From a004bbdcb9b20ec7126eedc51ae0b0df47514f49 Mon Sep 17 00:00:00 2001
From: vm-packages <vm-packages@mandiant.com>
Date: Thu, 24 Aug 2023 15:09:46 +0000
Subject: [PATCH] Add PEAnatomist.vm

Closes https://github.com/mandiant/VM-Packages/issues/647.
---
 packages/peanatomist.vm/peanatomist.vm.nuspec        | 12 ++++++++++++
 packages/peanatomist.vm/tools/chocolateyinstall.ps1  | 10 ++++++++++
 .../peanatomist.vm/tools/chocolateyuninstall.ps1     |  7 +++++++
 3 files changed, 29 insertions(+)
 create mode 100644 packages/peanatomist.vm/peanatomist.vm.nuspec
 create mode 100644 packages/peanatomist.vm/tools/chocolateyinstall.ps1
 create mode 100644 packages/peanatomist.vm/tools/chocolateyuninstall.ps1

diff --git a/packages/peanatomist.vm/peanatomist.vm.nuspec b/packages/peanatomist.vm/peanatomist.vm.nuspec
new file mode 100644
index 000000000..d14076cba
--- /dev/null
+++ b/packages/peanatomist.vm/peanatomist.vm.nuspec
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="utf-8"?>
+<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
+  <metadata>
+    <id>peanatomist.vm</id>
+    <version>0.2.11931.20230824</version>
+    <authors>RamMerLabs</authors>
+    <description>PE Analysis tool providing detailed information</description>
+    <dependencies>
+      <dependency id="common.vm" />
+    </dependencies>
+  </metadata>
+</package>
diff --git a/packages/peanatomist.vm/tools/chocolateyinstall.ps1 b/packages/peanatomist.vm/tools/chocolateyinstall.ps1
new file mode 100644
index 000000000..231489a2b
--- /dev/null
+++ b/packages/peanatomist.vm/tools/chocolateyinstall.ps1
@@ -0,0 +1,10 @@
+$ErrorActionPreference = 'Stop'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'PEAnatomist'
+$category = 'PE'
+
+$zipUrl = 'https://rammerlabs.alidml.ru/files/0000-0002-29CD-0000/PEAnatomist-0.2.zip'
+$zipSha256 = '8265abffa0f9e7ad4c3e2293b708c4cfda475407309e97b2437ec7121cd8668d'
+
+VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $false
diff --git a/packages/peanatomist.vm/tools/chocolateyuninstall.ps1 b/packages/peanatomist.vm/tools/chocolateyuninstall.ps1
new file mode 100644
index 000000000..8be304ada
--- /dev/null
+++ b/packages/peanatomist.vm/tools/chocolateyuninstall.ps1
@@ -0,0 +1,7 @@
+$ErrorActionPreference = 'Continue'
+Import-Module vm.common -Force -DisableNameChecking
+
+$toolName = 'PEAnatomist'
+$category = 'PE'
+
+VM-Uninstall $toolName $category