OpenBox Malware Analyzer

A high-performance, memory-safe malware analysis platform written in Rust.

🌐 Language

• English
• 中文

✨ Features

• Static Analysis: PE/ELF/MachO file structure parsing, entropy calculation, packer detection
• String Extraction: Printable strings, URL detection, network indicator extraction
• YARA Signature Engine: Full YARA rule integration with text/hex/regex matching
• Built-in Rules: 10+ predefined malware signature rules
  • Packer detection (UPX, PECompact, ASProtect, Themida)
  • Suspicious network activity detection
  • Registry and file operation monitoring
  • Anti-debugging and process injection detection
• Parallel Analysis: Multi-threaded file analysis utilizing multi-core CPUs
• Analysis Cache: Memory and file-based caching for faster repeated analysis
• SQLite Database: Persistent storage for samples and reports
• RESTful API: Complete web API interface
• Desktop GUI: Native desktop application based on egui
• Security Enhancements: File validation, size limits, path security checks

🏗️ Architecture

OpenBox v1.0.0
├── openbox-core      # Core analysis engine
│   ├── static_analysis   # Static analysis
│   ├── signature        # YARA signature matching
│   ├── cache           # Analysis cache
│   ├── parallel        # Parallel processing
│   └── sandbox         # Sandbox monitoring
├── openbox-gui       # Desktop GUI application
└── openbox-yara      # YARA rule engine

🚀 Quick Start

Installation

# Build from source
git clone https://github.com/example/openbox.git
cd openbox
cargo build --release

# Run
./target/release/openbox

Basic Usage

# Analyze single file
openbox analyze sample.exe

# Parallel analyze multiple files
openbox analyze file1.exe file2.dll file3.bin

# Start API server
openbox serve -p 8080

# Start desktop GUI
openbox gui

📊 Project Status

Module	Status	Test Coverage	Documentation
openbox-core	✅ Complete	45+ tests	Complete
openbox-gui	✅ Complete	-	Basic
openbox-yara	✅ Complete	12 tests	Complete

📈 Test Coverage

openbox-core:
  ✓ Unit tests: 30 passed
  ✓ Integration tests: 11 passed
  ✓ Parallel tests: 4 passed
  
openbox-yara:
  ✓ Unit tests: 4 passed
  ✓ Integration tests: 8 passed

Total: 45+ test cases

📚 Documentation

• User Manual - Complete usage guide
• Contributing Guide - How to contribute
• Code of Conduct - Community guidelines
• Changelog - Version history

🛠️ Tech Stack

• Language: Rust 1.70+
• GUI: egui 0.29
• Database: SQLite (rusqlite)
• Parsing: goblin, object
• Concurrency: Rayon (data parallelism), Tokio (async)
• Web: Axum, Tower
• Serialization: serde, serde_json

🎯 Goals

To become the leading high-performance malware analysis tool in the open source community, providing security researchers with powerful, efficient, and reliable analysis capabilities.

📄 License

MIT OR Apache-2.0

🙏 Acknowledgments

Thanks to all developers who contribute to OpenBox!

---

Star ⭐ to support our continued development!