def files():
path = input('Enter Path:')
API = '35a7358ed8946a8b0cd66024d16f36881e14ce38328c03ec3c03f5bf45f97d67'
API = virus_total_apis.PublicApi(API)
files = []
for r, d, f in os.walk(path):
for file in f:
files.append(os.path.join(r, file))
for f in files:
print(f' {f}')
output = subprocess.check_output(f"certutil -hashfile \"{f}\" MD5")
output = output.decode("utf-8")
hash1 = re.findall('[a-z|A-Z|0-9]{32}', output)
try:
response = API.get_file_report(hash1[0])
response = API.get_file_report(hash1[0])
response = json.dumps(response)
response = json.loads(response)
time.sleep(26)
print(f"{response['results']['positives']}/56")
except:
print('clean file')
pass
def virustotal(filename, api_key): # ("info", result[])
key = api_key
result = []
vt = virus_total_apis.PublicApi(key)
md5 = hashlib.md5(open(filename, 'rb').read()).hexdigest()
response = vt.get_file_report(md5)
if response["response_code"] == 204:
pass
response_code_ = response["results"]["response_code"]
if response_code_ == 1:
for n in response["results"]["scans"]:
if response["results"]["scans"][n]["detected"]:
result.append("{} ^ {}".format(
n, response["results"]["scans"][n]["result"]))
elif response_code_ == -2:
pass
else:
if input("Would you like to upload file to VirusTotal? [Y/n] "
) is not "n":
response = vt.scan_file(filename)
result.append(response["results"]["permalink"])
else:
print()
return ("scan_result", result) if response_code_ is 1 else ("permalink",
result)
def analyzingProcess(downloadedFilePathsQueue):
virusTotal = virus_total_apis.PublicApi(API_KEY)
logFile = 'LogAnalyzer.txt'
totalCounter = 0
malwareCounter = 0
formatFilesCountDict = {}
for fileFormat in FILE_FORMATS:
formatFilesCountDict[fileFormat] = [0, 0]
while True:
if (downloadedFilePathsQueue.empty() != True):
# pair -> (directory, filename)
pair = downloadedFilePathsQueue.get()
if (pair[0] == 0):
break
# calculating hash of the file
hash = calculateFileHash(pair[0] + 'files\\' + pair[1])
report = checkFileViaVirusTotal(hash, virusTotal)
format = getFileFormat(pair[1])
formatFilesCountDict[format][0] += 1
totalCounter += 1
log('[*] Starting to analyze (' + str(totalCounter) + ') ' + pair[1], logFile)
# if this file is malware
if (str(report).find('true') != -1):
malwareCounter += 1
formatFilesCountDict[format][1] += 1
log(' [*] Malware detected (' + str(malwareCounter) + '): ' + pair[1], logFile)
else:
log(' [*] This file is clean: ' + pair[1], logFile)
writeFile(pair[0] + 'analysis\\' + pair[1] + '.result.txt', report, 'w')
else:
time.sleep(3)
log('[*] Total files analyzed: ' + str(totalCounter), logFile)
log('[*] Total malware files: ' + str(malwareCounter), logFile)
log('[*] Format table (total downloaded / malicious)', logFile)
for format in gFormatFilesCount:
log(' ' + format + '\t' +
str(formatFilesCountDict[format][0]) + ' / ' +
str(formatFilesCountDict[format][1]), logFile)
return
def virustotalApi(self, apikey):
key = apikey
result = []
result1 = [] # 检测到的引擎/Detected Engines
result2 = [] # 未检测到的引擎/Engine Not Detected
vt = virus_total_apis.PublicApi(key)
md5 = hashlib.md5(open(self.filename, 'rb').read()).hexdigest()
response = vt.get_file_report(md5)
# print response # 所有结果/All Results
print response["response_code"] # 网络响应码/Network Response Code
if 204 == response[
"response_code"]: # 超出上传频率/Upload Frequency Exceeded
print "204"
return ("http_code", "", response["response_code"], "")
