DEV Community

Scidrow666
Scidrow666

Posted on

How I built a lightweight standalone behavioral anti-stealer to protect my Windows environment

How it works:
Zero-Signature Behavioral Analysis: It doesn't look for known malware hashes. It monitors the behavior of running processes on the hardware level.
Multi-Threaded Customs Officer: Inspects all active LISTEN/ESTABLISHED network connections every 5 seconds in a background thread.
Parent PID Validation: Traces process lineage back to its roots. If a system process (like smartscreen.exe) is spawned by an unverified binary inside Temp/AppData/Downloads, it nukes the entire branch immediately to prevent process hollowing.
Cryptographic Caching: Dynamically verifies binary integrity via SHA-256 to stop whitelist name-spoofing.
DPAPI & Tdata Interception: Monitors unauthorized file descriptor access targeting Chrome's "Login Data" and Telegram's session paths.
Anti-Sleep Countermeasure: Catches delayed-execution malware by analyzing zeroed CPU execution runtimes.
How to deployment:
For Professionals (.py): Review the clean, fully transparent Python source code in Notepad. No hidden backdoors. Requires pip install psutil.
For Casual Users (.exe): Download the standalone pre-compiled executable from the Releases page—no Python installation required.

Top comments (0)