Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import requests
- import time
- import json
- import os
- import hashlib
- from pymongo import MongoClient
- from pymongo.errors import DuplicateKeyError
- import pefile
- client = MongoClient('localhost', 27017)
- db = client.mw_folder
- collection = db.malwarka
- path = raw_input("Input path to file: ")
- filename = os.listdir(path)
- post = {}
- def getvtscan(md5hash):
- trusted_av = ['Microsoft', 'Malwarebytes', 'Kaspersky', 'ESET-NOD32']
- params = {'apikey': '5a287b7dc4b2cf6ecb5cbe8ae060aa3e64198c17c39312c0cf12cc316c78d1fb', 'resource': md5hash}
- headers = {
- "Accept-Encoding": "gzip, deflate",
- "User-Agent" : "gzip, My Python requests library example client or username"
- }
- response = requests.get('https://www.virustotal.com/vtapi/v2/file/report',
- params=params, headers=headers)
- json_response = response.json()
- for av in trusted_av:
- result = json_response['scans'][av]['result']
- if result:
- return result
- else:
- return 'Clean'
- def getfilesize(path):
- st = os.stat(path)
- return st.st_size
- def md5Checksum(path):
- with open(path, 'rb') as fh:
- m = hashlib.md5()
- while True:
- data = fh.read(128000)
- if not data:
- break
- m.update(data)
- return m.hexdigest()
- def getentrypoint(path):
- try:
- pe = pefile.PE(path)
- epoint = pe.OPTIONAL_HEADER.AddressOfEntryPoint
- return epoint
- except pefile.PEFormatError:
- return 'Error'
- def getnaco(path):
- try:
- pe = pefile.PE(path)
- try:
- NACO = hashlib.md5((pe.FileInfo[0].StringTable[0].entries['ProductName']) + (pe.FileInfo[0].StringTable[0].entries['CompanyName'])).hexdigest()
- return NACO
- except:
- return 'Have no NaCo'
- except pefile.PEFormatError:
- print 'Error'
- def getfilesect(path):
- sect_arr = []
- try:
- pe = pefile.PE(path)
- for section in pe.sections:
- SectName = str(section.Name)
- SectRawSize = int(section.SizeOfRawData)
- SectMD5 = section.get_hash_md5()
- sect_arr.append({'Sect Name': SectName.rstrip('\x00\x00\x00\x00'),
- 'MD5 Sect': SectMD5,
- 'SectRawSize': str(SectRawSize)})
- return sect_arr
- except pefile.PEFormatError:
- print 'Error'
- count = 0
- while count <= len(filename)-1:
- v = str(path) + str(filename[count])
- md5h = md5Checksum(v)
- getnaco(v)
- post[count] = {'_id': md5Checksum(v),
- "Filename": filename[count],
- "Size": getfilesize(v),
- "AV Detect": getvtscan(md5h),
- "Entry Point": getentrypoint(v),
- "Sections": getfilesect(v),
- 'NACO': getnaco(v)}
- files = db.files
- try:
- post_id = files.insert_one(post[count]).inserted_id
- except DuplicateKeyError:
- print 'Duplicate' + post[count]['_id']
- except Exception, why:
- print str(why), filename[count]
- count+=1
- print 'We are parsing', count , 'files'
- time.sleep(15)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement