ThreatCheck.sh is a web-based threat intelligence platform that decodes Windows Defender threat names and provides comprehensive analysis of malware detections.
The tool combines CARO threat name parsing, Windows Defender VDM file analysis, YARA rule generation, and AI-powered threat summaries to help security researchers, malware analysts, and developers understand what Windows Defender detected and why.
This project is made possible by outstanding open-source security research:
Core VDM file parsing and threat string extraction engine. Enables deep analysis of Windows Defender definition files to reveal the exact detection signatures.
Converts Windows Defender signatures into portable YARA rules for cross-platform threat detection across different security tools.
Recent malware samples from MalwareBazaar are continuously analyzed and their threat signatures are fed into the database, keeping ThreatCheck.sh up-to-date with the latest malware intelligence.
Threat names are parsed using CARO standards to extract malware type, platform, family, variant, and detection method.
Windows Defender definition files are searched to extract the exact static detection strings that triggered the alert.
Defender signatures are converted into portable YARA rules for use with other security tools.
Threat data is analyzed to generate summaries, assess severity, and provide actionable remediation steps.
⚠ Disclaimer: ThreatCheck.sh is an independent research tool and is not affiliated with or endorsed by Microsoft Corporation. Analysis results are provided for educational and research purposes only. Always verify critical security decisions with multiple authoritative sources.