HawkEye是一款基于frida.re框架的恶意软件动态检测工具

HawkEye是一款基于frida.re框架的恶意软件动态检测工具

HawkEye

HawkEye is a malware dynamic instrumentation tool based on frida.re framework. It will hook common functions to log malware activities and output the results in a nice web page report.

This is not a sandbox so please use it in a safe sandboxed environment.

Installation

Install the prerequisites

pip install fridapip install psutil

Clone this repository

git clone https://github.com/N1ght-W0lf/HawkEye.git

Usage

usage: HawkEye.py [-h] [--path PATH] [--pid PID]optional arguments: -h, --help show this help message and exit --path PATH File path --pid PID Process PID

HawkEye runs in 2 modes:

spawn a malware sample in a new process given its path.hook a running process given its PID.

Hooked Functions

Processes:

CreateProcessInternalWOpenProcessVirtualAllocEx

Files:

CreateFileWriteFileMoveFileCopyFileDeleteFile

Registry:

RegCreateKeyRegOpenKeyRegQueryValueExRegSetValueExRegDeleteValue

Network:

InternetOpenUrlGetAddrInfo

General:

LoadLibraryGetProcAddressCreateMutex

Example Report

I've also uploaded a video for a full report from analysis to final results.

https://youtube.com/watch?v=DnCj2Dt6OcE

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。