Skip to content
/ wslink-vm-analyzer Public

WslinkVMAnalyzer is a tool to facilitate analysis of code protected by a virtual machine featured in Wslink malware

License

View license
45 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

eset/wslink-vm-analyzer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
examples
examples
 
 
slides
slides
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
WslinkVMAnalyzer.py
WslinkVMAnalyzer.py
 
 
setup.py
setup.py
 
 

Repository files navigation

WslinkVMAnalyzer

WslinkVMAnalyzer is a tool primarily developed to facilitate analysis of Wslink, which is a unique loader running as a server and executing received modules in-memory. This tool uses Miasm, an open source framework that provides us with a symbolic execution engine.

The tool and structure of the virtual machine is described in our blogpost.

Install

% pip3 install https://github.com/eset/wslink-vm-analyzer/archive/refs/heads/master.tar.gz

Example usage

In the examples directory, you will find a dump of the virtual machine and two Python scripts. The scripts output Graphviz DOT files (vma.dot) which can by converted to SVG or any other format supported by Graphviz.

(./examples) % python3 VM1.py
(./examples) % dot -Tsvg vma.dot -o vma.svg

About

WslinkVMAnalyzer is a tool to facilitate analysis of code protected by a virtual machine featured in Wslink malware

Topics

virtual-machine reverse-engineering malware deobfuscation miasm

Resources

Readme

License

View license
Activity
Custom properties

Stars

45 stars

Watchers

7 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages