An opensource antivirus implementation - Successor of CyberGod KSGMPRH
Mrida is an open source antivirus implementation which uses YARA and LSH to detect malicious programs. It is programmed using C++ 14.
import requests
r = requests.post("http://127.0.0.1:5660/scan_file_for_yara", data={"file": "D:/test.eicar", "target": "windows"})
r.json()
{
"detections": [
{
"author": "Visweswaran",
"description": "BOT",
"name": "bot"
},
{
"author": "UNKNOWN AUTHOR",
"description": "EXAMPLE - 1",
"name": "example"
}
],
"message": true
}
import requests
r = requests.post("http://127.0.0.1:5660/scan_file_for_packer", data={"file": "D:/git-bash.exe"})
r.json()
{
"detected": [
"Microsoft_Visual_Cpp_80_DLL"
]
}
r = requests.post("http://127.0.0.1:5660/shannon_entropy_for_file", data={"file": "D:/git-bash.exe"})
r.json()
{
"entropy": 4.221405214084764
}
http://127.0.0.1:5660/is_domain_blocked?host=www.test.com
{
"message": false
}
r = requests.post("http://127.0.0.1:5660/proc_scan", data={"type": "gui", "api": "[YOUR KEY]"})
r = requests.get("http://127.0.0.1:5660/get_tlsh_distance?hash_one=B0648D22F7D290B5D063033049BCA2BAA67FFDBFD920825BB3C4631E4DB0791AE35F56&hash_two=B0648D22F7D290B5D063033049BCA2BAA67FFDB55920825BB3C4631E4DB0791AE35F56")
r.json()
{
"message": 6
}
r = requests.get("http://127.0.0.1:5660/check_threat_db?tlsh=FC55ADF47998802EC02A4437B961A6D96B307C975C865813FEA8BB1D3CEF160FD09677&min_size=3500&max_size=3543005&type=application/x-msdownload")
r.json()
The antivirus makes use of the following opensource libraries:
- YARA by VirusTotal
- YARA wrapper for C++ by Avast
- JSON for C++ by Niels Lohmann
- HTTP library for C++ by yhirose
- TLSH by trendmicro
License: GPL 2.0