dEEpEst
☣☣ In The Depths ☣☣
Staff member
Administrator
Super Moderator
Hacker
Specter
Crawler
Shadow
- Joined
- Mar 29, 2018
- Messages
- 13,860
- Solutions
- 4
- Reputation
- 27
- Reaction score
- 45,546
- Points
- 1,813
- Credits
- 55,340
7 Years of Service
56%
ExeShield AI detects malicious Windows executables using ML. Analyzes entropy, imports, and metadata for rapid classification, aiding incident response. Built with Python and scikit-learn.
ExeRay
X-ray Vision for Windows Executables
ExeRay 
X-ray Vision for Windows Executables
- Detect malicious .exe files using machine learning. Extracts static features (entropy, imports, metadata) and combines ML with heuristic rules for fast, automated classification.
- Hybrid detection (Random Forest/XGBoost + rule-based checks).
- Real-time predictions with confidence scores.
- Handles obfuscated/novel malware better than signature-based tools.
Tech Stack
Core Components:
- Language: Python 3.8+
- ML Frameworks: scikit-learn, XGBoost
- PE Analysis: pefile (for parsing Windows executables)
- Data Handling: pandas, numpy
- Security: pyzipper (malware sample decryption)
Key Workflows:
- Feature Extraction:
- Static analysis of .exe files (entropy, section headers, imports).
- Uses pefile to extract metadata and structural features.
- Model Training:
- Hybrid RandomForest + XGBoost ensemble.
- Threshold calibration for precision/recall balance.
- Prediction:
- Real-time classification with confidence scoring.
Directory Structure
Code:
ExeShield_AI/
├── assets/ # Repo Images
├── data/ # Raw Samples
│ ├── malware/ # Malicious Executables
│ └── benign/ # Clean Executables
├── dependencies/ # Installation Dependencies
├── models/ # Saved Models/Thresholds
│ ├── malware_detector.joblib
│ └── optimal_threshold.npy
├── output/ # Processed Data (CSV/features)
│ └── malware_dataset.csv
├── scripts/ # Core Scripts
│ ├── download_malware_samples.py
│ ├── extract_features.py
│ ├── train_model.py
│ └── predict.py
└── README.md
Installation and Usage (Commands & Outputs)