Projects / Malheur


Malheur is a tool for the automatic analysis of malware behavior (program behavior recorded from malicious software in a sandbox environment). It is designed to support the regular analysis of malicious software and the development of detection and defense measures. It allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes. It can be applied to recorded program behavior of various formats as long as monitored events are separated by delimiter symbols, e.g. as in reports generated by the popular malware sandboxes CWSandbox, Anubis, Norman Sandbox, and Joebox.

Operating Systems

Recent releases

  •  25 Dec 2013 12:22

    Release Notes: Support for the new version of libarchive has been added. Minor bugs have been fixed.

    •  27 Dec 2012 13:31

      Release Notes: The tool's persistent state is stored in the local state directory for better maintenance. Several minor bugs have been fixed.

      •  29 Aug 2011 07:49

        Release Notes: Another major bug due to libconfig changes has been fixed.

        •  24 Aug 2011 15:34

          Release Notes: A major bug in the parsing of configuration files has been fixed.

          •  19 Apr 2011 09:51

            Release Notes: All configuration parameters can be specified on the command line. The manual page and documentation have been updated and extended. Minor bugs have been fixed.


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.