docker_monkey.sh: shell script that lets you run ViperMonkey in a preconfigured Docker container without installing ViperMonkey. The Docker container is automatically pulled down, ViperMonkey is updated to the latest version, networking is turned off, and then the given sample is analyzed.
To significantly speed up the emulation of long running loops I added functionality for converting VBA loops into raw python, which is then eval'ed to get the loop behavior. This leads to a massive speedup (in some cases reducing the analysis time from 8 hours to under 10 minutes).
ViperMonkey now tracks shellcode bytes that are injected into processes and reports the byte values back as an analysis result. These bytes can then be written to a binary file and analyzed with a shell code emulator to grab more IOCs.
ViperMonkey now extracts PE files embedded in Office 97 and 2007 files and includes them as dropped artifacts in the analysis results.
Main improvements in this PR: