Project 3: Simple Malware Detection using File Hashing
Malware detection can be implemented by checking if a file matches the hash of known malware signatures. This project helps to build a basic malware detection system that checks files against a database of malicious file hashes.
See Simple_Malware_Detection_using_File_Hashing for technical document.
Objective:
Create a Python script that compares the hash of files on a system against a known database of malware signatures.
Python Script:
# Import Libraries
import hashlib
import os
# Function to calculate the hash of a file
def calculate_hash(file_path, hash_algorithm="sha256"):
hasher = hashlib.new(hash_algorithm)
try:
with open(file_path, 'rb') as file:
while chunk := file.read(8192):
hasher.update(chunk)
return hasher.hexdigest()
except FileNotFoundError:
return None
# Function to check files against known malware hashes
def check_for_malware(file_path, malware_hashes):
file_hash = calculate_hash(file_path)
if file_hash in malware_hashes:
print(f"ALERT: {file_path} contains malware!")
else:
print(f"{file_path} is clean.")
# Example usage
if __name__ == "__main__":
# Database of known malware hashes (replace with real hashes)
known_malware_hashes = [
"5d41402abc4b2a76b9719d911017c592", # Example MD5 hash
"b94f6f125c79e3a5d8f5b3f839f96278", # Example SHA-256 hash
]
files_to_check = ["example_file.txt", "malicious_file.exe"] # Replace with actual file paths
for file in files_to_check:
check_for_malware(file, known_malware_hashes)## example_file.txt is clean.
## malicious_file.exe is clean.Explanation:
Project Benefits and Learning Outcomes:
These projects will give you further exposure to critical cybersecurity concepts such as monitoring user activity (keylogger) and file-based malware detection (hash matching), while improving your Python programming skills.