npm package proposal: @electron/asar.vm

[Maijin]

Package Name

@electron/asar

Tool Name

@electron/asar

Package type

NODE

Version

3.2.17.20241205

Category

PE

Tool's authors

Electron Team

Tool's description

Decompress Asar Archive (Extract Electron App).

Dependencies

nodejs >=10.12.0

Why is this tool a good addition?

To extract/decompress malicious electron app PE.

Extra information

https://github.com/electron/asar

[thejoelpatrol]

Another perhaps simpler tool than can unpack asar files is this:

https://www.tc4shell.com/en/7zip/asar/

It might be easier to install that, but either way I'm glad to see there's an asar tool on the way

[d35ha]

Closing this one in favor of #1147.

[Ana06]

I think we should do it the other way arround as the history of this issue includes useful information. Closing #1147 and reopening this issue.

[Ana06]

@sara-rn would you like to take over this issue? @d35ha won't have time for it soon.

[sara-rn]

@mandiant/flare-vm we have to make a decision, the npm package https://github.com/electron/asar breaks: https://github.com/mandiant/VM-Packages/issues/1147#issuecomment-2408226341 the zip package from https://www.tc4shell.com/en/7zip/asar/ doesn't contain the version therefore an update would break the package. I also attempted to install https://github.com/electron/asar from releases, same error.

[Ana06]

@sara-rn what about ignoring the error using --loglevel=error in npm install?

[Ana06]

two options to implement it:

• duplicate the code of VM-Install-Node-Tool in this package to add the --loglevel=error
• add the --loglevel=error inside VM-Install-Node-Tool so that it is used for all packages. I think this is ok as it would only ignore warnings. does someone see an issue with it @mandiant/vms ?