[BACKEND/FEATURE REQUEST] Detection and protection from malicious content - Imp hash.

[Kashish121]

Hostile, intrusive, and intentionally nasty, malware seeks to invade, damage, or disable computers, computer systems, networks, tablets, and mobile devices. Malware detection and prevention is one of the most concerned features of endpoint security.

One possible way of pulling off this feature is using imphash. Imp Hash can be used for signature based Malware detection in drives.

What is Imp Hash?
The Import Hash (ImpHash) is a hash over the imported functions by PE file. It is often used in malware analysis to identify malware binaries that belong to the same family.

Relevant links and resources:

• Endpoint security
• Different approaches
• Imp Hash
• Malware analysis using python - hashing technique
• Existing tool - opswat
• Existing tool - sophos

What is expected?
This feature request should follow up a basic idea of scanning through the drives of a host system to detect the presence of any malicious content.

• Python based code for scanning drives and paths entered by the user.
• Paths entered can be taken as an input text file.
• Output displayed should be a list of files identified as malicious content.

NOTE:
Additionally, the next stage of this feature could supposedly be on prevention or removal of these malicious content from the host. Content Disarming and Reconstruction(CRD) is one possible direction of this future work.

[vinitshahdeo]

@Kashish121 This is a great idea. 👀