Skip to content
/ Registry-Parser-to-find-BHO Public

Helps parsing logs of browser helper objects that indentify extensions installed by malware

3 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

hiteshd/Registry-Parser-to-find-BHO

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README
README
 
 
README.md
README.md
 
 
createdb.sql
createdb.sql
 
 
initdb.sql
initdb.sql
 
 
scan.py
scan.py
 
 

Repository files navigation

bho_parse

Helps parsing logs of browser helper objects that indentify extensions installed by malware

Documentation

This parser has been written in an effort to parse logs obtained from querying the browser registry. It creates tables for every browser(chrome/msie/firefox) and clusters them according to browser type and extension installed post infection

Before starting this script it would be necessary to run the following command

$ psql -d <your_db_name> -a -f initdb.sql

This will create a series of tables which will be populated later

Invoke scan.py as shown below

$ ./scan.py Usage: ./scan.py days msie/chrome/firefox/all

Example: ./scan.py 5 msie $

The program also does the following

  • Creates file sketchy.sql ; Can be used to populate a database with results
  • Creates file which has information regarding registry keys and corresponding Browser Helper Objects

Due to the nature of the farm it is likely that a log pair (i.e. Pre-infection+Post-infection+Pre-Browsing) may not exist. Such samples are exempted from parsing.

Other than that. Feel free to add/modify/delete anything you wish!

About

Helps parsing logs of browser helper objects that indentify extensions installed by malware

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages