Upgrade possibility
FssAy opened this issue · 1 comments
I know that this project wasn't supposed to be anything advanced, but with some little tweaks it could detect any stupid grabber that is based on reading *.ldb and *.log files (which is a majority).
For example, by using NTAPI it's possible to get all process' handles and look for disk file handles that are discord's *.ldb or *.log files. With python it can be too slow to check every unknown process, but as a "single focus detection mechanism" this method should work great. That's true that the malware needs to be ran, but with disabled network and VM it shouldn't be an issue.
I guess that could be easily done with psutil module, but I am not a Python programmer.
import psutil
TARGET = "shittygrabber.exe"
for proc in psutil.process_iter():
if proc.name() == TARGET:
print(proc.open_files())Yeah a dynamic analysis support could be a nice idea.
Ty ;)