BlogNews

Simple IOC and Incident Response Scanner

This will create a loki.exe in the subfolder ./loki/dist.

To include the msvcr100.dll to improve the target os compatibility change the line in the file ./loki/loki.specthat contains a.binaries, to the following:

a.binaries + [('msvcr100.dll', 'C:\Windows\System32\msvcr100.dll', 'BINARY')],
  • Download Yara sources from here
  • Change to folder yara-python
  • Run python setup.py install
  • Also install the requirement mentioned above by sudo pip install colorama

The compiled scanner may be detected by antivirus engines. This is caused by the fact that the scanner is a compiled Python script that implement some file system and process scanning features that are also used in compiled malware code.

If you don’t trust the compiled executable, please compile it yourself.

Loki – Simple IOC Scanner Copyright (c) 2015 Florian Roth

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/


Source link

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button