 Hello and welcome to malware analysis for Hedgehogs! Today I will be talking a bit about convenience tricks, tips and tricks you can use for your analysis lab, especially if you analyze a lot and if you if you want to do a process a lot of files you should consider making your live a bit easier and using some of those tricks. The first thing that I do is I create lots of batch scripts for tools I use frequently with the switches I use frequently because a lot of the tools that we use are command line tools and for instance POTX analyzer. There are two switches that I use a lot and I don't want to type them in all the time. So here I created this POTX analyzer batch file. You can use any scripting language actually but I think batch is convenient for Windows. Now what does a script actually do? First it will check if the first argument that is given to the batch script is a directory and if it is a directory it will check all the contents of the directory the files that are in there. If those are folders it will skip them and otherwise it will call POTX analyzer jar with the two switches that I mentioned. The first is a p-switch that switch will output a creative visualization of the binary and the second is the minus os which will create a report in a text file and that's our actual file that's used. I also pipe it into the more command so if there's a lot of output you can navigate through the output and read all of it just leave it away if you don't like it. And in this path we have not a folder we don't have a directory but we have a single file so I call the same command just on that file and also I will start Notepad to show our to show our report and I will start Run DLL to open this function image view full screen that's in the photo viewer.dll. This will basically show our visualization directly open it up in the image viewer of Windows. Okay the second one the second script that I did is the example that I want to show you is stick check that's assistant-turned-suit tool and also command line to the it's basically the same as in products analyzer just not that complicated because stick check.exe already has a switch for subfolders and that's all it does it will again check if it's a directory that we submitted to the file pass to the file and if it is it will just use this switch otherwise it will perform the stick check on the file and this will put all of the output by stick check into a stick check.txt and then we start Notepad on and show the result now here's how this looks in action this is our sample I drag it into the batch file now it will show me the output on the on the command prompt and when it's done it opens up the visualization and also it opens up the report so I can directly read it it saves me a lot of time I don't have to open the command prompt and type everything in so pretty convenient or in case of stick check well let's just use a folder for this one here it opens it up and now I have a stick check output for all of the files and that this in turn it's huge folder I often use this for pubs like sometimes if you have a pub it will download lots of other adware files and if you collect them into one folder run the stick check on them you can you might see some interesting facts already files that you might want to analyze further in case you don't want to look at all of them so that's nice now I usually do not want to drag the the sample into the batch files it's a bit annoying I actually want to have the same effect by right clicking and using the context menu and for that we can just edit the registry press the windows button and R and you get uh can under rec edit yes we know what we are doing and in this age key class is root you navigate to the star and the shell and there you right click new key enter the the name of the command you want to use for instance stick check now you need to create another subkey called command and in this you will enter the path of the batch file because that's why we created the batch file right just use that and please use quotation marks if there are any spaces in the path otherwise you might run into some problems okay and this is the the argument for the batch file so when I right click on the file and use press the stick check this will be the argument will be this file that's the one okay let's test it doesn't work yeah perfect um the same has to be done for the folders so you right click you want the same stick check command for the folder again we are in age key classes root now directory where is directory there it is uh shell and new key zig check new key command it's the same as above so could we enter the path and the argument and now we can call the command like this that's great so and that's actually it I will I will post the paste the bin links to the batch files below so you can use them and modify them you can you can use them for most tools that you use regularly and I really recommend that you put some work into setting this up because it will save a lot of work in the future so um yeah I hope this is of any help for you and see you next time thanks for watching