Skip to content
/ regkeval Public

Malware detection in registry using a baseline

2 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ignacioj/regkeval

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

60 Commits
README.md
README.md
 
 
regkeval_HKLM.csv
regkeval_HKLM.csv
 
 
regkeval_HKU.csv
regkeval_HKU.csv
 
 
regkeval_html.dat
regkeval_html.dat
 
 
regkeval_v3.7.pl
regkeval_v3.7.pl
 
 
regkeval_val_justif.tsv
regkeval_val_justif.tsv
 
 
regkeval_val_malw_espec.tsv
regkeval_val_malw_espec.tsv
 
 

Repository files navigation

regkeval

The idea is to compare as many registry entries as I know that can be used for malware persistence against both a well-known baseline of right and wrong values.

Characteristics:

  • Works on offline registry hives.

  • The keys and values to search can be defined using wildcards. It can be used to detect anomalies in computers with similar characteristics and configuration.

  • Resolves any CLSID obtained in the output.

  • Extraction of readable content from binary data.

  • Custom selection of keys to retrieve based on filters.

  • Custom classification of the output.

  • TSV file and colorized html output for easier inspection of results.

  • The timestamps of the keys are included in the output.

About

Malware detection in registry using a baseline

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages