Vba2graph - Generate Telephone Telephone Graphs From Vba Code, For Easier Analysis Of Malicious Documents
Tuesday, September 24, 2019
Edit
Vba2graph - Generate Telephone Telephone Graphs From Vba Code, For Easier Analysis Of Malicious Documents - Hi friends mederc, In the article that you read this time with the title Vba2graph - Generate Telephone Telephone Graphs From Vba Code, For Easier Analysis Of Malicious Documents, We have prepared this article well for you to read and retrieve information from it. hopefully fill the posts
Article Analysis,
Article Linux,
Article Malicious Macro,
Article Malware Analysis,
Article Malware Detection,
Article Python,
Article Vba2Graph, we write this you can understand. Alright, happy reading.
Title : Vba2graph - Generate Telephone Telephone Graphs From Vba Code, For Easier Analysis Of Malicious Documents
link : Vba2graph - Generate Telephone Telephone Graphs From Vba Code, For Easier Analysis Of Malicious Documents
Features
Pros
Cons
Examples
Example 1:
Trickbot downloader - utilizes object Resize number every bit initial trigger, followed yesteryear TextBox_Change triggers.
Example 2:
Check out the Examples folder for to a greater extent than cases.
Installation
Install oletools:
Install Python Requirements
Install Graphviz
Windows
Install Graphviz msi:
Add "dot.exe" to PATH env variable or just:
Mac
Ubuntu
Arch
Usage
Usage Examples (All Platforms)
Only Python ii is supported:
Output
You'll become iv folders inwards your output folder:
Batch Processing
Mac/Linux:
batch.sh script file is attached for running olevba in addition to vba2graph on an input folder of malicious docs.
Deletes output dir. job alongside caution.
You are now reading the article Vba2graph - Generate Telephone Telephone Graphs From Vba Code, For Easier Analysis Of Malicious Documents with the link address https://mederc.blogspot.com/2019/09/vba2graph-generate-telephone-telephone.html
Title : Vba2graph - Generate Telephone Telephone Graphs From Vba Code, For Easier Analysis Of Malicious Documents
link : Vba2graph - Generate Telephone Telephone Graphs From Vba Code, For Easier Analysis Of Malicious Documents
Vba2graph - Generate Telephone Telephone Graphs From Vba Code, For Easier Analysis Of Malicious Documents
H5N1 tool for safety researchers, who waste product their fourth dimension analyzing malicious Office macros.
Generates a VBA telephone yell upward graph, alongside potential malicious keywords highlighted.
Allows for quick analysis of malicous macros, in addition to slowly agreement of the execution flow.
Features
- Keyword highlighting
- VBA Properties support
- External business office declarion support
- Tricky macros alongside "_Change" execution triggers
- Fancy color schemes!
Pros
- Pretty fast
- Works good on nearly malicious macros observed inwards the wild
Cons
- Static (dynamicaly resolved calls would non survive recognized)
Examples
Example 1:
Trickbot downloader - utilizes object Resize number every bit initial trigger, followed yesteryear TextBox_Change triggers.
Example 2:
Check out the Examples folder for to a greater extent than cases.
Installation
Install oletools:
https://github.com/decalage2/oletools/wiki/InstallInstall Python Requirements
pip2 install -r requirements.txtInstall Graphviz
Windows
Install Graphviz msi:
https://graphviz.gitlab.io/_pages/Download/Download_windows.htmlset PATH=%PATH%;C:\Program Files (x86)\Graphviz2.38\binMac
brew install graphvizUbuntu
sudo apt-get install graphvizArch
sudo pacman -S graphvizUsage
usage: vba2graph.py [-h] [-o OUTPUT] [-c {0,1,2,3}] (-i INPUT | -f FILE) optional arguments: -h, --help demo this attention message in addition to boot the bucket -o OUTPUT, --output OUTPUT output folder (default: "output") -c {0,1,2,3}, --colors {0,1,2,3} color system number [0, 1, 2, 3] (default: 0 - B&W) -i INPUT, --input INPUT olevba generated file or .bas file -f FILE, --file FILE Office file alongside macrosUsage Examples (All Platforms)
Only Python ii is supported:
# Generate telephone yell upward graph straight from an Office file alongside macros [tnx @doomedraven] python2 vba2graph.py -f malicious.doc -c ii # Generate vba code using olevba hence piping it to vba2graph olevba malicious.doc | python2 vba2graph.py -c 1 # Generate telephone yell upward graph from VBA code python2 vba2graph.py -i vba_code.bas -o output_folderOutput
You'll become iv folders inwards your output folder:
- png: the actual graph icon yous are looking for
- svg: same graph image, simply inwards vector graphics
- dot: the point file which was used to exercise the graph image
- bas: the VBA functions code that was recognized yesteryear the script (for debugging)
Batch Processing
Mac/Linux:
batch.sh script file is attached for running olevba in addition to vba2graph on an input folder of malicious docs.
Deletes output dir. job alongside caution.
Thus the article Vba2graph - Generate Telephone Telephone Graphs From Vba Code, For Easier Analysis Of Malicious Documents
That's all the article Vba2graph - Generate Telephone Telephone Graphs From Vba Code, For Easier Analysis Of Malicious Documents this time, hopefully can benefit you all. okay, see you in another article posting.
You are now reading the article Vba2graph - Generate Telephone Telephone Graphs From Vba Code, For Easier Analysis Of Malicious Documents with the link address https://mederc.blogspot.com/2019/09/vba2graph-generate-telephone-telephone.html