- Currently I've only added my very crude scripts from a few years ago, which startup/shutdown a VM and yank results to the host box.
- Haven't added the tools yet for actually extracting the information from the running (live) malware samples (some of them being proprietry).
- Havne't added the code that analyses the data offline yet either
- None of the above has been run in a long time :D
- VBox needs to be setup with a guest OS, and a snapshot taken. I called my vm "goat"
- the guest bat file should be put in the startup folder in the program files dir, eg "C:\Documents and Settings\Administrator\Start Menu\Programs\Startup"
- A directory structure like this was used....
D:\VBOX\
- host.py
- Results\ ---> host copies final results to here
- Samples\ ---> host copies samples from here, into guest's waiting directory
- vbox_share_infectable\
- collections\ ---> guest puts zipped results in here
- Samples\ ---> guest waits for sample.exe in here
final results of malware analysis goes into the VBOX\Results dir samples that are to be run are put in the VBOX\Samples dir
host.py: restart's VM, and clears files from previous run copies a sample from VBOX\Samples to VBOX\vbox_share_infectable\sample.exe sleeps for a while grabs results.zip from VBOX\vbox_share_infectable\collections moves it to VBOX\Results\original_sample_name.zip loops
guest.bat waits for sample.exe to appear in vboxshare\Samples executes it does magical analysis - should put results in vboxshare\collections\results.zip