response_code_ = response["results"]["response_code"]
# print response_code_ # 返回信息响应代码/Return Information Response Code
if 1 == response_code_:
# 解析json回传内容/Parse JSON Return Content
# 先显示报毒的引擎/Show the Engine of the Poison First
for n in response["results"]["scans"]:
if response["results"]["scans"][n]["detected"]:
result1.append("{} ^ {}".format(
n, response["results"]["scans"][n]["result"]))
else:
result2.append("{} ^ {}".format(
n, response["results"]["scans"][n]["result"]))
result = sorted(result1, key=str.lower) + sorted(result2,
key=str.lower)
elif -2 == response_code_:
pass
else:
response = vt.scan_file(self.filename) # 32M limit
if response["results"]["verbose_msg"]:
result.append(response["results"]["verbose_msg"])
else:
result.append(response["results"]["permalink"])
if 1 == response_code_:
return ("scan_result", result, response["response_code"],
response_code_)
else:
return ("permalink", result, response["response_code"],
response_code_)
def virustotalApi(self, apikey):
key = apikey
result = []
result1 = [] # 检测到的引擎
result2 = [] # 未检测到的引擎
vt = virus_total_apis.PublicApi(key)
md5 = hashlib.md5(open(self.filename, 'rb').read()).hexdigest()
response = vt.get_file_report(md5)
# print response # 所有结果
print response["response_code"] # 网络响应码
if 204 == response["response_code"]: # 超出上传频率
print "204"
return ("http_code", "", response["response_code"], "")
response_code_ = response["results"]["response_code"]
# print response_code_ # 返回信息响应代码
if 1 == response_code_:
# 解析json回传内容
# 先显示报毒的引擎
for n in response["results"]["scans"]:
if response["results"]["scans"][n]["detected"]:
result1.append("{} ^ {}".format(
n, response["results"]["scans"][n]["result"]))
else:
result2.append("{} ^ {}".format(
n, response["results"]["scans"][n]["result"]))
result = sorted(result1, key=str.lower) + sorted(result2,
key=str.lower)
elif -2 == response_code_:
pass
else:
response = vt.scan_file(self.filename) # 32M limit
if response["results"]["verbose_msg"]:
result.append(response["results"]["verbose_msg"])
else:
result.append(response["results"]["permalink"])
if 1 == response_code_:
return ("scan_result", result, response["response_code"],
response_code_)
else:
return ("permalink", result, response["response_code"],
response_code_)
def ps():
print('scan running....')
API = 'your virus total api'
API = virus_total_apis.PublicApi(API)
os.system(
"powershell.exe \"get-process | get-item -erroraction silentlycontinue | format-table name, directory\" > proc.txt"
)
time.sleep(2)
file = open('proc.txt', 'r')
Programs = file.read()
scan = re.findall('.*', Programs)
check = []
for pro in scan:
Programs_name = re.findall('.*exe', pro)
Progrmas_paths = re.findall('[A-Z]:.*', pro)
try:
if ('\\' in Progrmas_paths[0] and '.exe' in Programs_name[0]
and Progrmas_paths[0] not in check):
new = re.sub(' +', ' ', Progrmas_paths[0])
new = new.rstrip() + '\\' + Programs_name[0]
output = subprocess.check_output(
f"certutil -hashfile \"{new}\" MD5")
output = output.decode("utf-8")
hash1 = re.findall('[a-z|A-Z|0-9]{32}', output)
print(new)
print(hash1[0])
check.append(str(Progrmas_paths[0]))
response = API.get_file_report(hash1[0])
response = json.dumps(response)
response = json.loads(response)
print(f"{response['results']['positives']}/70")
time.sleep(26)
except:
pass
def __init__(self, apikey):
self.api = virus_total_apis.PublicApi(apikey)