -r requirements.txt
GQ_API_KEY="your_groq_api_key"
VT_API_KEY="your_virustotal_api_key"
.\ZabimaruMain.py-
Running the PowerShell Script: Zabimaru runs a bundled PowerShell script (Zabimaru.ps1) to gather running services and startup applications.
-
Hashing and Analysis:
- The tool computes hashes of the detected applications and checks these hashes against VirusTotal.
- If malicious entries are found, Groq AI generates a detailed analysis report. Generating a PDF Report:
-
The analysis results are saved in a user-readable PDF file using the reportlab library.
Run the tool with:
python ZabimaruMain.pyZabimaru is intended for educational and research purposes only. Ensure you use it in a controlled, isolated environment and comply with relevant laws and regulations when handling malware.
Click here to see more info results.md