Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Imports
- import glob
- import os
- import time
- import Tkinter
- import tkMessageBox
- import subprocess
- import tempfile
- import shutil
- import magic
- # Constants
- DIR = r'C:\users\{}\downloads'.format(os.getenv('username'))
- TEMP_NAME = "Temp_Power.ps1"
- TEMP_ICON = "SomeIcon.bmp"
- POWER_CODE = """Add-Type -AssemblyName System.Drawing
- $Icon = [System.Drawing.Icon]::ExtractAssociatedIcon("{}")
- $Icon.ToBitmap().Save("{}")
- """
- def msg(head, msg2, style):
- box = [tkMessageBox.showinfo, tkMessageBox.askyesno]
- return box[style](title=head, message=msg2)
- def main():
- # Gets the current last modifieded file in the downloads folder
- current = max([r'{}'.format(os.path.join(DIR,d)) for d in os.listdir(DIR)], key=os.path.getmtime)
- already_checked = []
- # Every 3 seconds checks if a new file was downloaded
- while True:
- time.sleep(3)
- # If a new file was downloaded print its name
- if (current != max([r'{}'.format(os.path.join(DIR,d)) for d in os.listdir(DIR)], key=os.path.getmtime)) and (current not in already_checked):
- # Sets the current last modifided file to the new file
- already_checked.append(current)
- current = max([r'{}'.format(os.path.join(DIR,d)) for d in os.listdir(DIR)], key=os.path.getmtime)
- # Checks if the icon of the file is in known icons
- # Creates a temp dir
- temp_dir = tempfile.mkdtemp()
- # Opens a powershell script and writes to it
- with open(os.path.join(temp_dir, TEMP_NAME), 'w') as temp:
- temp.write(POWER_CODE.format(current, os.path.join(temp_dir, 'new.bmp')))
- # Runs the powershell script
- print os.path.join(temp_dir, TEMP_NAME)
- ps = subprocess.Popen(["powershell", os.path.join(temp_dir, TEMP_NAME)],
- stderr = subprocess.PIPE,
- stdout = subprocess.PIPE)
- output, error = ps.communicate()
- print error
- # Reads the icon file
- with open(os.path.join(temp_dir, 'new.bmp'), 'rb') as newiconfile:
- newicon = newiconfile.read()
- # Gets the data from the known icon files
- with open(r'C:\Users\Ofir Tal\Desktop\dustless_sky\word.bmp', 'rb') as wordfile:
- wordicon = wordfile.read()
- # Deletes the temp folder and files
- shutil.rmtree(temp_dir)
- if wordicon == newicon:
- print 'ALERT!'
- # Checks if the file is an exe, and if it does, checks if is icon is matching to any known icon.
- if 'executable' in magic.from_file(current):
- # Opens a powershell script and writes to it
- with open(os.path.join(temp_dir, TEMP_NAME), 'w') as temp:
- temp.write(POWER_CODE.format(current, os.path.join(temp_dir, 'new.bmp')))
- # Runs the powershell script
- print os.path.join(temp_dir, TEMP_NAME)
- ps = subprocess.Popen(["powershell", os.path.join(temp_dir, TEMP_NAME)],
- stderr = subprocess.PIPE,
- stdout = subprocess.PIPE)
- output, error = ps.communicate()
- print error
- # Reads the icon file
- with open(os.path.join(temp_dir, 'new.bmp'), 'rb') as newiconfile:
- newicon = newiconfile.read()
- # Gets the data from the known icon files
- with open(r'C:\Users\Ofir Tal\Desktop\dustless_sky\word.bmp', 'rb') as wordfile:
- wordicon = wordfile.read()
- # Deletes the temp folder and files
- shutil.rmtree(temp_dir)
- msg("ALERT!", "Hi you just downloaded an exe file named {}\n while his icon is not maching to an exacutable file".format(current.split('\\')[-1]), 0)
- option = msg("Need help?", "Would you like me to delete it for you?", 1)
- if option:
- os.system('del /f "{}"'.format(current))
- msg("DONE!", "You are safe now!", 0)
- else:
- msg("Be Careful", "Just remember I warned you", 0)
- if __name__ == "__main__":
- main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement