Skip to content

Releases: ChronoCoders/proteus

v0.2.0 - YARA Engine Integration & Critical Fixes

03 Nov 23:13
@ChronoCoders ChronoCoders
v0.2.0
bc2b95f

Choose a tag to compare

View all tags
v0.2.0 - YARA Engine Integration & Critical Fixes Latest
Latest

[0.2.0] - 2025-11-02

Added

  • YARA Rule Engine: Industry-standard malware detection
    • 40+ pre-built detection rules across 5 categories
    • Ransomware Rules: WannaCry, Ryuk, Maze, Locky, generic patterns
    • RAT Detection: NanoCore, njRAT, DarkComet, Quasar, AsyncRAT
    • Trojan Rules: Emotet, TrickBot, Dridex, Zeus, Formbook, AgentTesla
    • Packer Detection: UPX, ASPack, Themida, VMProtect, PECompact, MPRESS
    • Suspicious Behavior: Code injection, process hollowing, anti-VM, credential dumping, persistence mechanisms, keyloggers, browser data theft
  • YARA CLI Integration:
    • --yara flag for real-time YARA scanning
    • Combined analysis: --ml --yara --strings
    • Match details with severity levels and family classification
    • Rule metadata display (description, severity, family)
  • Python YARA Engine (python/yara_engine.py):
    • Custom rule loading support
    • Batch directory scanning
    • Detailed match reporting with offsets
    • Rule compilation and management

Changed

  • Updated CLI version to v0.2.0
  • Removed unused YARA Rust dependency from Cargo.toml
  • Improved error handling with specific exceptions
  • Enhanced type hints across Python modules
  • Updated documentation with YARA features

Performance

  • Detection Metrics on 913 Malware Samples:
    • YARA Detection Rate: 58% (531/913 detected)
    • Average matches per file: 1-10 rules
    • Rule categories: 5 files, 40+ individual rules
    • False positive rate on clean samples: ~3% (expected for Windows APIs)

Technical

  • YARA Python binding integration (yara-python==4.5.1)
  • Multi-rule compilation engine
  • String match extraction with offsets
  • Rule namespace and tag support
Assets 2
Loading

Proteus v0.1.0 - Initial Release

27 Oct 17:13
@ChronoCoders ChronoCoders
v0.1.0
13cbd8e

Choose a tag to compare

View all tags
Proteus v0.1.0 - Initial Release

Release v0.1.0 - Initial Release

Release Date: January 27, 2025

🎉 First Stable Release

Proteus v0.1.0 is the initial public release of our zero-day static analysis engine.

✨ Features

Core Analysis

  • PE/ELF Binary Parsing - Full support for Windows PE and Linux ELF executables
  • Entropy Calculation - Global and per-section entropy analysis
  • Heuristic Scoring - Intelligent threat assessment with 60/100 default threshold
  • String Extraction - ASCII and wide string detection with pattern matching
  • IOC Detection - Automatic extraction of URLs, IPs, registry keys, file paths

Performance

  • Rust Core - High-performance analysis engine written in Rust
  • Parallel Processing - Batch scanning with Rayon parallelization
  • Fast Execution - ~50ms per file analysis

Machine Learning

  • Feature Extraction - 16+ features per sample
  • Random Forest - Supervised classification model
  • Isolation Forest - Unsupervised anomaly detection
  • Training Pipeline - Complete ML workflow included

Developer Experience

  • CLI Interface - Easy-to-use command-line tool
  • Python API - Programmatic access via Python
  • PyO3 Bindings - Seamless Rust-Python integration
  • Type Hints - Full type annotation support

📊 Performance Metrics

Metric Value
Detection Rate 100% (test dataset)
False Positive Rate 0% (test dataset)
Avg Analysis Time 50ms
Batch Processing 100 files in 3s

📦 Installation

git clone https://github.com/ChronoCoders/proteus.git
cd proteus
python -m venv venv
venv\Scripts\activate
pip install maturin
maturin develop --release

🚀 Quick Start

# Analyze single file
python cli.py file sample.exe

# Batch scan
python cli.py dir samples/ --output results.json

# String analysis
python cli.py strings sample.exe --strings

📚 Documentation

⚠️ Known Limitations

  • Test dataset uses synthetic malware samples
  • ML models require larger training sets for production use
  • No dynamic analysis capabilities
  • PE analysis more mature than ELF

🔮 What's Next (v0.2.0)

  • YARA rule engine
  • Advanced packer detection
  • Digital signature validation
  • Larger training datasets
  • Performance optimizations

🙏 Acknowledgments

Thanks to the open-source community for:

  • goblin - Binary parsing
  • PyO3 - Rust-Python bindings
  • Rayon - Parallel processing
  • scikit-learn - ML algorithms

📝 Full Changelog

See CHANGELOG.md

🐛 Report Issues

Found a bug? Open an issue

💬 Community

Download: proteus-v0.1.0.zip

SHA256: [Will be generated after release]

Loading