🛡️ MalDestruct

Enterprise-Grade Malware Detection & Response System

Version 2.0.0 | Copyright © 2025 MalDestruct Project

---

🎯 Overview

MalDestruct is a comprehensive, enterprise-grade antivirus and malware detection system designed to protect Windows systems from modern threats. Built with C++ and Qt, it combines real-time monitoring, behavior analysis, and automated response capabilities in a sleek, cyber-inspired interface.

✨ Key Features

🔍 Detection & Analysis

• Real-time Process Monitoring - Continuous scanning of running processes and modules
• SHA256 Hash Verification - File integrity checks with hash-based detection
• VirusTotal Integration - Cloud-based threat intelligence via VirusTotal API
• Behavior-Based Heuristics - Detect suspicious API calls and encryption patterns
• Registry & Startup Scanning - Identify persistence mechanisms
• Memory Dump Analysis - Advanced in-memory threat detection using MiniDumpWriteDump

🛡️ Response & Containment

• Automatic Quarantine - Isolate suspicious files with secure storage
• Kill Chain Isolation - Terminate processes and block network access
• Service Rollback - Restore registry and startup configurations
• Network Blocking - Firewall integration for IP and process-level blocking
• Process Tree Termination - Eliminate entire malware process families

📊 Logging & Reporting

• Dual-Format Logging - JSON and text logs for flexibility
• Real-Time Event Tracking - Comprehensive activity monitoring
• Summary Reports - Detailed reports with timestamps, PIDs, and actions
• Remote Log Sync - Secure SFTP/TLS synchronization
• Alert Notifications - Email, webhook, and syslog integration

⚙️ Configuration & Security

• YAML/JSON Configuration - Easy customization of scan intervals, whitelists, and alerts
• Whitelist System - Signature-based exclusions to prevent false positives
• TLS-Based Updates - Secure, self-updating threat database
• Tamper Protection - Safeguard critical system components

🎨 Professional GUI

• Dark Cyber Aesthetic - Black background with neon blue/green highlights
• Dashboard - System status, statistics, and recent detections
• Process Monitor - Live feed of running tasks with CPU/RAM usage
• Threat Logs - Interactive detection history with filtering
• Quarantine Manager - View, restore, or delete isolated files
• Settings Panel - Configure all system parameters
• System Tray Integration - Background protection with quick access

🗄️ Threat Database

MalDestruct ships with comprehensive malware signatures from legitimate security sources:

• 20+ Threat Families including:
  • 🔴 WannaCry (CVE-2017-0144)
  • 🔴 Petya/NotPetya (CVE-2017-0199)
  • 🔴 Locky Ransomware
  • 🔴 Ryuk Ransomware
  • 🔴 REvil/Sodinokibi
  • 🔴 Maze, Conti, LockBit
  • 🔴 Emotet, TrickBot, Zeus Trojans
  • 🟡 XMRig Cryptominer
  • 🟠 Agent Tesla, FormBook Spyware
  • ⚫ TDL4, ZeroAccess Rootkits

Sources: CVE Database, OWASP, MalwareBazaar, CISA, Hybrid Analysis, FBI Reports, Europol Operations

📦 Installation

Prerequisites

• Windows 10/11 (64-bit)
• Qt 6.x
• CMake 3.20+
• MSVC 2019+ or MinGW-w64
• Administrator privileges (for full functionality)

Build Instructions

# Clone repository
git clone https://github.com/yourusername/MalDestruct.git
cd MalDestruct

# Create build directory
mkdir build
cd build

# Configure with CMake
cmake .. -G "Visual Studio 17 2022" -A x64
# Or for MinGW:
# cmake .. -G "MinGW Makefiles"

# Build
cmake --build . --config Release

# Install
cmake --install . --prefix "C:/Program Files/MalDestruct"

Quick Start

Console Version:

cd bin
MalDestruct_Console.exe

GUI Version:

cd bin
MalDestruct_GUI.exe

🚀 Usage

Console Mode

1. Run MalDestruct_Console.exe with administrator privileges
2. Choose from the main menu:
   • Quick Scan - Fast process scanning
   • Full Scan - Comprehensive system analysis
   • Real-Time Protection - Background monitoring
   • View Threat Database - Browse signatures
   • Quarantine Manager - Manage isolated files
   • Registry Scan - Check for persistence
   • Generate Report - Export scan results
   • Settings - Configure behavior

