search

mandiant / VM-Packages

Chocolatey packages supporting the analysis environment projects FLARE-VM & Commando VM.
Apache License 2.0
136 stars 62 forks source link

Package proposal: sclauncher.vm #886

Closed jstrosch closed 7 months ago

jstrosch commented 7 months ago

Package Name

sclauncher

Tool Name

SCLauncher

Package type

SINGLE_EXE

Is the tool a console application?

true

Tool's version number

0.0.3

Category

Utilities

Tool's authors

Josh Stroschein

Tool's description

A small program to load 32-bit shellcode and allow for execution or debugging. Can also output PE files from shellcode.

Download URL

https://github.com/jstrosch/sclauncher/releases/download/v0.0.3/sclauncher.exe

Download SHA256 Hash

0c716e23af2ada3955993b08aa233db54a671c0b2da68072a8ad5bb470d4a47b

Dependencies

No response

Why is this tool a good addition?

This tool combines several shellcode analysis capabilities, often found in disparate tools. It can not only provide a way to load shellcode into memory for debugging, but also produce PE files from the shellcode to be analyzed as normal PE files. This can be helpful for disassembly/debugging.

Ana06 commented 7 months ago

@jstrosch thanks for developing this tool and for sending the issue to propose its addition to VM-Packages/FLARE-VM! 👍 we need two separate PRs for the 64 and 32 bit versions (similarly as for blobrunner) . I have edited the issue info here (to leave only the url of the 32-bit version and adapt/short the tool's description) and our bot has already created a PR for the 32-bit version in https://github.com/mandiant/VM-Packages/pull/891 🎉

@jstrosch can you please create another issue for the 64 bit version? 😄

jstrosch commented 7 months ago

Hi @Ana06 - created a second PR at https://github.com/mandiant/VM-Packages/issues/893. Thanks for considering this, let me know if there is anything else!