Perform of lookup in VirusTotal database
()
| 284 | PrintAndLog(line.decode('utf-8'), 'WARNING') |
| 285 | |
| 286 | def VTLookup(): |
| 287 | ''' Perform of lookup in VirusTotal database ''' |
| 288 | |
| 289 | PrintAndLog(u'Virustotal lookup', 'SECTION') |
| 290 | PrintAndLog(u'Got %s hashes to verify' % len(HASHES), 'DEBUG') |
| 291 | |
| 292 | try: |
| 293 | param = { 'resource': ','.join(HASHES), 'apikey': VT_API_KEY } |
| 294 | data = urllib.urlencode(param) |
| 295 | f = urllib2.urlopen(VT_HOST, data) |
| 296 | data = f.read() |
| 297 | |
| 298 | except (urllib2.HTTPError, e): |
| 299 | if e.code == 401: |
| 300 | PrintAndLog(u'Wrong VirusTotal key', 'ERROR') |
| 301 | else: |
| 302 | PrintAndLog(u'VirusTotal error '+str(e.code)+' '+str(e.reason).decode('utf-8'), 'ERROR') |
| 303 | |
| 304 | Ret = json.loads(data) |
| 305 | |
| 306 | Results = [] |
| 307 | if type(Ret) is dict: |
| 308 | Results.append(Ret) |
| 309 | elif type(Ret) is list: |
| 310 | Results = Ret |
| 311 | |
| 312 | for Entry in Results: |
| 313 | if Entry['response_code'] == 1: |
| 314 | if Entry['positives'] > 0: |
| 315 | PrintAndLog(Entry['md5'] + u' ' + Entry['scan_date'] + u' ' + str(Entry['positives']) + u'/' + str(Entry['total']), 'WARNING') |
| 316 | else: |
| 317 | PrintAndLog(Entry['md5'] + u' '+ Entry['scan_date'] +' '+ str(Entry['positives']) + u'/' + str(Entry['total']), 'INFO') |
| 318 | elif Entry['response_code'] == 0: |
| 319 | PrintAndLog(Entry['resource'] + u' Never seen 0/0', 'INFO') |
| 320 | else: |
| 321 | PrintAndLog(u'Got a weird answer from Virustotal\n', 'ERROR') |
| 322 | |
| 323 | def LocalLookup(HashDBPath): |
| 324 | ''' Perform of lookup in a local database ''' |