- If you have a folder of YARA signature files, you can specify it with the –yara option. Every new file will be scanned against these signatures with the results displayed in the output results.
- If you have a VirusTotal API, place it into a file named “virustotal.api” (or embed directly in the script) to auto-submit MD5 file hashes to VT to get the number of viral results.
- You can add lists of MD5s to auto-ignore (such as all of your system files). Use md5deep and throw them into a text file, use –hash to read them.
- You can automate the script for sandbox-usage. Using -t to automate execution time, and –cmd “path\exe” to specify a malware file, you can automatically run malware, copy the results off, and then revert to run a new sample.
- The –generalize feature will automatically substitute absolute paths with Windows environment paths for better IOC development.
Here is the link to DOWNLOAD.
Latest posts by William Fieldhouse (see all)
- A John McAfee-Backed ICO Exposed Thousands of Peoples Documents Due to Security Blunder - April 26, 2018
- Latest Hacking News Podcast #13 - April 17, 2018
- Latest Hacking News Podcast #12 - April 16, 2018