-
-
Notifications
You must be signed in to change notification settings - Fork 11
/
Copy pathvirusTotalScan.py
70 lines (56 loc) · 2.09 KB
/
virusTotalScan.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
import hashlib
import os
import time
import vt # VirusTotal - pip install vt-py
VT_POLL_RATE_SECONDS = 60
VT_API_KEY = os.environ.get('VT_API_KEY') # VirusTotal API Key
if VT_API_KEY is None:
print("ERROR: You must provide a VirusTotal API Key using the environment variable 'VT_API_KEY' for this script to work")
exit(-1)
def sha256_of_file(file_path):
BLOCK_SIZE = 65536
file_hash = hashlib.sha256()
with open(file_path, 'rb') as f:
fb = f.read(BLOCK_SIZE)
while len(fb) > 0:
file_hash.update(fb)
fb = f.read(BLOCK_SIZE)
return file_hash.hexdigest()
def do_scan(api_key, file_path):
with vt.Client(api_key) as client:
try:
file = client.get_object(f"/files/{sha256_of_file(file_path)}")
stats = file.last_analysis_stats
results = file.last_analysis_results
except vt.APIError as e:
print(f"Uploading file as file not already in database ({e})")
with open(file_path, "rb") as final_exe_file:
analysis = client.scan_file(final_exe_file, wait_for_completion=False)
# We used to use wait_for_completion=True, but it just blocks forever for some reason?
# Use this workaround in the mean time.
while True:
print(f"Waiting {VT_POLL_RATE_SECONDS}s for results...")
time.sleep(VT_POLL_RATE_SECONDS)
try:
file = client.get_object(f"/files/{sha256_of_file(file_path)}")
stats = file.last_analysis_stats
results = file.last_analysis_results
break
except vt.APIError as e:
print(f"Results not ready: ({e})")
print(stats)
print("Scanners with positive results:")
for scanner_name, scanner_result_dict in results.items():
result = scanner_result_dict["result"]
if result:
print(f'- {scanner_name}: {result}')
def scan():
output_folder = 'travis_installer_output'
loader_exe_names = ['07th-Mod.Installer.Windows.exe', '07th-Mod.Installer.Windows.SafeMode.exe']
for exe_name in loader_exe_names:
final_exe_path = os.path.join(output_folder, exe_name)
# Scan the .exe with virustotal
print(f"Beginning VirusTotal Scan of {exe_name}...")
do_scan(VT_API_KEY, final_exe_path)
if __name__ == '__main__':
scan()