Checks if prefetch files are loading known malicious items by querying VirusTotal with the items hash.
PoC is good for PoC or a trial VirusTotal API key.
This queries the first three resources from the prefetch files. Plus one already known malicious dll hash value to mock a malicious finding.
- A VirusTotal API KEY.
Open the run_prefetch_vt_analyzer.py file. Replace "None" with your API key, in string format.
Line 22: VIRUS_TOTAL_API_KEY = None
Save the file.
python setup.py install
python run_prefetch_vt_analyzer.py
- add command line arguments
- performing concurrent requests
- improve volume mapping