Automatic Analysis of Malware Behavior



For building Malheur from source code the following libraries are required. Depending on the operating system, further development tools and packages may need to be installed.

   >= uthash-1.7
   >= libconfig-1.4
   >= libarchive-3.1.2


Malheur follows the standard compilation procedure of GNU software. It has been successfully compiled on Linux, Mac OS X and OpenBSD.

  $ ./configure [options]
  $ make
  $ make check
  $ make install

Configuration options

  --prefix=PATH           Set directory prefix for installation

By default Malheur is installed into /usr/local. If you prefer a different location, use this option to select an installation directory.

  --enable-openmp         Enable support for OpenMP 

This option enables support for OpenMP in Malheur. Several functions of the malware analysis have been enhanced using OpenMP directives, such that they execute in parallel and benefit from multi-core architectures.

  --enable-matlab         Enable optional Matlab tools
  --with-matlab-dir=PATH  Set directory prefix of matlab installation

Some functions of Malheur are also available in form of Matlab .mex files which allows for using implemented analysis methods directly from within a Matlab environment.