decalage2 / ViperMonkey

A VBA parser and emulation engine to analyze malicious macros.
1.05k stars 186 forks source link

Can ViperMonkey be installed on Windows 10 Flare-VM? #88

Closed opticoax747 closed 4 years ago

opticoax747 commented 4 years ago

Can this be installed on Flare-VM and run from its Cygwin environment?

decalage2 commented 4 years ago

Well, I have not tested Flare-VM, but as long as it's based on Windows and includes Python, it should be possible to install ViperMonkey. There is no need to use Cygwin, ViperMonkey runs directly on Windows or Linux. However, to get the best performance, it is much better (5x faster) to run ViperMonkey on PyPy 2 instead of Python 2. So you would need to install PyPy 2 on FLARE-VM before ViperMonkey. Did you try to follow the install instructions from https://github.com/decalage2/ViperMonkey#download-and-install ? There is one thing I forgot to mention there: it's good to update pip itself before using it, by running pypy -m pip install -U pip - some people mentioned install issues when pip is not up-to-date. If you have install issues, please report the details so that I can check.

opticoax747 commented 4 years ago

I did the commands as required yesterday and it appeared to install properly, but when i ran the basic command"vmonkey" or "vmonkey.py"..they both errored out.

I will try to capture these...

opticoax747 commented 4 years ago

i got this to run by editing out the Italian characters on line 145 of vba_library.py and running it with py-2 vmonkey.py ...so forcing it to use python 2.7

Closing