Shane Doherty, South East Technological University

Dynamic malware analysis tool for Windows as a final year project

Equipped with features to hook into a Windows executable and provide deep information on the type in information it is accessing, along with modification tools at a low-level basis.


Maldive comes equipped with several features to help investigate the behaviour and inner workings of a program
x86 View and Modification
The x86 instruction set of a .exe file can be viewed and modified, allowing for the execution of altered programs to see how using different instructions changes its behaviour.
Virtual Memory Scanner The virtual memory space of a program can contain valuable towards analysing a program for malicious intent. Maldive investigates the virtual memory and extracts values and provides a feature to search through the space.
Network Sniffer The packets that are sent by the system can be viewed, showing if there is outbound traffic to an external source that could contain sensitive information.


The documents that were produced as part of this program are listed below.
Research Document
image Functional Specification
image Design Manual
image Project Report
image Technical Outline