Hybrid Analysis API

This script allow users to retrieve data using Hybrid Analysis API,It can search for malware family or malware name or hash you can give it malware file name ex: mimikatz and ask for IMP hash for all files contains mimikatz in it's files name on Hybrid Analysis

How to use

Load the function

Import-Module -Path "Path to Hybrid API.ps1"

then

Hybrid-API -API <API> -filename mimikatz -result IMPhash,sha256

or

Hybrid-API -API <API> -filename mimikatz,emotet -result IMPhash,sha256,hosts,domains

or

Hybrid-API -API <API> -filename (get-content -Path malwares.txt) -result (get-content -Path result.txt)

for long time Importing add the above command to Microsoft. PowerShell_profile.ps1 which could be found by running $profile in the PowerShell and create the path if it's not existed

Output of the script

you can search by hashes, if you supply -VT_API, script will search hashes in virus total, if you didn't then the script will use the supplied Hybrid Analysis API

the following script will use VT_API for hashes and Hybrid Analysis for filename

./Hybrid-API -VT_API <VT_API>,<VT_API> -hash <hash1>,<hash2>,<hash3> -API <API> -filename mimikatz -result imphash

Authors

• Karem Ali - twitter LinkedIn

To-Do

• searching using vx_family
• searching using list of hashes