aenoshrajora / Virus-Voyager

Unleashing the Power of Analysis: Virus Voyager, Your Ultimate Malware Solution

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool


Unleashing the Power of Analysis: VirusVoyager, Your Ultimate Malware Solution

You can get:

  • What DLL files are used.
  • Functions and APIs.
  • Sections and segments.
  • URLs, IP addresses and emails.
  • Android permissions.
  • File extensions and their names.
  • Embedded executables/exploits.
    And so on...

V1rus V0y1g3r aims to get even more information about suspicious files and helps user realize what that file is capable of.

V1rusV0y1g3r Can Analyze Currently

Files Analysis Type
Windows Executables (.exe, .dll, .msi, .bin) Static, Dynamic
Linux Executables (.elf, .bin) Static, Dynamic
MacOS Executables (mach-o) Static
Android Files (.apk, .jar, .dex) Static, Dynamic(for now .apk only)
Golang Binaries (Linux) Static
Document Files Static
Archive Files (.zip, .rar, .ace) Static
PCAP Files (.pcap) Static
Powershell Scripts Static
E-Mail Files (.eml) Static

Usage

python virusvoyager.py --file suspicious_file --analyze

Available On

kali-linux blackarch

Recommended Systems

  • Parrot OS
  • Kali Linux
  • Windows 10 or 11
  • Blackarch
    And also another Linux distributions that are designed for penetration testing

Setup and Installation


Necessary Dependencies:

  • Python 3.10 or higher versions.
  • VirusTotal API Key => Performing VirusTotal based analysis.
  • Strings => Necessary for static analysis.
  • Jadx => Performing source code and resource analysis.
  • PyOneNote => OneNote document analysis.
  • Mono => Performing .Net binary analysis.
# You can simply execute the following command it will do everything for you!
bash setup.sh

# If you want to install V1rusV0y1g3r on your system just execute the following commands.
bash setup.sh
python virusvoyager.py --install

# To prevent interpreter errors after installation, use dos2unix.
dos2unix /usr/bin/virusvoyager

Static Analysis

Normal analysis

Description: You can perform basic analysis and triage against your samples.

Usage: python virusvoyager.py --file suspicious_file --analyze

Resource analysis

Description: With this feature you can analyze assets of given file. Also you can detect and extract embedded payloads from malware samples such as AgentTesla, Formbook etc.

Effective Against:

  • .NET Executables
  • Android Files (.apk)

Usage: python virusvoyager.py --file suspicious_file --resource

Hash scan

Description: You can check if hash value of the given file is in built-in malware hash database. Also you can scan your directories with this feature.

Usage: python virusvoyager.py --file suspicious_file --hashscan

Folder scan

Supported Arguments:

  • --hashscan
  • --packer

Usage: python virusvoyager.py --folder FOLDER --hashscan

VirusTotal

Report Contents:

  • Threat Categories
  • Detections
  • CrowdSourced IDS Reports

Usage for --vtFile: python virusvoyager.py --file suspicious_file --vtFile

Document scan

Description: This feature can perform deep file inspection against given document files. For example: You can detect and extract possible malicious links or embedded exploits/payloads from your suspicious document file easily!

Effective Against:

  • Word Documents (.doc, .docm, .docx)
  • Excel Documents (.xls, .xlsm, .xlsx)
  • Portable Document Format (.pdf)
  • OneNote Documents (.one)
  • HTML Documents (.htm, .html)
  • Rich Text Format Documents (.rtf)

Usage: python virusvoyager.py --file suspicious_document --docs

Embedded File/Exploit Extraction

![

Archive File Scan

Description: With this feature you can perform checks for suspicious files against archive files.

Effective Against:

  • ZIP
  • RAR
  • ACE

Usage: python virusvoyager.py --file suspicious_archive_file --archive

File signature analyzer

Description: With this feature you can detect and extract embedded executable files(.exe, .elf) from given file. Also you can analyze large files (even 1gb or higher) and extract actual malware samples from them (pumped-file analysis).

Usage: python virusvoyager.py --file suspicious_file --sigcheck

File Carving

MITRE ATT&CK Technique Extraction

Description: This feature allows you to generate potential MITRE ATT&CK tables based on the import/export table or functions contained within the given file.

Effective Against:

  • Windows Executables

Usage: python virusvoyager.py --file suspicious_file --mitre

Programming language detection

Description: You can get programming language information from given file.

Usage: python virusvoyager.py --file suspicious_executable --lang

Interactive shell

Description: You can use virusvoyager in command line mode.

Usage: python virusvoyager.py --console

Dynamic Analysis

Android Application Analysis

Alert

You must connect a virtual device or physical device to your computer.


Usage: python virusvoyager.py --watch

Process Analysis


Usage: python virusvoyager.py --watch

About

Unleashing the Power of Analysis: Virus Voyager, Your Ultimate Malware Solution

License:GNU General Public License v3.0


Languages

Language:YARA 92.3%Language:Python 6.9%Language:Shell 0.5%Language:Batchfile 0.2%Language:PowerShell 0.1%Language:JavaScript 0.0%Language:Dockerfile 0.0%