search

alexandreborges / malwoverview

Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, InQuest and it is able to scan Android devices against VT.
https://github.com/alexandreborges/malwoverview
GNU General Public License v3.0
2.93k stars 444 forks source link

Malwoverview commands on memory dump files. #26

Closed Atharva-Marathe closed 3 years ago

Atharva-Marathe commented 3 years ago

While trying to execute malwoverview command on memorydump i.e .mem files the command to export to virus total doesnt seems to work. Is there a way out such that the processes in a memory dump could be analyzed and exported to virus total or malshare? malwoverview1 malwoverview2

alexandreborges commented 3 years ago

Atharva-Marathe,

Good afternoon.

Options from Malwoverview are not focused on memory images, but only on PE Format files, ELF and so on. I'm planning to write a plugin for Volatility to interact with Malwoverview and perform exactly these steps you've mentioned in the message. For now, the issue is my short time, but I'll try to reserve some time to do it.

Have an excellent day.

PS: by the way, if you want to, so update your malwoverview version using "pip3.9 install -U malwoverview" because the current version is 4.3.5.