def get_VT_name(hashes): try: vt = PrivateApi(api_key = os.environ["VIRUSTOTAL_API_KEY"]) generator = ComputeVtUniqueName() names = [generator.build_unique_name(vt.get_file_report(hash_) or "") for hash_ in hashes] if len(names) >= 2 and all(names[0] == name for name in names[1:]): name = names[0] if name["pup"]: log.error("PUA signatures are not implemented yet. Excpected name was: %s", str(name)) pass else: return "{}.{}.{}".format(name["platform"], name["category"], name["unique_name"]) except KeyError: log.warn("No VIRUSTOTAL_API_KEY specified. Falling back to generic name.") except Exception: log.exception("White trying to compute VT name. Falling back to generic name.") return GENERIC_CLAMAV_MALWARE_NAME
def run(self): vt_logger = logging.getLogger('vtmonitor') self.banner() # Perform some sanity checks try: self.checkenv() except Exception as error: vt_logger.critical(error) return self.check_updates() vt_logger.debug('==================================================') vt_logger.debug('Application restart') vt_logger.debug('==================================================') if self.private_api: vt = VirusTotalPrivateApi(self.api_key) else: vt = VirusTotalPublicApi(self.api_key) # Create baseline of processes vt_logger.info('Creating base list of allowed process') wmic = subprocess.check_output("wmic process get ExecutablePath", shell=True) wmic = wmic.replace('\r', '\n') base_list = set([]) for process in wmic.split('\n'): process = process.strip() if not process: continue base_list.add(process) vt_logger.info("Starting main loop to watch for new processes") while True: sleep(1) wmic = subprocess.check_output("wmic process get ExecutablePath", shell=True) wmic = wmic.replace('\r', '\n') for process in wmic.split('\n'): process = process.strip() if not process: continue if process in base_list: continue vt_logger.debug("Unknown process %s, checking the hash on Virus Total" % process) # New process, let's submit to VT for details with open(process, 'rb') as handle: data = handle.read() signature = hashlib.md5(data).hexdigest() response = vt.get_file_report(signature) if response['results'].get('response_code') == 0: vt_logger.warn("Process %s is unknown on Virus Total" % process) else: vt_logger.info("Process %s has a known signature on Virus Total" % process) # and add it to the base list, otherwise it will keep pinging VT all the time base_list.add(process)
def run(self, args): config_path = os.path.join(os.path.expanduser("~"), ".vtapi") if hasattr(args, 'subcommand'): if args.subcommand in ('check', 'similar'): if not os.path.isfile(config_path): print( "Invalid configuration file, please use pe vt config to configure your VT account" ) sys.exit(1) cf = self.read_config(config_path) if cf['type'] == 'private': vt = PrivateApi(cf['apikey']) else: vt = PublicApi(cf['apikey']) if args.subcommand == 'check': with open(args.PEFILE, 'rb') as f: data = f.read() m = hashlib.sha256() m.update(data) sha256 = m.hexdigest() response = vt.get_file_report(sha256) if args.raw: print(json.dumps(response, sort_keys=False, indent=4)) else: if response["response_code"] != 200: print("Error with the request (reponse code %i)" % response["response_code"]) sys.exit(1) if response["results"]["response_code"] == 0: print("File not found") else: print("[+] Detection: %i / %i" % (response["results"]["positives"], response["results"]["total"])) print("[+] MD5: %s" % response["results"]["md5"]) print("[+] SHA1: %s" % response["results"]["sha1"]) print("[+] SHA256: %s" % response["results"]["sha256"]) if "first_seen" in response['results']: print("[+] First Seen: %s" % response["results"]["first_seen"]) if "last_seen" in response['results']: print("[+] Last Seen: %s" % response["results"]["last_seen"]) print("[+] Link: %s" % response["results"]["permalink"]) elif args.subcommand == 'similar': if cf['type'] != 'private': print( 'I am sorry, you need a private VT access to do that' ) sys.exit(1) with open(args.PEFILE, 'rb') as f: data = f.read() m = hashlib.sha256() m.update(data) sha256 = m.hexdigest() # Check if this PE file is in VT first response = vt.get_file_report(sha256) if response["results"]["response_code"] == 0: print("File not in VT, computing imphash, ssdeep only") pe = pefile.PE(data=data) imphash = pe.get_imphash() ssd = ssdeep.hash(data) vhash = None authentihash = None dbg_filename = debug_filename(pe) dbg_guid = debug_guid(pe) if is_dot_net_assembly(pe): res = get_guid(pe, data) dotnet_mvid = res["mvid"] dotnet_typelib = res["typelib_id"] else: dotnet_mvid = None dotnet_typelib = None else: print("File identified in VT: {}".format( response['results']['permalink'])) vhash = response['results']['vhash'] ssd = response['results']['ssdeep'] authentihash = response['results']['authentihash'] imphash = response['results']['additional_info'][ "pe-imphash"] dbg_guid = None dbg_filename = None if "pe-debug" in response['results'][ 'additional_info']: if "codeview" in response['results'][ 'additional_info']["pe-debug"][0]: if "guid" in response['results'][ 'additional_info']["pe-debug"][0][ "codeview"]: dbg_guid = response['results'][ 'additional_info']["pe-debug"][0][ "codeview"]["guid"] if "name" in response['results'][ 'additional_info']["pe-debug"][0][ "codeview"]: dbg_filename = response['results'][ 'additional_info']['pe-debug'][0][ 'codeview']['name'] if "netguids" in response['results'][ 'additional_info']: dotnet_mvid = response['results'][ 'additional_info']['netguids']['mvid'] dotnet_typelib = response['results'][ 'additional_info']['netguids']['typelib_id'] else: dotnet_mvid = None dotnet_typelib = None # Start with imphash print("# Searching for imphash: {}".format(imphash)) res = vt.file_search('imphash:"{}"'.format(imphash)) self.print_results(res, sha256) # ssdeep print("# Searching for ssdeep: {}".format(ssd)) res = vt.file_search('ssdeep:"{}"'.format(ssd)) self.print_results(res, sha256) # authentihash if authentihash: print("# Searching for authentihash: {}".format( authentihash)) res = vt.file_search( 'authentihash:"{}"'.format(authentihash)) self.print_results(res, sha256) # vhash if vhash: print("# Searching for vhash: {}".format(vhash)) res = vt.file_search('vhash:"{}"'.format(vhash)) self.print_results(res, sha256) # .NET GUIDs if dotnet_mvid: print("# Searching for .NET Module Version id: {}". format(dotnet_mvid)) res = vt.file_search( 'netguid:"{}"'.format(dotnet_mvid)) self.print_results(res, sha256) if dotnet_typelib: print("# Searching for .NET TypeLib id: {}".format( dotnet_typelib)) res = vt.file_search( 'netguid:"{}"'.format(dotnet_typelib)) self.print_results(res, sha256) # Debug if dbg_filename: print("# Searching for Debug Filename: {}".format( dbg_filename)) res = vt.file_search('"{}"'.format(dbg_filename)) self.print_results(res, sha256) if dbg_guid: print( "# Searching for Debug GUID: {}".format(dbg_guid)) res = vt.file_search('"{}"'.format(dbg_guid)) self.print_results(res, sha256) elif args.subcommand == 'config': config = configparser.ConfigParser() if args.type == 'public': config['vt'] = { 'intelligence': False, 'engines': '', 'timeout': 60, 'apikey': args.APIKEY, 'type': 'public' } else: config['vt'] = { 'intelligence': True, 'engines': '', 'timeout': 60, 'apikey': args.APIKEY, 'type': 'private' } with open(config_path, 'w') as configfile: config.write(configfile) print("Config file {} updated".format(config_path)) else: self.parser.print_help() else: self.parser.print_help()
