Discord-Malware-Detector icon indicating copy to clipboard operation
Discord-Malware-Detector copied to clipboard

Published 20 hours ago verified publisher icon Traumatism

Upgrade possibility

Open FssAy opened this issue 2 years ago • 1 comments

I know that this project wasn't supposed to be anything advanced, but with some little tweaks it could detect any stupid grabber that is based on reading *.ldb and *.log files (which is a majority).

For example, by using NTAPI it's possible to get all process' handles and look for disk file handles that are discord's *.ldb or *.log files. With python it can be too slow to check every unknown process, but as a "single focus detection mechanism" this method should work great. That's true that the malware needs to be ran, but with disabled network and VM it shouldn't be an issue.

I guess that could be easily done with psutil module, but I am not a Python programmer.

import psutil

TARGET = "shittygrabber.exe"

for proc in psutil.process_iter():
    if proc.name() == TARGET:
        print(proc.open_files())

FssAy avatar Oct 09 '21 10:10 FssAy

Yeah a dynamic analysis support could be a nice idea.

Ty ;)

Traumatism avatar Oct 09 '21 10:10 Traumatism