The Script Editor allows users with malware and basic software development skills to create complex malware detection patterns using our OpenSBI syntax and the Pascal language. A simple script that you could implement using a simple .sbi file might look like this:

begin
   sbiFile('<$FILE_DATA>',
           '<$WINDIR>\Malware.txt',
           'filesize=182,md5=83C36C493D7A254F9DE2ED63B3F92548');
end;

Now imagine you want some user input or custom calculation, because malware is individual to your system.

var sName, sFilename: String;
begin
   InputQuery('Username', 'Please enter', sName);
   sFilename := 'C:\Users\' + sName + '\test.txt';
   sbiFile('test', sFilename, 'filesize=10');
   ShowMessage('Did look for ' + sFilename);
end;

This demonstrates interaction with the user. In reality, you could of course just use the proper path template for scanning all users directories, see the OpenSBI wiki for details. Also, the use of scripting will be more in complex calculations and conditions than in user interaction. You can use Scripting to test your own detection rules or to get rid of unwanted files.

Scripting

Click on image to enlarge

(Visited 1,659 times, 1 visits today)