def intel(self, type, query, data, conf): if type == "domain": if conf["VirusTotal"]["type"] != "public": print("[+] Checking VirusTotal....") vt = PrivateApi(conf["VirusTotal"]["key"]) res = vt.get_domain_report(query) if "results" in res: if "resolutions" in res["results"]: for r in res["results"]["resolutions"]: try: data["passive_dns"].append({ "first": parse(r["last_resolved"]).astimezone( pytz.utc), "last": parse(r["last_resolved"]).astimezone( pytz.utc), "ip": r["ip_address"], "source": "VT", }) except TypeError: # Error with the date pass if "undetected_downloaded_samples" in res["results"]: for r in res["results"][ "undetected_downloaded_samples"]: data["files"].append({ "hash": r["sha256"], "date": parse(r["date"]).astimezone(pytz.utc) if "date" in r else "", "source": "VT", }) if "undetected_referrer_samples" in res["results"]: for r in res["results"]["undetected_referrer_samples"]: data["files"].append({ "hash": r["sha256"], "date": parse(r["date"]).astimezone(pytz.utc) if "date" in r else "", "source": "VT", }) if "undetected_communicating_samples" in res["results"]: for r in res["results"][ "undetected_communicating_samples"]: data["malware"].append({ "hash": r["sha256"], "date": parse(r["date"]).astimezone(pytz.utc), "source": "VT" }) if "detected_communicating_samples" in res["results"]: for r in res["results"][ "detected_communicating_samples"]: data["malware"].append({ "hash": r["sha256"], "date": parse(r["date"]).astimezone(pytz.utc), "source": "VT" }) if "detected_downloaded_samples" in res["results"]: for r in res["results"]["detected_downloaded_samples"]: data["malware"].append({ "hash": r["sha256"], "date": parse(r["date"]).astimezone(pytz.utc), "source": "VT", }) if "detected_referrer_samples" in res["results"]: for r in res["results"]["detected_referrer_samples"]: if "date" in r: data["malware"].append({ "hash": r["sha256"], "date": parse(r["date"]).astimezone(pytz.utc), "source": "VT", }) if "detected_urls" in res["results"]: for r in res["results"]["detected_urls"]: data["urls"].append({ "date": parse(r["scan_date"]).astimezone(pytz.utc), "url": r["url"], "ip": "", "source": "VT", }) elif type == "ip": if conf["VirusTotal"]["type"] != "public": print("[+] Checking VirusTotal...") vt = PrivateApi(conf["VirusTotal"]["key"]) res = vt.get_ip_report(query) if "results" in res: if "resolutions" in res["results"]: for r in res["results"]["resolutions"]: try: data["passive_dns"].append({ "first": parse(r["last_resolved"]).astimezone( pytz.utc), "last": parse(r["last_resolved"]).astimezone( pytz.utc), "domain": r["hostname"], "source": "VT", }) except TypeError: # Error with the date pass if "undetected_downloaded_samples" in res["results"]: for r in res["results"][ "undetected_downloaded_samples"]: data["files"].append({ "hash": r["sha256"], "date": parse(r["date"]).astimezone(pytz.utc) if "date" in r else "", "source": "VT", }) if "undetected_referrer_samples" in res["results"]: for r in res["results"]["undetected_referrer_samples"]: data["files"].append({ "hash": r["sha256"], "date": parse(r["date"]).astimezone(pytz.utc) if "date" in r else "", "source": "VT", }) if "undetected_communicating_samples" in res["results"]: for r in res["results"][ "undetected_communicating_samples"]: data["malware"].append({ "hash": r["sha256"], "date": parse(r["date"]).astimezone(pytz.utc), "source": "VT", }) if "detected_communicating_samples" in res["results"]: for r in res["results"][ "detected_communicating_samples"]: data["malware"].append({ "hash": r["sha256"], "date": parse(r["date"]).astimezone(pytz.utc), "source": "VT", }) if "detected_downloaded_samples" in res["results"]: for r in res["results"]["detected_downloaded_samples"]: data["malware"].append({ "hash": r["sha256"], "date": parse(r["date"]).astimezone(pytz.utc), "source": "VT" }) if "detected_urls" in res["results"]: for r in res["results"]["detected_urls"]: data["urls"].append({ "date": parse(r["scan_date"]).astimezone(pytz.utc), "url": r["url"], "ip": "", "source": "VT", }) elif type == "hash": if conf["VirusTotal"]["type"] != "public": print("[+] Checking VirusTotal...") vt = PrivateApi(conf["VirusTotal"]["key"]) res = vt.get_file_report(query) if res["results"]["response_code"] == 1: # Found data["samples"].append({ "date": parse(res['results']['scan_date']).astimezone( pytz.utc), "source": "VT", "url": res['results']['permalink'], "infos": { "AV Result": "{} / {}".format(res['results']['positives'], res['results']['total']), "First Seen": res['results']["first_seen"], "File Names": ", ".join(res['results']["submission_names"][:5]) } }) if "ITW_urls" in res["results"]: for url in res['results']["ITW_urls"]: data["urls"].append({ "url": url, "source": "VT", "link": res['results']['permalink'] }) if "additional_info" in res["results"]: if "behaviour-v1" in res["results"]["additional_info"]: if "network" in res['results']['additional_info'][ 'behaviour-v1']: for d in res['results']['additional_info'][ 'behaviour-v1']["network"]["dns"]: data["network"].append({ "source": "VT", "url": res['results']['permalink'], "host": d["hostname"], "ip": d["ip"] })
