This project is in alpha version. It can be buggy and many improvements can be done. If you wish, do not hesitate to make a contribution.
SledRE is a scalable application for Windows malware analysis. It allows to run multiples jobs in parallels. At the moment, two jobs are available:
- PESieve: this job goal is to unpack a Windows PE malware using PESieve.
- Detours: this job goal is to hook and trace syscalls of Windows PE malware (more than a thousand common syscalls). Theses traces can be used to create artificial intelligence models. But they can also be directly imported to Ghidra using ghidra-sledre extension to help reverse engineers.
- Windows 7 sandbox using qemu and Linux containers
- Automated installation using a script to build the VM with required binaries
- Scalability of the Windows workers depending on the host resources
- Windows syscall hooking to generate traces
- Malware unpacking using PESieve
- Tag creation based on hook traces
- Dataset generation
- Ghidra extension to import SledRE traces
The installation and usage procedures are covered by the documentation.
The project documentation is available at SledRE Documentation.
If you wish to make a contribution, you should check out the Development Documentation