PSGlimpsMalware

A PowerShell module for interfacing with the Glimps Malware API: https://www.glimps.fr/

Usage

Install

PS> Install-Module PSGlimpsMalware

Import

PS> Import-Module PSGlimpsMalware

Connect

PS> Connect-GlimpsMalware -ApiKeyPlainText "<your api key>" -ApiUrl "https://<your instance url>/api/lite/v2/"

Example for unattended

PS> # Save credentials
PS> Get-Credential -UserName "dummy" -Message "Enter Glimps API Key" | Export-Clixml "$($ENV:USERPROFILE)\psglimps.xml"
PS> # Use those save credentials (same computer, same windows session)
PS> Import-Clixml "$($ENV:USERPROFILE)\psglimps.xml" | Select-Object -ExpandProperty Password | Connect-GlimpsMalware -ApiUrl "https://<your instance>/api/lite/v2/"

Submit a file

PS> Send-FileToGlimpsMalware -FilePath "C:\tmp\tests\mysuspiciousfile"
d11600fd-a2ff-4a91-8369-681721665519

Through pipeline:

PS> "C:\tmp\tests\mysuspiciousfile" | Send-FileToGlimpsMalware
d11600fd-a2ff-4a91-8369-681721665519

Multiple Files

PS> gci "C:\tmp\" | Send-FileToGlimpsMalware
d11600fd-a2ff-4a91-8369-681721665519
3d2d0263-f640-45de-871c-ffa3437e6248

• Specify the -AsZip flag to zip beforce sending.

Retrieve results

Get results through -uuid or pipeline

PS> Get-GlimpsMalwareReport -uuid "d11600fd-a2ff-4a91-8369-681721665519" -Wait
uuid       : d11600fd-a2ff-4a91-8369-681721665519
sha256     : 8f27d6c7cbd0219da66e1c52d66ff72bf1d57125a8874febdbe567713a20f232
sha1       : d384033dbef6c09fd9d97737eca68a2fc3462c9b
md5        : 149876e2bbb4bb71dcc02e59208638e6
ssdeep     : 3072:cEAkKGGISuqiXGAig21njDPAvDsSJ7ruJB4YTqgY427o:tS3RAig21njDGsS4n4Y2o
is_malware : False
score      : 0
[...]

PS> gci "C:\tmp\" | Send-FileToGlimpsMalware | Get-GlimpsMalwareReport -Wait

• Specify the -Wait flag to wait for results if analysis is in progress.
• Specify the -Timeout value to specify the maximum time to wait in seconds.
• Specify the -Interval value to specify the interval in seconds between each call.