Message Image

Skip main navigation (Press Enter).

Content & Malware Analysis

View Only

Back to discussions

Expand all | Collapse all

Detonation of more than one file

Jakub BanaszekJan 27, 2020 07:53 AM

Hi Team, I have a question: It is possible to detonate more than one file for example i have a ...

Gunnar HahlwegJan 29, 2020 04:25 AM

Hi, the later versions of CASMA have a plugin called "ghost_user_with_unpacker.py" which should do ...

1. Detonation of more than one file

1 Recommend
Jakub Banaszek
Posted Jan 27, 2020 07:53 AM

Reply Reply Privately
Hi Team,

I have a question: It is possible to detonate more than one file for example i have a folder with one .exe file and .dll + some folders with static files (pdf, words) - .exe program use all this files

My question is that is it possible to push it all to CAS, as a ZIP and run .exe file to analyze behavior? What i have to write in Execution Arguments (Advanced Options)?
2. RE: Detonation of more than one file

0 Recommend
Broadcom Knight

Gunnar Hahlweg
Posted Jan 29, 2020 04:25 AM

Reply Reply Privately
Hi,

the later versions of CASMA have a plugin called "ghost_user_with_unpacker.py" which should do exactly that.

Quick test on my machine seems to confirm - zip is unpacked to c:\windows\temp\archive_unpacker\ and the (first) exe is started. I didn't add any additional execution arguments.

Give it a shot. Maybe you can adapt that python script to your needs if needed.

BR!

Gunnar

Copyright 2019. All rights reserved.

Powered by Higher Logic