Add a javascript package

brad-sp · Nov 12, 2015 · 75fb794 · 75fb794
1 parent 7308a36
commit 75fb794
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 0 deletions.
diff --git a/analyzer/windows/lib/core/packages.py b/analyzer/windows/lib/core/packages.py
@@ -60,5 +60,7 @@ def choose_package(file_type, file_name, exports):
         return "msg"
     elif file_name.endswith(".eml"):
         return "eml"
+    elif file_name.endswith(".js"):
+        return "js"
     else:
         return "generic"
diff --git a/analyzer/windows/modules/packages/js.py b/analyzer/windows/modules/packages/js.py
@@ -0,0 +1,18 @@
+# Copyright (C) 2015 Optiv, Inc. (brad.spengler@optiv.com)
+# This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org
+# See the file 'docs/LICENSE' for copying permission.
+
+import os
+
+from lib.common.abstracts import Package
+
+class JS(Package):
+    """JavaScript analysis package."""
+    PATHS = [
+        ("SystemRoot", "system32", "wscript.exe"),
+    ]
+
+    def start(self, path):
+        wscript = self.get_path("wscript.exe")
+        args = "\"%s\"" % path
+        return self.execute(wscript, args, path)
diff --git a/cuckoo.pyproj b/cuckoo.pyproj
@@ -119,6 +119,7 @@
     <Compile Include="analyzer\windows\modules\auxiliary\browser.py" />
     <Compile Include="analyzer\windows\modules\auxiliary\digisig.py" />
     <Compile Include="analyzer\windows\modules\packages\chrome.py" />
+    <Compile Include="analyzer\windows\modules\packages\js.py" />
     <Compile Include="analyzer\windows\modules\packages\msg.py" />
     <Compile Include="analyzer\windows\modules\packages\eml.py" />
     <Compile Include="analyzer\windows\modules\packages\rar.py" />