- If you have a folder of YARA signature files, you can specify it with the –yara option. Every new file will be scanned against these signatures with the results displayed in the output results.
- If you have a VirusTotal API, place it into a file named “virustotal.api” (or embed directly in the script) to auto-submit MD5 file hashes to VT to get the number of viral results.
- You can add lists of MD5s to auto-ignore (such as all of your system files). Use md5deep and throw them into a text file, use –hash to read them.
- You can automate the script for sandbox-usage. Using -t to automate execution time, and –cmd “path\exe” to specify a malware file, you can automatically run malware, copy the results off, and then revert to run a new sample.
- The –generalize feature will automatically substitute absolute paths with Windows environment paths for better IOC development.
Here is the link to DOWNLOAD.