Projects / Malheur


Malheur is a tool for the automatic analysis of malware behavior (program behavior recorded from malicious software in a sandbox environment). It is designed to support the regular analysis of malicious software and the development of detection and defense measures. It allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes. It can be applied to recorded program behavior of various formats as long as monitored events are separated by delimiter symbols, e.g. as in reports generated by the popular malware sandboxes CWSandbox, Anubis, Norman Sandbox, and Joebox.

Operating Systems

RSS Recent releases

  •  25 Dec 2013 13:08

    Release Notes: Support for the new version of libarchive has been added. Minor bugs have been fixed.

    •  27 Dec 2012 21:45

      Release Notes: The tool's persistent state is stored in the local state directory for better maintenance. Several minor bugs have been fixed.

      •  29 Aug 2011 09:10

        Release Notes: Another major bug due to libconfig changes has been fixed.

        •  24 Aug 2011 21:46

          Release Notes: A major bug in the parsing of configuration files has been fixed.

          •  19 Apr 2011 18:44

            Release Notes: All configuration parameters can be specified on the command line. The manual page and documentation have been updated and extended. Minor bugs have been fixed.


            Project Spotlight


            A JSON+C minifier.


            Project Spotlight


            An infrastructure manager.