Open-source polyglot malware detector for APE, Zig, and WASM. Detect cross-platform threats, cryptominers, and evasion techniques that bypass traditional antivirus.
Modern malware exploits polyglot files - binaries valid in multiple formats simultaneously - to evade traditional antivirus.
- APE (Actually Portable Executable): Single binary runs on Windows/Linux/macOS/BSD
- Zig Malware: Direct syscalls bypass EDR (Hell's Gate, Halo's Gate)
- WASM Cryptominers: 75% of WASM modules are malicious (CrowdStrike, 2024)
- 20/36 detectors bypassed by polyglots (Jana & Shmatikov, 2012)
- 90% evasion rate against VirusTotal for WASM (Cabrera-Arteaga, 2024)
No open-source tool detects APE + Zig + WASM together. PolyMorph fills this gap.
git clone https://github.com/xonoxitron/polymorph
cd polymorph
cargo build --release
# Scan a binary
./target/release/polymorph suspicious.exe
# JSON output
./target/release/polymorph --json malware.wasmSee examples/ directory:
basic_scan.rs- Simple file scanningbatch_scan.rs- Multiple file processing
Contributions welcome! See CONTRIBUTING.md
MIT License - see LICENSE
Made with ❤️ by the security community