From 966a964e93ab3159f98b493524a0bfd2bd3531bd Mon Sep 17 00:00:00 2001 From: Boran Date: Sun, 21 Jun 2026 01:13:26 +0300 Subject: [PATCH] docs: document static risk score --- README.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/README.md b/README.md index 181e9c3..b51665b 100644 --- a/README.md +++ b/README.md @@ -32,6 +32,27 @@ The project currently operates through a command-line interface. Static analysis * Static analysis TXT report output * Static analysis JSON report output +### Static Risk Score + +Static analysis calculates an overall risk score by combining suspicious API severity levels and section entropy risk levels. + +The score is heuristic and does not prove that a file is malicious. It is used to prioritize files that may need deeper manual review. + +Risk levels: + +| Score Range | Risk Level | +| ----------- | ---------- | +| 0 - 19 | Low | +| 20 - 49 | Medium | +| 50 - 100 | High | + +TXT reports include: + +```text +Overall Risk +Risk Score: 39 +Risk Level: Medium + ### Experimental Dynamic Analysis * Starts the target executable with the Windows Debugging API