ThreatShield is a robust and extensible malware analysis platform designed for security professionals, malware researchers, and system administrators. It combines static and dynamic analysis techniques with machine learning to detect, analyze, and report malicious behavior across a wide range of file formats.
ThreatShield aims to simplify threat detection workflows while providing deep and explainable insights into suspicious files. Whether you are analyzing a Windows executable or a malicious macro in a document, ThreatShield delivers the tools you need.
ThreatShield supports comprehensive analysis for a variety of file types, including:
- PE files: Windows executables and dynamic link libraries (
.exe,.dll) - PDF documents: Scans for embedded scripts, suspicious objects, JavaScript, and obfuscation
- Microsoft Office files: Analyzes
.doc,.docx,.xls,.xlsx,.ppt, and.pptxfor macros, scripts, and exploits - Scripts: Includes JavaScript (
.js), Python (.py), VBScript (.vbs), and batch files (.bat) - Android packages: Analyzes APK files for permissions, components, and potential malicious behavior
- Archives: Supports
.zip,.rar, and.7zfor unpacking and recursively analyzing contents - Text and configuration files: Analyzes
.json,.xml, and other text formats for embedded indicators
ThreatShield performs deep inspection of files without execution. Key static analysis capabilities include:
- Header and metadata inspection
- Disassembly and string extraction
- Macro and embedded object detection
- Entropy and obfuscation scoring
- Signature-based rule matching (YARA, ClamAV, etc.)
Dynamic or behavioral analysis is performed in a controlled sandbox environment, capturing real-time interactions and changes.
Machine learning models are integrated to:
- Classify files as benign, suspicious, or malicious
- Detect known malware families based on behavioral patterns
- Cluster similar threats for correlation and pattern discovery
- Provide contextual explanations for anomalies
An integrated natural language assistant enables users to:
- Ask questions about a file’s behavior and components
- Query definitions of suspicious activities
- Receive guided summaries of analysis results
ThreatShield supports hands-free interaction through voice commands, ideal for accessibility or multitasking in operational environments.
Analysis results are compiled into structured reports, featuring all results that can be exported as professional PDF reports for documentation, audits, or sharing with stakeholders.
ThreatShield includes a powerful CLI tool for streamlined malware analysis directly from the terminal. Key commands include:
malware-detect <filename>: Scans a specified file for malware and outputs a detailed report in the terminal.malware-detect: Launches a user-friendly UI for interactive malware analysis.malware-detect --threatshield: Opens the ThreatShield web interface in the default browser for full platform access.
- Download the .exe file from here
- Place the Downloaded exe file in a desired Folder.
- Add the Path of the Folder to the System Environment Variables and then the CLI tool is good to go.
| Category | Technologies |
|---|---|
| Framework |   |
| Language |   |
| Libraries |          |
threatshield/
├── backend/
│ ├── app.py
│ ├── model.py
│ ├── chat.py
│ ├── report.py
│ ├── pdf_models/
│ └── ...
│
├── frontend/
│ ├── app/
│ ├── components/
│ ├── lib/
│ └── public/
│
├── cli_tool/
│ ├── malware_detector/
│ │ ├── __init__.py
│ │ ├── cli.py
│ │ ├── malware_detector.py
│ │ └── ui.py
│ ├── setup.py
│ └── README.md
- Kavya Rambhia - GitHub Profile
- Dhruv Panchal - GitHub Profile
- Swayam Shah - GitHub Profile
- Viraj Vora - GitHub Profile