search

decalage2 / ViperMonkey

A VBA parser and emulation engine to analyze malicious macros.
1.04k stars 185 forks source link

Install completes but errors out when trying to run "vmonkey" #89

Closed opticoax747 closed 4 years ago

opticoax747 commented 4 years ago

Installed requirements.txt with pip2

Installed vipermonkey as well with pip2

Cannot run vmonkey command without the following error

Installing on Windows 10 with Flare-VM build

Traceback (most recent call last): File "C:\Python37\Scripts\vmonkey-script.py", line 11, in load_entry_point('vipermonkey==0.8', 'console_scripts', 'vmonkey')() File "c:\python37\lib\site-packages\pkg_resources__init.py", line 487, in load_entry_point return get_distribution(dist).load_entry_point(group, name) File "c:\python37\lib\site-packages\pkg_resources__init.py", line 2728, in load_entry_point return ep.load() File "c:\python37\lib\site-packages\pkg_resources__init__.py", line 2346, in load return self.resolve() File "c:\python37\lib\site-packages\pkg_resources\init.py", line 2352, in resolve module = import__(self.module_name, fromlist=['name'], level=0) File "c:\python37\lib\site-packages\vipermonkey\init.py", line 3, in from vipermonkey.api import * File "c:\python37\lib\site-packages\vipermonkey\api.py", line 48, in from vipermonkey.core import deobfuscation File "c:\python37\lib\site-packages\vipermonkey\core\init__.py", line 100, in from logger import log ModuleNotFoundError: No module named 'logger'

decalage2 commented 4 years ago

For now ViperMonkey only runs on python 2, here it looks like you are trying to run it with Python 3.7. Make sure you are launching vmonkey.py with python2 (or py -2 on Windows).

opticoax747 commented 4 years ago

Flare-VM comes with both python 2.7 and python 3.

I installed using pip2 install -U -r requirements.txt, i will try the above to see if I can get it to run later this week and attach the results.

opticoax747 commented 4 years ago

Got a different error now.....

this is line 145 of the vba_library.py

            r = "giovedì 27 giugno 2019"

λ py -2 vmonkey.py Traceback (most recent call last): File "vmonkey.py", line 116, in import core.meta File "C:\Users\IEUser\Desktop\ViperMonkey-master\ViperMonkey-master\vipermonkey\core__init.py", line 104, in from function_defn_visitor import File "C:\Users\IEUser\Desktop\ViperMonkey-master\ViperMonkey-master\vipermonkey\core\function_defn_visitor.py", line 58, in from vipermonkey.core import File "C:\Users\IEUser\Desktop\ViperMonkey-master\ViperMonkey-master\vipermonkey\init.py", line 3, in from vipermonkey.api import * File "C:\Users\IEUser\Desktop\ViperMonkey-master\ViperMonkey-master\vipermonkey\api.py", line 48, in from vipermonkey.core import deobfuscation File "C:\Users\IEUser\Desktop\ViperMonkey-master\ViperMonkey-master\vipermonkey\core\init__.py", line 137, in from vba_library import * File "C:\Users\IEUser\Desktop\ViperMonkey-master\ViperMonkey-master\vipermonkey\core\vba_library.py", line 145 SyntaxError: Non-ASCII character '\xc3' in file C:\Users\IEUser\Desktop\ViperMonkey-master\ViperMonkey-master\vipermonkey\core\vba_library.py on line 145, but no encoding declared; see http://python.org/dev/peps/pep-0263/ for details

opticoax747 commented 4 years ago

Sir, I fixed this by deleting the "i" with an accent mark on line 145 of the vba_library.py. I am am able to run it now on Flare-VM with the command "py -2 vmonkey.py"

Thanks for your assistance on this.