GUI Mode

1. Launch MalDestruct_GUI.exe

2. Navigate using the sidebar:

   • Dashboard: Monitor system status and statistics
   • Process Monitor: View and manage running processes
   • Threat Logs: Review detection history
   • Quarantine: Manage isolated threats
   • Settings: Configure protection settings
   • About: System information

3. Real-Time Protection: Toggle the green button on the dashboard

4. Quick Scan: Click "⚡ QUICK SCAN" for instant process analysis

5. System Tray: Minimize to tray for background protection

⚙️ Configuration

Edit maldestruct.conf:

[Scanning]
scan_interval=60
realtime_protection=true
behavior_analysis=true
auto_quarantine=true

[VirusTotal]
vt_enabled=true
vt_api_key=YOUR_API_KEY_HERE

[Alerts]
email_alerts=true
email_recipient[email protected]
webhook_alerts=true
webhook_url=https://your-webhook-url.com

🔐 Security Considerations

• Run as Administrator: Full functionality requires elevated privileges
• Whitelist Critical Processes: System processes are whitelisted by default
• VirusTotal API: Keep your API key secure
• Auto-Terminate: Use with caution; may affect system stability
• Quarantine Retention: Configure retention periods appropriately

📁 Project Structure

MalDestruct/
├── include/           # Header files
│   ├── ThreatDatabase.h
│   ├── DetectionEngine.h
│   ├── ResponseEngine.h
│   ├── Logger.h
│   └── Config.h
├── src/               # Implementation files
│   ├── ThreatDatabase.cpp
│   ├── DetectionEngine.cpp
│   ├── ResponseEngine.cpp
│   ├── Logger.cpp
│   ├── Config.cpp
│   └── main_console.cpp
├── gui/               # Qt GUI
│   ├── MainWindow.{h,cpp}
│   ├── DashboardWidget.{h,cpp}
│   ├── ProcessMonitorWidget.{h,cpp}
│   ├── ThreatLogsWidget.{h,cpp}
│   ├── QuarantineWidget.{h,cpp}
│   ├── SettingsWidget.{h,cpp}
│   ├── AboutWidget.{h,cpp}
│   └── main_gui.cpp
├── CMakeLists.txt     # Build configuration
├── maldestruct.conf.default
└── README.md

🛠️ Development

Adding Custom Signatures

MalDestruct::ThreatSignature customThreat = {
    L"CustomMalware",
    "Description of the threat",
    MalDestruct::ThreatType::RANSOMWARE,
    MalDestruct::ThreatLevel::CRITICAL,
    {L"malware.exe", L"badfile.exe"},  // Process names
    {"sha256hash1", "sha256hash2"},    // Hashes
    {},                                 // MD5 hashes
    {L"HKEY_...", L"HKEY_..."},        // Registry keys
    {L"C:\\Path\\To\\File"},           // File paths
    "CVE-XXXX-XXXXX",                  // CVE reference
    "Your Source",                      // Source
    "2025-01-01",                      // Date
    {"API1", "API2"}                   // Behavior patterns
};

ThreatDatabase::getInstance().addCustomSignature(customThreat);

📊 Performance

• Process Scanning: ~100-500 processes/second
• Hash Calculation: ~50-200 MB/second
• Memory Usage: ~50-150 MB (idle), ~200-500 MB (active scanning)
• CPU Usage: <5% (idle), 10-30% (active scanning)

🤝 Contributing

We welcome contributions! Please:

1. Fork the repository
2. Create a feature branch
3. Commit your changes
4. Push to the branch
5. Open a Pull Request

📜 License

This software is provided "as is" without warranty of any kind. Enterprise Edition - All Rights Reserved

🙏 Acknowledgments

• Threat Intelligence: CVE, OWASP, MalwareBazaar, CISA, Hybrid Analysis
• UI Framework: Qt Project
• Fonts: Orbitron, Rajdhani (Google Fonts)
• Icons: Material Design Icons

📞 Support

• Documentation: docs.maldestruct.io
• Issues: GitHub Issues
• Email: [email protected]

---

⚠️ Disclaimer: This tool is for educational and legitimate security purposes only. Users are responsible for compliance with applicable laws and regulations.

🛡️ Stay Protected. Stay Secure.