Preparation for 1.19.20 release.

kirk-sayre-work · kirk-sayre-work · commit 393e5ad2f7a7 · 2023-02-15T14:03:43.000-06:00
diff --git a/README.md b/README.md
@@ -46,10 +46,12 @@ Box.js will emulate a Windows JScript environment, print a summary of the emulat
 
  >If you wish to automate the analysis, you can use the return codes - documented in `integrations/README.md` - to distinguish between different types of errors.
 
-## Analysis Fails Due to Missing 'document' Object
+## Analysis Fails Due to Missing 'document' Object or Other Objects/Functions
 
 The box-js repository from git includes a `boilerplate.js` file. This file defines some stubbed versions of common browser objects such as document. Try rerunning your analysis with the `--prepended-code=DIR/boilerplate.js` option, where `DIR` is the directory of the cloned box-js repository. The `--prepended-code` option tells box-js to prepend the JavaScript in the given file to the sample being analyzed.
 
+Note that you can copy boilerplate.js and add your own stubbed classes, objects, etc. as needed.
+
 ## Batch usage
 
 While box.js is typically used on single files, it can also run batch analyses. You can simply pass a list of files or folders to analyse:
@@ -88,6 +90,8 @@ cat ./*.results/active_urls.json | sort | uniq
     --preprocess           Preprocess the original source code (makes reverse engineering easier, but takes
                            a few seconds)                                                                  
     --prepended-code       Prepend the JavaScript in the given file to the sample prior to sandboxing
+    --fake-script-engine   The script engine to report in WScript.FullName and WScript.Name (ex.           
+                           'cscript.exe' or 'wscript.exe'). Default is wscript.exe.            
     --unsafe-preprocess    More aggressive preprocessing. Often results in better code, but can break on   
                            some edge cases (eg. redefining prototypes)                                     
     --no-kill              Do not kill the application when runtime errors occur                           
@@ -114,6 +118,8 @@ cat ./*.results/active_urls.json | sort | uniq
     --dangerous-vm         Use the `vm` module, rather than `vm2`. This sandbox can be broken, so **don't  
                            use this** unless you're 100% sure of what you're doing. Helps with debugging by
                            giving correct stack traces.                                                    
+    --rewrite-loops        Rewrite some types of loops to make analysis faster                             
+    --throttle-writes      Throttle reporting and data tracking of file writes that write a LOT of data
 <!--END_FLAGS-->
 
 # Analyzing the output
diff --git a/RELEASE_NOTES.txt b/RELEASE_NOTES.txt
@@ -0,0 +1,17 @@
+Version 1.19.20, 2/15/2023
+--------------------------
+
+* Added anti-emulation loop rewriting functionality.
+* Added functionality for faking being run with cscript.exe or wscript.exe.
+* Added functionality for throttling lots of small file writes.
+* Added support for WMI.GetObject.Run().
+* Added support for ADODBStream.flush().
+* Added support for InternetExplorer.Application.
+* Added support for XMLHttpRequest.
+* Added some stubbed JQuery functionality.
+* Added support for ScheduleService.
+* Track IOCs being passed through the '|' operator in analyzed JS code.
+* Added support for WindowsInstaller.installer.
+
+
+
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
     "name": "box-js",
-    "version": "1.9.18",
+    "version": "1.9.20",
     "description": "A tool for studying JavaScript malware.",
     "dependencies": {
         "acorn": "^5.6.2",

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "box-js",`
`3`		`- "version": "1.9.18",`
	`3`	`+ "version": "1.9.20",`
`4`	`4`	`"description": "A tool for studying JavaScript malware.",`
`5`	`5`	`"dependencies": {`
`6`	`6`	`"acorn": "^5.6.2",`