'''
@author: Peter Silberman
@contact: peter.silberman@mandiant.com
@organization: http://www.mandiant.com
'''
import os
import sys
try:
import pefile
except:
print "Need to install pefile from http://code.google.com/p/pefile/"
sys.exit(1)
if len(sys.argv) != 2:
print "find_injected_dll.py
"
sys.exit(1)
path = sys.argv[1]
path = path.strip("\"")
if path[len(path)-1] != '\\':
path+="\\"
dir_list = os.listdir(path)
injected_dll_count = 0
for file in dir_list:
full_path = path+file
try:
pe = pefile.PE(full_path, fast_load=True)
if file[-3:].lower() == "vad":
print "Found injected dll %s" % file
injected_dll_count+= 1
except:
pass
print "Found %d injected dll(s)" % injected_dll_count