Educational malware demonstrating Windows system enumeration via registry access and Windows APIs

Find a file

Marco 3f27df0724 Update README.md		2025-10-11 22:22:18 +02:00
img	enhance: add malware decision-making intelligence	2025-07-13 23:17:18 +02:00
src	enhance: add malware decision-making intelligence	2025-07-13 23:17:18 +02:00
.gitignore	add: analysis file	2025-07-13 23:22:16 +02:00
ANALYSIS.md	add: analysis file	2025-07-13 23:22:16 +02:00
README.md	Update README.md	2025-10-11 22:22:18 +02:00
system-gatherer.sln	initial commit	2025-07-12 22:27:49 +02:00

README.md

System Gatherer - Educational Malware Sample

Part of the Malware Analysis Learning Course - Challenge 1A

Educational demonstration of Windows system enumeration techniques commonly used by malware for initial reconnaissance.

⚠️ Educational Purpose Only

This code demonstrates system enumeration techniques for cybersecurity education in controlled environments.

Compilation & Usage

Requirements

Platform: Windows 10/11
Compiler: Visual Studio 2022 or MinGW-w64

Build Instructions

Visual Studio 2022:

start system-gatherer.sln

# Build in Release mode for analysis
Build → Configuration Manager → Release → Build Solution

Command Line (MinGW):

g++ -o system-gatherer.exe src/main.cpp -ladvapi32 -static

Safe Execution

./system-gatherer.exe

# Output saved to system_info.txt

📖 References & Further Reading

Practical Malware Analysis - Chapter 3: Dynamic Analysis
MITRE ATT&CK: System Information Discovery
Windows Registry Reference
Malware Analysis Bootcamp - System Enumeration Module

Analysis Reports (To-Do)

See ANALYSIS.md for detailed:

Static analysis with PE-bear and hex editors
Dynamic analysis with Process Monitor and debuggers
Network analysis with Wireshark (baseline establishment)
Professional malware analysis reporting format

🎓 Educational Note: This project demonstrates legitimate cybersecurity research methodology. Understanding attack techniques is essential for building effective defenses and developing security solutions.