Setting Up Flare VM

This post will detail how I went about setting up Flare VM for static analysis.
The first step was to setup a Windows 7 VM and this was done using VirtualBox. The specs that I used are listed below (these are limited by the equipment that I have access to):

• 110 GB Storage Space
• 2 GB RAM
• 1 Processor

If you can provide more RAM and processor, please do, it will be better.

Going through the standard creation of the VM using a windows7ultimate iso and then performing the setup is quite simple to do. For the actual setup of Flare VM, the instructions are listed on the official GitHub page for Flare VM.

Note: I ran into many issues when attempting the install the .NET 4.5 framework, the first error being the root certificate could not be trusted and that some files could not be verified.
Looking up the error led to mentions of the fact that windows updates may be causing the issue, and when attempting to run the automated update, it failed. A quick google search led to a Microsoft page that contained updates. There were two that looked promising:

• Security Update for Windows 7 for x64-based Systems(KD3033929)
• Update for Windows 7 for x64-based Systems (KB2729094)

I ran the update first since it mentioned that it resolved issues. Once this was installed and the VM rebooted I installed the security update and rebooted again. Then I disabled the Windows Firewall, one other thing I had read was that for the installer itself we can install the certificate so that the hashes can be verified correctly. To do this:

• launch the .NET installer
• Wait this you get to the page where the Terms & Conditions are shown
• Accept them but do not click install
• Launch File explorer
• Navigate to C:\Windows\Microsoft.NET\Framework<version>
• A folder with the name as a hash will be created — click on it
• Locate setup.exe
• Right click on setup.exe and select properties
• Click on the digital signatures tab and click on the Microsoft Signature and then click Details
• Click View Certificate
• If the certificate installs correctly, there is will be message
• Go back to the .NET Installer
• Click on Install

This will go through the rest of the install process and installed properly. I took a snapshot of the VM before proceeding.
Now that .NET 4.8 was installed, I would install WMF 5.1, this was more straight forward, since I just launched powershell as administrator and navigated to where the unzipped folder was and ran the powershell script.

.\Install-WMF5.1.ps1

Once the installation has completed, you will be asked to reboot the system.

Once the restart is complete, we can go ahead and run the Flare VM installed (Take another snapshot here). We got this by downloading the master branch from GitHub. Since the script is not signed and we need to allow powershell to run the script by setting the execution policy
To check the execution policy in powershell, use the command get-executionpolicy and if it says Unrestricted else run the command Set-ExecutionPolicy Unrestricted.

Navigate to the unzipped folder called flare-vm-master in powershell and run the install.ps1 using the command .\install.ps1, you will be asked to enter the user’s password, since the install process will cause several restarts.

Once the password has been entered sit back, relax and let the installer do its thing. This will take some time