Documentation
Manual page
The usage of Malheur is covered in a classic manual page (man page), including command line options, configuration files and different operation modes.
-
Malheur manual page
HTML manual: manual.html
PDF manual: manual.pdf
Programming
Malheur is developed in plain C. Malheur's functionality for analysis of malware behavior is organized in different modules that are documented using Doxygen annotation.
-
Malheur programming reference
Reference for modules and data structures
(Automatically generated from source code)
Background information
The following technical articles detail the background of analysis techniques implemented in Malheur, starting with design and extraction of behavioral patterns and reaching over to clustering and classification methods.
-
Technical Report on Malheur
Automatic Analysis of Malware Behavior using Machine Learning
Technical report 18-2009, Berlin Institute of Technology
-
Technical Report on MIST
A Malware Instruction Set for Behavior-Based Analysis
Technical report TR-2009-07, University of Mannheim.
