ViperMonkey | VBA parser and emulation engine | Reverse Engineering library

 by   decalage2 Python Version: Current License: No License

X-RayKey FeaturesCode SnippetsCommunity Discussions(1)VulnerabilitiesInstallSupport

kandi X-RAY | ViperMonkey Summary

kandi X-RAY | ViperMonkey Summary

ViperMonkey is a Python library typically used in Utilities, Reverse Engineering applications. ViperMonkey has no bugs, it has no vulnerabilities, it has build file available and it has medium support. You can download it from GitHub.

ViperMonkey is a VBA Emulation engine written in Python, designed to analyze and deobfuscate malicious VBA Macros contained in Microsoft Office files (Word, Excel, PowerPoint, Publisher, etc). See the article "[Using VBA Emulation to Analyze Obfuscated Macros] for real-life examples of malware deobfucation with ViperMonkey. ViperMonkey was also demonstrated at the Black Hat Europe 2019 conference: see the [slides] and [video] (at 18:38). ViperMonkey was created by [Philippe Lagadec] in 2015-2016, and the project is maintained in the repository Since November 2017, most of the development is done by [Kirk Sayre] and other contributors in the repository The main repository is synchronised regularly, but cutting edge improvements are usually available first in Kirk’s version. Quick links: [Report Issues/Suggestions/Questions] - [Contact the Author] - [Repository] - [Updates on Twitter] - [API Tutorial] docs/APITutorial.md).
Support
    Quality
      Security
        License
          Reuse

            kandi-support Support

              ViperMonkey has a medium active ecosystem.
              It has 950 star(s) with 188 fork(s). There are 66 watchers for this library.
              OutlinedDot
              It had no major release in the last 6 months.
              There are 69 open issues and 24 have been closed. On average issues are closed in 108 days. There are 4 open pull requests and 0 closed requests.
              It has a neutral sentiment in the developer community.
              The latest version of ViperMonkey is current.

            kandi-Quality Quality

              ViperMonkey has 0 bugs and 0 code smells.

            kandi-Security Security

              ViperMonkey has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
              ViperMonkey code analysis shows 0 unresolved vulnerabilities.
              There are 0 security hotspots that need review.

            kandi-License License

              ViperMonkey does not have a standard license declared.
              Check the repository for any license declaration and review the terms closely.
              OutlinedDot
              Without a license, all rights are reserved, and you cannot use the library in your applications.

            kandi-Reuse Reuse

              ViperMonkey releases are not available. You will need to build from source code and install.
              Build file is available. You can build the component from source.
              Installation instructions, examples and code snippets are available.

            Top functions reviewed by kandi - BETA

            kandi has reviewed ViperMonkey and discovered the below as its top functions. This is intended to give you an instant insight into ViperMonkey implemented functionality, and help decide if they suit your requirements.
            • Fix problematic code .
            • Strip unused variables .
            • Evaluate an expression .
            • Fixes VBA code .
            • Decode VBA code .
            • Set the value of a variable .
            • Read payloads from payload .
            • Create a context of the engine .
            • Extract OLE text values from a file object .
            • Get the values for each variable .
            Get all kandi verified functions for this library.

            ViperMonkey Key Features

            No Key Features are available at this moment for ViperMonkey.

            ViperMonkey Examples and Code Snippets

            No Code Snippets are available at this moment for ViperMonkey.

            Community Discussions

            Trending Discussions on ViperMonkey

            Building a manual sandbox for malware analysis

            QUESTION

            Building a manual sandbox for malware analysis
            Asked 2017-Mar-29 at 08:18

            I want to build a manual sandbox to analyze malwares on Windows systems. I mean a manual environment, not something automated like Cuckoo Sandbox.

            There are many tools and I selected some of them, but I can't really see if each of this tool is worth it or not. Can you say me what you think and if these tools are useful for my sandbox?

            First I consider some of them are unavoidables like IDA, winDBG, Wireshark, npcap, an HTTP Proxy like Fiddler, the Sysinternals suite, Volatility, maybe Foremost.

            Then there are others tools I never really tried but which seems to be interesting. About static analysis, I have spotted the following tools and I would like to have an eventual feedback about it : Log-MD (a tool which look at the system using advanced Windows audit policies), Cerbero Profiler, Pestudio, Unpacker (it seems it is an automated tool to unpack binaries, seems faster but I am bit skeptical but I'm not a RE specialist, if you know this tool...), oledump.py by Didier Stevens (to identify various elements like heuristic patterns, IP, strings)...

            About dynamic analysis, I noted Hook Analyzer (statically analyze elements with heuristic patterns and allow you to hook applications), Malheur (detect "malicious behavior"), ViperMonkey (detect VBA macro in Microsoft Office documents and emulate their behavior.

            Do you have any recommandations about my setup and tools I could have forgotten? I want to analyze classic malicious elements (PE, PDF, various scripts, Office documents, ...).

            About malware evasion, is there a risk a malware refuse to be analyzed while detecting RE and analysis tools?

            Finally should I use Internet in the sandbox? Most of malwares today use C&C server and I see that some sandboxes are built with simulators like iNetSim but since the connection is not real, will I lost some information?

            Thank's!

            ...

            ANSWER

            Answered 2017-Mar-29 at 08:18

            You might want to consider the SEE framework to build your analysis platform.

            Its plugins based design will allow you to integrate scanning tools in a pretty flexible manner.

            Bear in mind that lots of malware inspect the execution environment and, if any RE tool will be spotted, will refuse to run.

            For what concerns the Internet connection, it depends on how much information you want to gather. It is indeed true that lots of malware communicate with C&C nowadays, yet they must ensure their persistence on the target machine.

            Therefore, the injection mechanism will still be executed even if Internet connection is absent. My 2 cents on the matter is to run without Internet by default and activate it only when necessary.

            Source https://stackoverflow.com/questions/43073900

            Community Discussions, Code Snippets contain sources that include Stack Exchange Network

            Vulnerabilities

            No vulnerabilities reported

            Install ViperMonkey

            dockermonkey.sh wil automatically pull down a preconfigured docker container, update ViperMonkey to the latest version in the container, and then analyze MYFILE by running ViperMonkey in the container. No other packages or configuration will need to be performed. For information on using dockermonkey.sh run docker/dockermonkey.sh -h. For performance reasons, it is highly recommended to use PyPy (5x faster), but it is also possible to run Vipermonkey with the normal Python interpreter (CPython) if you cannot use PyPy.
            Install docker.
            Run docker/dockermonkey.sh MYFILE to analyze file MYFILE.
            If PyPy is not installed on your system, see http://pypy.org/download.html and download PyPy 2.7. (not 3.x)
            Check if pip is installed for pypy: run pypy -m pip
            If pip is not installed yet, run pypy -m ensurepip on Windows, or sudo -H pypy -m ensurepip on Linux/Mac
            Make sure pip is up-to-date, by running pypy -m pip install -U pip
            Download the archive from the repository: https://github.com/decalage2/ViperMonkey/archive/master.zip
            Extract it in the folder of your choice, and open a shell/cmd window in that folder.
            Under Ubuntu install pypy-dev (sudo apt-get install pypy-dev).
            Install dependencies by running pypy -m pip install -U -r requirements.txt on Windows, or sudo -H pypy -m pip install -U -r requirements.txt on Linux/Mac
            Check that Vipermonkey runs without error: pypy vmonkey.py
            Make sure you have the latest Python 2.7 installed: https://www.python.org/downloads/
            If you have both Python 2 and 3 versions installed, use pip2 instead of pip in the following commands, to install in Python 2 and not 3.
            Make sure pip is up-to-date, by running pip install -U pip
            Use pip to download and install vipermonkey with all its dependencies, by running the following command on Windows:
            Check that Vipermonkey runs without error: open a shell/cmd window in any directory, an simply run vmonkey

            Support

            This is a personal open-source project, developed on my spare time. Any contribution, suggestion, feedback or bug report is welcome. To suggest improvements, report a bug or any issue, please use the [issue reporting page](https://github.com/decalage2/ViperMonkey/issues), providing all the information and files to reproduce the problem. You may also [contact the author](http://decalage.info/contact) directly to provide feedback. The code is available in [a GitHub repository](https://github.com/decalage2/ViperMonkey). You may use it to submit enhancements using forks and pull requests.
            Find more information at:

            Reuse Trending Solutions

            build-a-realtime-voice-to-image-generator-using-generative-ai
            build-a-realtime-voice-to-image-generator-using-generative-ai
            Build a Realtime Voice-to-Image Generator using Generative AI
            image-resizing-using-opencv-in-python
            image-resizing-using-opencv-in-python
            Image Resizing using OpenCV in Python
            build-your-own-gpt4all-content-generator
            build-your-own-gpt4all-content-generator
            Build your own Custom GPT Content Generator (Open-Source ChatGPT Alternative)
            validate-an-email-address-in-javascript
            validate-an-email-address-in-javascript
            How to Validate an Email Address in JavaScript
            age-calculator-using-javascript
            age-calculator-using-javascript
            Age Calculator using JavaScript
            addressing-bias-in-ai---toolkit-for-fairness,-explainability-and-privacy
            addressing-bias-in-ai---toolkit-for-fairness,-explainability-and-privacy
            Addressing Bias in AI - Toolkit for Fairness, Explainability and Privacy
            javascript-node-js-payment-processing
            javascript-node-js-payment-processing
            15 best JavaScript Node.js Payment libraries
            build-credit-risk-predictor-using-federated-learning
            build-credit-risk-predictor-using-federated-learning
            Build Credit Risk predictor using Federated Learning
            top-10-javascript-tours-and-guides-libraries-in-2023
            top-10-javascript-tours-and-guides-libraries-in-2023
            10 Best JavaScript Tours and Guides Libraries in 2023
            disease-predictor
            disease-predictor
            Disease Predictor using Pandas & Scikit
            python-face-recognition
            python-face-recognition
            28 best Python Face Recognition libraries

            Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items

            Find more libraries
            CLONE
          • HTTPS

            https://github.com/decalage2/ViperMonkey.git

          • CLI

            gh repo clone decalage2/ViperMonkey

          • sshUrl

            git@github.com:decalage2/ViperMonkey.git

            • Stay Updated

            Subscribe to our newsletter for trending solutions and developer bootcamps

            Agree to Sign up and Terms & Conditions

            Share this Page

            share link

            Explore Related Topics

            Reverse EngineeringUtilities

            Reuse Utilities Kits

            Dictionary App
            File Management System
            Barcode Reader
            10 best C# Build Tools libraries
            Triple_trouble Kit
            See all related Kits

            Consider Popular Reverse Engineering Libraries

            ghidra

            by NationalSecurityAgency

            radare2

            by radareorg

            ILSpy

            by icsharpcode

            bytecode-viewer

            by Konloch

            ImHex

            by WerWolv

            See all Reverse Engineering Libraries

            Try Top Libraries by decalage2

            oletools

            by decalage2Python

            olefile

            by decalage2Python

            oledump-contrib

            by decalage2Python

            exefilter

            by decalage2Python

            pyhtgen

            by decalage2HTML

            See all Learning Libraries

            Open Weaver – Develop Applications Faster with Open Source

            kandi

            Community and Support

            Company

            Follow

            • © 2023 Open Weaver Inc.