Name	Name	Last commit message	Last commit date
parent directory ..
Agenttesla_visualizations	Agenttesla_visualizations
Amadey_visualizations	Amadey_visualizations
Berbew_visualizations	Berbew_visualizations
Gamarue_visualizations	Gamarue_visualizations
Guloader_visualizations	Guloader_visualizations
Noon_visualizations	Noon_visualizations
Strab_visualizations	Strab_visualizations
Taskun_visualizations	Taskun_visualizations
Vbclone_visualizations	Vbclone_visualizations
Virlock_visualizations	Virlock_visualizations
gcleaner_visualizations	gcleaner_visualizations
remcos_visualizations	remcos_visualizations
Agenttesla_reports.7z	Agenttesla_reports.7z
Amadey_reports.7z	Amadey_reports.7z
Berbew_reports.7z	Berbew_reports.7z
Gamarue_reports.7z	Gamarue_reports.7z
Guloader_reports.7z	Guloader_reports.7z
Noon_reports.7z	Noon_reports.7z
README.md	README.md
Strab_reports.7z	Strab_reports.7z
Taskun_reports.7z	Taskun_reports.7z
Vbclone_reports.7z	Vbclone_reports.7z
Virlock_reports_split.7z.001	Virlock_reports_split.7z.001
Virlock_reports_split.7z.002	Virlock_reports_split.7z.002
Virlock_reports_split.7z.003	Virlock_reports_split.7z.003
gcleaner_reports.7z	gcleaner_reports.7z
remcos_reports.7z	remcos_reports.7z

Test reports

This folder contains some testing reports obtained from the WinMET dataset. The reports have been processed with MALVADA.

Reports

Reports are compressed to save space. The .7z archives have no password. Processing time is computed by executing MalGraphIQ's all mode with default parameters on a system equipped with an Intel i7-10700 @ 2.90GHz CPU with 32GB of DDR4 3200MHz RAM.

gcleaner_reports.7z
- MD5: b35b59edc1272002e875adc064fb9303
- Compressed size on disk: ~19 MiB
- Uncompressed size on disk: ~910 MiB
- MalGraphIQ processing time: ~103 minutes
remcos_reports.7z
- MD5:f95bd2b454ceef3a86e1773af46863e2
- Compressed size on disk: ~44 MiB
- Uncompressed size on disk: ~1476 MiB
- MalGraphIQ processing time: ~35 minutes
Agenttesla_reports.7z
- MD5: 3d2e37e5866eaeb10de5d7d0184bdce4
- Compressed size on disk: ~42 MiB
- Uncompressed size on disk: ~1798 MiB
- MalGraphIQ processing time: ~120 minutes
Amadey_reports.7z
- MD5: 1b9be17244e700690868ed5ccf7583e6
- Compressed size on disk: ~29 MiB
- Uncompressed size on disk: ~1503 MiB
- MalGraphIQ processing time: ~55 minutes
Berbew_reports.7z
- MD5: 2f09e1c4d392ee45d6930a7025e8c9b4
- Compressed size on disk: ~14 MiB
- Uncompressed size on disk: ~773 MiB
- MalGraphIQ processing time: ~24 minutes
Gamarue_reports.7z
- MD5: a2f7ed92fac69bc3adc2447745d8ced3
- Compressed size on disk: ~30 MiB
- Uncompressed size on disk: ~1343 MiB
- MalGraphIQ processing time: ~92 minutes
Guloader_reports.7z
- MD5: b64b48db5aa6c1f3b6148652dcd5d4e6
- Compressed size on disk: ~66 MiB
- Uncompressed size on disk: ~4066 MiB MalGraphIQ processing time: ~214 minutes
Noon_reports.7z
- MD5: cdd32592c637617f377da136929b50bb
- Compressed size on disk: ~42 MiB
- Uncompressed size on disk: ~1753 MiB
- MalGraphIQ processing time: ~115 minutes
Strab_reports.7z
- MD5: 90bfadd450d7b3f6b611f6efad28f579
- Compressed size on disk: ~15 MiB
- Uncompressed size on disk: ~593 MiB
- MalGraphIQ processing time: ~26 minutes
Taskun_reports.7z
- MD5: b5e020506d1400f16614818f7854723e
- Compressed size on disk: ~47 MiB
- Uncompressed size on disk: ~1991 MiB
- MalGraphIQ processing time: ~156 minutes
Vbclone_reports.7z
- MD5: 83e4b45f71232b5d07d97071241a3e42
- Compressed size on disk: ~57 MiB
- Uncompressed size on disk: ~5316 MiB
- MalGraphIQ processing time: ~251 minutes
Virlock_reports.7z -- 3 splits
- Total compressed size on disk: ~139 MiB
  - MD5: f024c3bf5fef2c70c07667cbcdbebcb0 Virlock_reports_split.7z.001 ~ 50 MiB
  - MD5: 559f2f2fff90c67a1af03f6bca7437d8 Virlock_reports_split.7z.002 ~ 50 MiB
  - MD5: 4e4b2af2f9301e39a1866f2e9721871a Virlock_reports_split.7z.003 ~ 39 MiB
- Uncompressed size on disk: ~4489 MiB
- MalGraphIQ processing time: ~168 minutes

Visualizations

The final visualizations for each family are located within their corresponding folders.

We deleted all the intermediate results (transition matrices, behavior and category graphs, and occurrence files).

How to generate them

This is an example for gcleaner and remcos families.

In order to generate the visual representations you see in this repository, we first launched the all execution mode of malgraphiq.py and then relaunched the plots phase to customize and re-scale the visualizations. Re-generation of visualizations with custom parameters was done only for gcleaner and remcos. The remaining families' visualizations are the default ones.

The commands used were the following:

All commands assume current working directory as this folder. Modify paths according to your installation. Executing the following commands will generate all the intermedaite results.

Extract the reports: 7z x gcleaner_reports.7z
Execute the entire pipeline for GCleaner family: $ python3 ../src/malgraphiq/malgraphiq.py all gcleaner_100/ -c ../wbc/catalog.json -w ../winapi_categories/winapi_categories.json.
- Re-generate default visualizations with custom parameters: $ python3 ../src/malgraphiq/malgraphiq.py plots . -rc_max 40 -bb --lower_figure_limit 30 --upper_figure_limit 90 --lower_figure_ratio 90 --fig_title GCleaner
Extract the reports: 7z x remcos_reports.7z
Execute the entire pipeline for Remcos family: $ python3 ../src/malgraphiq/malgraphiq.py all remcos_100/ -c ../wbc/catalog.json -w ../winapi_categories/winapi_categories.json.
- Re-generate default visualizations with custom parameters: $ python3 ../src/malgraphiq/malgraphiq.py plots . -rc_max 40 -bb --lower_figure_limit 30 --upper_figure_limit 90 --lower_figure_ratio 90 --fig_title Remcos

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

Test reports

Reports

Visualizations

How to generate them

FilesExpand file tree

test_reports

Directory actions

More options

Directory actions

More options

Latest commit

History

test_reports

Folders and files

parent directory

README.md

Test reports

Reports

Visualizations

How to generate them