def run(self, conf, args, plugins): if 'subcommand' in args: if conf["VirusTotal"]["type"] != "public": vt = PrivateApi(conf["VirusTotal"]["key"]) if args.subcommand == "hash": response = vt.get_file_report(args.HASH) if args.raw: print(json.dumps(response, sort_keys=False, indent=4)) if args.extended: response = vt.get_network_traffic(args.HASH) print( json.dumps(response, sort_keys=False, indent=4)) response = vt.get_file_behaviour(args.HASH) print( json.dumps(response, sort_keys=False, indent=4)) else: self.print_file(response) elif args.subcommand == "dl": if os.path.isfile(args.HASH): print("File %s already exists" % args.HASH) sys.exit(0) data = vt.get_file(args.HASH) if isinstance(data, dict): if 'results' in data: with open(args.HASH, "wb") as f: f.write(data['results']) print("File downloaded as %s" % args.HASH) else: print('Invalid answer format') sys.exit(1) else: with open(args.HASH, "wb") as f: f.write(data) print("File downloaded as %s" % args.HASH) elif args.subcommand == "file": with open(args.FILE, "rb") as f: # FIXME : could be more efficient data = f.read() m = hashlib.sha256() m.update(data) h = m.hexdigest() response = vt.get_file_report(h) if args.raw: print(json.dumps(response, sort_keys=False, indent=4)) else: self.print_file(response) elif args.subcommand == "hashlist": with open(args.FILE, 'r') as infile: data = infile.read().split() hash_list = list(set([a.strip() for a in data])) print( "Hash;Found;Detection;Total AV;First Seen;Last Seen;Link" ) for h in hash_list: response = vt.get_file_report(h) if response["response_code"] != 200: print("Error with the request (reponse code %i)" % response["response_code"]) print( json.dumps(response, sort_keys=False, indent=4)) print("Quitting...") sys.exit(1) if "response_code" in response["results"]: if response["results"]["response_code"] == 0: print("%s;Not found;;;;;" % h) else: print("%s;Found;%i;%i;%s;%s;%s" % (h, response["results"]["positives"], response["results"]["total"], response["results"]["first_seen"], response["results"]["last_seen"], response["results"]["permalink"])) else: print("%s;Not found;;;;;" % h) elif args.subcommand == "domainlist": with open(args.FILE, 'r') as infile: data = infile.read().split() for d in data: print("################ Domain %s" % d.strip()) res = vt.get_domain_report(d.strip()) self.print_domaininfo(res) elif args.subcommand == "iplist": with open(args.FILE, 'r') as infile: data = infile.read().split() for d in data: print("################ IP %s" % d.strip()) res = vt.get_ip_report(unbracket(d.strip())) print(json.dumps(res, sort_keys=False, indent=4)) elif args.subcommand == "domain": res = vt.get_domain_report(unbracket(args.DOMAIN)) if args.json: print(json.dumps(res, sort_keys=False, indent=4)) else: self.print_domaininfo(res) elif args.subcommand == "ip": res = vt.get_ip_report(unbracket(args.IP)) print(json.dumps(res, sort_keys=False, indent=4)) elif args.subcommand == "url": res = vt.get_url_report(args.URL) print(json.dumps(res, sort_keys=False, indent=4)) else: self.parser.print_help() else: vt = PublicApi(conf["VirusTotal"]["key"]) if args.subcommand == "hash": response = vt.get_file_report(args.HASH) if args.raw: print(json.dumps(response, sort_keys=False, indent=4)) else: self.print_file(response) elif args.subcommand == "file": with open(args.FILE, "rb") as f: # FIXME : could be more efficient data = f.read() m = hashlib.sha256() m.update(data) response = vt.get_file_report(m.hexdigest()) if