Skip to content
/ prefetch-vt-analyzer Public

Checks if prefetch files are loading known malicious items by querying VirusTotal with the items hash.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jppdpf/prefetch-vt-analyzer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
.gitignore
.gitignore
 
 
README.md
README.md
 
 
run_prefetch_vt_analyzer.py
run_prefetch_vt_analyzer.py
 
 
setup.py
setup.py
 
 

Repository files navigation

Prefetch Resources Analyzer

Checks if prefetch files are loading known malicious items by querying VirusTotal with the items hash.

Proof Of Concept Mode

PoC is good for PoC or a trial VirusTotal API key.

This queries the first three resources from the prefetch files. Plus one already known malicious dll hash value to mock a malicious finding.

Run

Needs

  • A VirusTotal API KEY.

Insert VirusTotal API Key

Open the run_prefetch_vt_analyzer.py file. Replace "None" with your API key, in string format.

Line 22: VIRUS_TOTAL_API_KEY = None

Save the file.

Install the requirements.

python setup.py install

Open a console with Administrator Privilege

python run_prefetch_vt_analyzer.py

Future work:

  • add command line arguments
  • performing concurrent requests
  • improve volume mapping

About

Checks if prefetch files are loading known malicious items by querying VirusTotal with the items hash.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages