Accessing VirusBattle requires downloading and setting up the VirusBattle SDK. See Installation, Setup, Registration to setup.
Unpacking with VirusBattle
VirusBattle provides a fully automated generic unpacking service. All you need to do is upload PE-32 executable either as is and or as part of compressed archive. Wait for a few seconds, and download the unpacked file.
Uploading to VirusBattle
See Uploading Files for a detailed HowTo. The easiest way to upload to VirusBattle is:
vbclient.py -a upload <path to file>
To find out if the uploaded file has been processed or not:
vbclient.py -a status <sha1 of uploaded file>
You may also want to use the Query option for details
vbclient.py -a query <sha1 of uploaded file>
Downloading Unpacked File
To download results of VirusBattle, use the Download action:
vbclient.py -a download <sha1 of uploaded file> --enable_malware_download
This downloads VirusBattle service result files in the ./Results folder. To avoid download of results from other services-srlStatic, srlJuice etc., set the appropriate VIRUSBATTLE_SERVICE_FILTER as described below.
Generate mapping between packed and unpacked file
To generate service maps, use the map action:
vbclient.py -a map <sha1 of uploaded file>
This creates csv map files ./Results directory containing original_file_sha1,unpacked_file_sha1
Filter Other Services
If you are only interested in unpacking, and want to filter out results from other VirusBattle services- srlJuice, srlStatic, srlSimService etc., you can filter them out setting the appropriate value for the VIRUSBATTLE_SERVICE_FILTER environment variable.
The variable accepts a comma separated list of service names to filter out. You can filter out as many, or as few services as you choose.