args.raw: print(json.dumps(response, sort_keys=False, indent=4)) else: self.print_file(response) elif args.subcommand == "hashlist": with open(args.FILE, 'r') as infile: data = infile.read().split() hash_list = list(set([a.strip() for a in data])) print("Hash;Found;Detection;Total AV;Link") for h in hash_list: response = vt.get_file_report(h) if response["response_code"] != 200: print("Error with the request (reponse code %i)" % response["response_code"]) print( json.dumps(response, sort_keys=False, indent=4)) print("Quitting...") sys.exit(1) if "response_code" in response["results"]: if response["results"]["response_code"] == 0: print("%s;Not found;;;" % h) else: print("%s;Found;%i;%i;%s" % (h, response["results"]["positives"], response["results"]["total"], response["results"]["permalink"])) else: print("%s;Not found;;;" % h) elif args.subcommand == "domain": res = vt.get_domain_report(unbracket(args.DOMAIN)) if args.json: print(json.dumps(res, sort_keys=False, indent=4)) else: self.print_domaininfo(res) elif args.subcommand == "ip": res = vt.get_ip_report(unbracket(args.IP)) print(json.dumps(res, sort_keys=False, indent=4)) elif args.subcommand == "url": res = vt.get_url_report(args.URL) print(json.dumps(res, sort_keys=False, indent=4)) elif args.subcommand == "domainlist": print( "Not implemented yet with public access, please propose PR if you need it" ) elif args.subcommand == "dl": print( "VirusTotal does not allow downloading files with a public feed, sorry" ) sys.exit(0) else: self.parser.print_help() else: self.parser.print_help()
while True: data = f.read(8192) if not data: break m.update(data) return m.hexdigest() API_KEY = '0d8a7ee919ee20042cc31d7565986da4b995703d4089f2cee967ae10a5462b91' file = "/srv/jathushan/data/apk/top1000/upload_manual/za.co.vodacom.android.app.apk" EICAR_MD5 = "671793b66a4d6130e22c9fd101b122ea2b55ecb423bf061ddc91e65be51ffc0d" vt = VirusTotalPrivateApi(API_KEY) response = vt.get_file_report(EICAR_MD5) # print(json.dumps(response, sort_keys=False, indent=4)) s = int(sys.argv[1]) # aa = np.load("/home/jathushan/2018/app_analysis/data/uploaded.npy") # c = 0 aa = os.listdir("/srv/jathushan/data/apk/top1000/main/top1000/") c = 0 if ((s + 1) * 100 > 950): aa = aa[s * 100:-1] else: aa = aa[s * 100:(s + 1) * 100] for i in aa:
from __future__ import print_function import json import hashlib import pymysql from virus_total_apis import PrivateApi as VirusTotalPrivateApi from datetime import datetime API_KEY = 'APIKEY' vt = VirusTotalPrivateApi(API_KEY) resobj = [] with open ('sha.txt', 'r', encoding='utf-8') as istr: for line in istr: mysha = line print(line) response = vt.get_file_report(mysha) resobj.append(response) timestamp=datetime.now() variable="C:\\VT_Query_Automation\\data_" cur_day_format = timestamp.strftime("%Y-%m-%d_%H") with open(variable+cur_day_format+".json", "w", encoding='utf-8') as write_file: json.dump(resobj, write_file, ensure_ascii=False)
class VirusTotal(Processor): name = "virustotal" category = "sandbox" default_options = { "report_sleep": 60, "retry_count": 10, "send_files": True, "enabled": False, } required_options = ["api_key"] filetypes_exclude = FILETYPES_ARCHIVE + ["text/url"] def setup(self): self.vt_key = self.options.get("api_key") self.vt_type = self.options.get("key_type", "") if self.vt_type == "public": self.vt = PublicApi(key=self.vt_key) elif self.vt_type == "": self.vt = PublicApi(key=self.vt_key) elif self.vt_type == "private": self.vt = PrivateApi(key=self.vt_key) def get(self, file_hash): result = self.vt.get_file_report(file_hash) if result["response_code"] is not VT_RESPONSE_OK: return None report = result["results"] if report["response_code"] is not VT_SCAN_OK: return None return report def scan(self, sample_data): retry_count = 0 scan_request = self.vt.scan_file(sample_data, from_disk=False) file_hash = scan_request["results"]["sha256"] while retry_count <= self.options.get("retry_count"): sleep(self.options.get("report_sleep")) report = self.get(file_hash) if report: