Created
January 28, 2013 04:47
-
-
Save deadbits/4653142 to your computer and use it in GitHub Desktop.
example of using maz console to analyze and storage sample. ascii strings with offsets are also stored but not displayed back to you in the console because they would take up a lot of space. i need a way to make the AV results prettier too.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ams [~/Git/maz/bin] - [master] » ./console.rb | |
| Malware Analysis Zoo ::: interactive console | |
| https://github.com/ohdae/maz - MAZ (c) 2013 | |
| type 'help' to view all available commands. | |
| maz >> analyze /home/ams/maz/storage/samples/sample3.exe | |
| [*] starting analysis of sample: /home/ams/maz/storage/samples/sample3.exe | |
| [-] sample copied to storage directory: /home/ams/maz/samples/sample3_a1bbf8ab970131055d0f3c95001c9409/ | |
| [*] submitting to database ... | |
| [*] entry accepted for id: 5105fc16f2fdee2d71000001 | |
| [ Sample Information ] | |
| File Name: sample3.exe | |
| File Type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed | |
| File Size: 373338 | |
| Location: /home/ams/maz/storage/samples/sample3.exe | |
| Submitted: 2013-01-27 23:18:30 -0500 | |
| MD5 Hash: a1bbf8ab970131055d0f3c95001c9409 | |
| SHA1 Hash: 72796322544d0714a082da66263a9f1ce7ea39df | |
| [ ShadowServer Results ] | |
| First Seen: 2013-01-20 20:11:08 | |
| Last Seen: 2013-01-20 20:11:08 | |
| File Type: exe | |
| [ Anti-Virus ] | |
| "[\"AhnLab\", \"Trojan/Win32.Agent\"]" | |
| "[\"Avira\", \"WORM/Vobfus.yjkzra\"]" | |
| "[\"BitDefender\", \"Gen:Variant.Zusy.7768\"]" | |
| "[\"FSecure\", \"Suspicious:W32/Malware!Online\"]" | |
| "[\"Ikarus\", \"Trojan.Win32.FakeAV\"]" | |
| "[\"K7\", \"Trojan ( 003a20a61 )\"]" | |
| "[\"Norman\", \"W32/Troj_Generic.GUIBR\"]" | |
| "[\"Sunbelt\", \"Trojan.Win32.Generic!BT\"]" | |
| "[\"Symantec\", \"WS.Reputation.1\"]" | |
| "[\"VirusBlokAda\", \"Backdoor.ZAccess.bze\"]" | |
| maz >> help | |
| for full support, review the files in the 'docs' directory. | |
| :::General Commands::: | |
| help - display this menu | |
| report [html/txt] [sample] - generate report on [sample] | |
| search [type] [data] - query db for [md5/name] of [data] | |
| recent [count] - show [count] most recent submissions | |
| delete [sample md5] - remove [sample] from database completely | |
| stats - display database statistics | |
| clear - clears the console screen | |
| exit - shutdown the MAZ console | |
| :::Analysis Commands::: | |
| load [file/directory] - add [file] or [directory] to queue | |
| analyze [file] - analyze [file], report and submit to database | |
| cuckoo [sample] - spin up [sample] in Cuckoo instance | |
| anubis [sample] - submit [sample] to Anubis and get report | |
| vtotal [sample] - submit [sample] to VirusTotal and get report | |
| threatx [sample] - query ThreatExpert for [sample] | |
| maz >> exit | |
| [*] shutting down MAZ ... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment