ScanX-Malware-Scanner (Python-based .exe Scanner)

This is a lightweight Python-based tool that scans .exe files on your system to detect known malware and suspicious behaviors. It works by checking file hashes against a known malware database and scanning file contents for suspicious code patterns.

---

🚀 Features

• Scans .exe, .dll, and .sys files in the user's profile directory.
• Detects known malware using hash matching.
• Detects unknown malware by checking for suspicious code indicators.
• Lists all detected threats with clear alerts.
• Comes with a Windows .exe version for non-technical users — no Python required!

---

📂 How It Works

1. File Hash Matching

   • Calculates the MD5 hash of each file.
   • Matches it against a list of known malware hashes (e.g., RedLine Stealer, NjRAT, STOP/DJVU Ransomware).
   • Ignores files that match known safe hashes (e.g., VSCode, Burp Suite, Wireshark).

2. Suspicious Content Detection

   • Extracts readable strings from .exe files.
   • Looks for dangerous code patterns (e.g., os.system, eval(), subprocess.Popen, getpass.getuser).
   • Flags files with multiple suspicious indicators.

3. User-Friendly Report

   • Prints out alerts for suspicious files.
   • Waits for user input before closing (so non-tech users can see results easily).

---

📝 List of Detection Indicators

✅ Malware Hashes Detected

• RedLine Stealer
• NjRAT Trojan
• STOP/DJVU Ransomware
• LokiBot Keylogger

✅ Suspicious Code Patterns Detected

• os.system, subprocess.Popen, eval(), exec()
• Password stealers like getpass.getuser
• File manipulators like os.remove, os.rename
• Network modules like socket.socket, requests.post
• Keyloggers and remote control modules like pyautogui, pynput

---

💾 For Non-Tech Users: .exe Version

A Windows executable file (malware_detector.exe) is provided.

• Just double-click to run the scanner.
• No Python installation needed.
• Shows scan results in a simple console window.

Note: The .exe is created using PyInstaller.

---

⚙️ How to Run

Requirements

• Python 3.x
• No external libraries needed (uses standard Python modules)

Running the Python Script

python malware_detector.py

Building the .exe (Optional)

If you want to build the .exe version yourself:

pyinstaller --onefile malware_detector.spec

This will create malware_detector.exe inside the dist/ folder.

---

📊 Build Artifacts Explained

When you build using PyInstaller, you’ll see these files:

File	Purpose
malware_detector.exe	Executable scanner (ready to use)
malware_detector.pkg	Packaged Python code
xref-malware_detector.html	Cross-reference build report
warn-malware_detector.txt	Warnings from PyInstaller
PYZ-00.pyz, EXE-00.toc	Internal PyInstaller build files

---

🚫 Limitations

• Can only detect malware whose hash or indicators are listed.
• May not detect obfuscated or new malware.
• Does not automatically remove/quarantine threats (detection only).
• Works only on Windows systems (scans .exe, .dll, .sys).

---

✅ Conclusion

• This tool offers a simple but effective method to detect known and suspicious malware in Windows environments.
• Ideal for basic home use or as an educational project on malware detection.
• Not a replacement for full-fledged antivirus solutions but adds an extra layer of security by focusing on code indicators and hashes.