return report retry_count += 1 raise RuntimeError("Maximum retries waiting for scan result for %s" % file_hash) def process(self, sample): file_hash = hash_data(sample["data"]) report = self.get(file_hash) if not report: self.logger.info("Sample %s not found on VirusTotal" % file_hash) if not self.options.get("send_files"): return {"scan_id": "not found"} self.logger.info("Sending %s to VirusTotal" % file_hash) report = self.scan(sample["data"]) detections = [] for av, res in report["scans"].items(): if res["detected"]: self.parse_av_tags(res["result"]) detections.append({ "av": av, "version": res["version"], "result": res["result"] }) if report["positives"] > 0: self.add_tag("malware") if self.key_type == "private": if len(report["tags"]) > 1: self.parse_tags(report["tags"]) if len(report["ITW_urls"]): # add ITW urls as URL indicator for url in report["ITW_urls"]: self.add_ioc("urls", url) return { "scan_id": report["scan_id"], "positives": report["positives"], "scan_date": report["scan_date"], "detections": sorted(detections, key=itemgetter("av")), } def parse_av_tags(self, malware_name): if in_string(["banker", "banload"], malware_name): self.add_tag("malware-banker") if in_string(["trojan"], malware_name): self.add_tag("malware-trojan") if in_string(["bot"], malware_name): self.add_tag("malware-botnet") if in_string(["rat"], malware_name): self.add_tag("malware-rat") def parse_tags_malware(self, tag): if tag in ["upx", "asprox", "themida"]: self.add_tag("malware-packed") def parse_tags_documents(self, tag): if tag == "macros": self.add_tag("document-contains-macros") if tag.startswith("auto-"): self.add_tag("document-contains-{0}".format(tag)) if tag.endswith("-file"): self.add_tag("document-contains-{0}".format(tag)) if tag == "powershell": self.add_tag("document-contains-powershell") def parse_tags_pdf(self, tag): if tag == "js-embedded": self.add_tag("pdf-contains-javascript") if tag == "flash-embedded": self.add_tag("pdf-contains-flash") if tag == "autoaction": self.add_tag("pdf-contains-autoaction") if tag == "acroform": self.add_tag("pdf-contains-acroform") if tag == "launch-action": self.add_tag("pdf-contains-launchaction") if tag == "file-embedded": self.add_tag("pdf-contains-embeddedfiles") def parse_tags_flash(self, tag): if tag == "obfuscated": self.add_tag("flash-obfuscated") if tag == "javascript": self.add_tag("flash-contains-javascript") ignore_tags = ["flash-embedded", "js-embedded", "file-embedded"] if tag.endswith("-embedded") and tag not in ignore_tags: # swap $type-embedded. i.e., converts to 'flash-contains-embedded-exe', etc. tag = tag.split("-") self.add_tag("flash-contains-{0}-".format(tag[1], tag[0])) def parse_tags(self, sample_tags): for tag in sample_tags: # malware packer specific self.parse_tags_malware(tag) # osx specific if tag == "dropper": self.add_tag("malware-dropper") # Tags to be captured as-is as_is_tags = ["encrypted", "exploit"] if tag in as_is_tags: self.add_tag(tag) # cves if "cve" in tag: self.add_tag(tag.lower()) # document specific tags self.parse_tags_documents(tag) # pdf specific tags self.parse_tags_pdf(tag) # flash specific tags self.parse_tags_flash(tag)
val2 = 'fs:' + cur_day_format url = 'https://www.virustotal.com/vtapi/v2/file/search' params = { 'apikey': 'APIKEY', 'query': val2 + '+' ' engines:lnk tag:lnk avira:clean' } response = requests.get(url, params=params) data = response.json() with open(val1 + cur_day_format + '.json', 'w', encoding='utf-8') as outfile: json.dump(data, outfile, ensure_ascii=False) ### file read ### with open(val1 + cur_day_format + ".json", "rb") as myfile: data1 = myfile.read() obj = json.loads(data1) ### full report generate ### API_KEY = 'APIKEY' vt = VirusTotalPrivateApi(API_KEY) resobj = [] if 'hashes' in obj: sha256_hash = obj['hashes'] for x in sha256_hash: response = vt.get_file_report(x) resobj.append(response) with open("data_" + cur_day_format + ".json", "w", encoding='utf-8') as write_file: json.dump(resobj, write_file, ensure_ascii=False)