def VtReport(apikey, filename=None, md5sum=None): if filename is None and md5sum is None: return (False, "No parameters passed!") # Check filename existance if filename is not None and not os.path.exists(filename): return (False, "Input file '%s' does not exist!" % filename) #print("fn=%s md5=%s" % (filename, md5sum)) # Get file report from VirusTotal try: vt.set_apikey(apikey) result = vt.get_file_report(filename=filename, md5sum=md5sum) except Exception as e: return (False, "Exception:\n%s" % str(e)) # Already analyzed? if result is not None: # Transform the results items = [] for av, mwname in result.items(): mwname = str(mwname) if mwname else "n/a" av = str(av) items.append([av, mwname]) result = items return (True, result)
def OnFormChange(self, fid): if fid == self.rOptMD5.id or fid == self.rOptFile.id: input = (self.cfg.md5sum, self.cfg.infile) if fid == self.rOptMD5.id: c1 = self.rOptMD5 c2 = self.rOptFile idx = 0 else: c1 = self.rOptFile c2 = self.rOptMD5 idx = 1 v = not self.GetControlValue(c1) if v: idx = not idx # Uncheck the opposite input type self.SetControlValue(c2, v) # Set input field depending on input type self.SetControlValue(self.txtInput, input[idx]) # # Report button # elif fid == self.btnReport.id: input = self.GetControlValue(self.txtInput) as_file = self.GetControlValue(self.rOptFile) apikey = self.GetControlValue(self.txtApiKey) ok, r = VtReport(self.cfg.apikey, filename=input if as_file else None, md5sum=None if as_file else input) # Error? if not ok: idc.warning(r) return 1 # Pass the result self.EChooser.SetItems(r) # We have results and it was a file? Print its MD5 if r and as_file: print("%s: %s" % (vt.LAST_FILE_HASH, input)) # Refresh the embedded chooser control # (Could also clear previous results if not were retrieved during this run) self.RefreshField(self.cEChooser) # Store the input for the caller self.cfg.input = input # No results and file as input was supplied? if r is None: if as_file: # Propose to upload if idc.ask_yn( 0, "HIDECANCEL\nNo previous results. Do you want to submit the file:\n\n'%s'\n\nto VirusTotal?" % input) == 0: return 1 try: r = vt.scan_file(input) except Exception as e: idc.warning("Exceptio during upload: %s" % str(e)) else: if r is None: idc.warning("Failed to upload the file!") else: idc.warning( "File uploaded. Check again later to get the analysis report. Scan id: %s" % r) else: idc.warning("No results found for hash: %s" % input) return 1
def OnFormChange(self, fid): if fid == self.rOptMD5.id or fid == self.rOptFile.id: input = (self.cfg.md5sum, self.cfg.infile) if fid == self.rOptMD5.id: c1 = self.rOptMD5 c2 = self.rOptFile idx = 0 else: c1 = self.rOptFile c2 = self.rOptMD5 idx = 1 v = not self.GetControlValue(c1) if v: idx = not idx # Uncheck the opposite input type self.SetControlValue(c2, v) # Set input field depending on input type self.SetControlValue(self.txtInput, input[idx]) # # Report button # elif fid == self.btnReport.id: input = self.GetControlValue(self.txtInput) as_file = self.GetControlValue(self.rOptFile) apikey = self.GetControlValue(self.txtApiKey) ok, r = VtReport(self.cfg.apikey, filename=input if as_file else None, md5sum=None if as_file else input) # Error? if not ok: idc.Warning(r) return 1 # Pass the result self.EChooser.SetItems(r) # We have results and it was a file? Print its MD5 if r and as_file: print("%s: %s" % (vt.LAST_FILE_HASH, input)) # Refresh the embedded chooser control # (Could also clear previous results if not were retrieved during this run) self.RefreshField(self.cEChooser) # Store the input for the caller self.cfg.input = input # No results and file as input was supplied? if r is None: if as_file: # Propose to upload if idc.AskYN(0, "HIDECANCEL\nNo previous results. Do you want to submit the file:\n\n'%s'\n\nto VirusTotal?" % input) == 0: return 1 try: r = vt.scan_file(input) except Exception as e: idc.Warning("Exceptio during upload: %s" % str(e)) else: if r is None: idc.Warning("Failed to upload the file!") else: idc.Warning("File uploaded. Check again later to get the analysis report. Scan id: %s" % r) else: idc.Warning("No results found for hash: %s" % input) return 1