def scan_file(): """Analyzes a file if it is new or returns an existing analysis.""" # Get the filename, contents and SHA-1. uploaded_file = request.files["file"] filename = secure_filename(uploaded_file.filename) contents = uploaded_file.read() sha1 = Hashes().get_sha1(contents) # Redirect the user to the analysis page # if the file was already analyzed. submission = Submission().query.filter_by(sha1=sha1).first() if submission: save_log(filename, submission.id, current_user.id) return redirect("/analysis?sha1={}&name={}".format(sha1, filename)) # Save the file at the default samples folder. file_path = save_file(sha1, contents) # Get the VirusTotal report if it exists, else # send the file to analysis. virustotal = VirusTotal(current_user.vt_key) virustotal_detection = virustotal.report(sha1) if virustotal_detection["response_code"] == 0: virustotal_detection = virustotal.detection(contents) # Get hashes and basic information. hashes = Hashes(contents).get_all() basic_information = get_basic_information(file_path) pe_info = None capa_data = None data = {"file_name" : filename, "hashes" : hashes, "basic_information" : basic_information, "virustotal_detection" : virustotal_detection, "yara" : YaraAnalysis().get_matches(contents), } # If the file is a PE, analyze it. if basic_information["mime_type"] == "application/x-dosexec": pe_file = PE(contents) pe_info = pe_file.get_all() capa_data = Capa().analyze(file_path) foremost_data = Foremost().analyze(file_path) pe_info["strings"] = Strings("iso-8859-1", file_path).get() data["pe_info"] = pe_info data["capa"] = capa_data data["foremost"] = foremost_data # Log the submission and zip the sample. save_submission(data, current_user.id) zip_file(file_path) return redirect("/analysis?sha1={}&name={}".format(sha1, filename))
def post(self): """Returns the PE file header.""" try: return PE(get_bytes()).get_file_header(), 200 except PEFormatError: return {"message": "Invalid file type!"}, 406
def post(self): """Returns general information about the PE file.""" try: return PE(get_bytes()).get_summary(), 200 except PEFormatError: return {"message": "Invalid file type!"}, 406
def post(self): """Returns the PE imports.""" try: return PE(get_bytes()).get_imports(), 200 except PEFormatError: return {"message": "Invalid file type!"}, 406
def post(self): """Returns the PE optional header.""" try: return PE(get_bytes()).get_optional_header(), 200 except: return {"message" : "Invalid file type!"}, 406
def post(self): """Returns the PE sections.""" try: return PE(get_bytes()).get_sections(), 200 except: return {"message" : "Invalid file type!"}, 406
def post(self): """Returns all available information of the PE file. Complete analysis of the PE file. If the file is invalid (not a PE), it returns an error message. """ try: return PE(get_bytes()).get_all(), 200 except PEFormatError: return {"message": "Invalid file type!"}, 406
def post(self): """Complete scan of the file. Returns basic information, signatures, VirusTotal results and Yara matches. If the file is a Portable Executable (PE), it also fetches data about its sections (e.g., headers, imports) and capabilities. """ # Get the filename, contents and SHA-1. uploaded_file = upload_parser.parse_args()["file"] filename = secure_filename(uploaded_file.filename) contents = uploaded_file.read() sha1 = Hashes().get_sha1(contents) # Get user information user = User().query.filter_by(freki_key=request.headers["API-KEY"]).first() # Return the results if the file was already analyzed. submission = Submission().query.filter_by(sha1=sha1).first() if submission: save_log(filename, submission.id, user.id) return json.loads(submission.data), 200 # Save the file at the default samples folder. file_path = save_file(sha1, contents) # Get the VirusTotal report if it exists, else # send the file to analysis. virustotal = VirusTotal(user.vt_key) virustotal_detection = virustotal.report(sha1) if virustotal_detection["response_code"] == 0: virustotal_detection = virustotal.detection(contents) # Get hashes and basic information. hashes = Hashes(contents).get_all() basic_information = get_basic_information(file_path) pe_info = None capa_data = None data = {"file_name" : filename, "hashes" : hashes, "basic_information" : basic_information, "virustotal_detection" : virustotal_detection, "yara" : YaraAnalysis().get_matches(contents), } # If the file is a PE, analyze it. if basic_information["mime_type"] == "application/x-dosexec": pe_file = PE(contents) pe_info = pe_file.get_all() capa_data = Capa().analyze(file_path) foremost_data = Foremost().analyze(file_path) pe_info["strings"] = Strings("iso-8859-1", file_path).get() data["pe_info"] = pe_info data["capa"] = capa_data data["foremost"] = foremost_data # Log the submission and zip the sample. save_submission(data, user.id) zip_file(file_path) return data, 200