Today I started to play with Virus Total Public API http://www.virustotal.com/advanced.html
My initial idea was to send files using command line and get the results quickly so I don't need a web browser and spend time uploading the file .
I read their inital samples/docs and build a mix of codes using python (most retrieve from their samples) and perl (only language I can try somehting) . By now what I have :
$ perl vt-auto.pl /LABS/pdf-basics/samples/AdamSamples/15
Sending file /LABS/pdf-basics/samples/AdamSamples/15 to Virus Total ...
Response from VT with resource "86ee2f99a207d31ea2b69198dc2bf5e7c7946eeae7dacdd6032f2c050525bc07-1282091669"
Waiting 120 seconds to wait file /LABS/pdf-basics/samples/AdamSamples/15 be scanned ...
Sending request fo Virus Total about /LABS/pdf-basics/samples/AdamSamples/15 with resource "86ee2f99a207d31ea2b69198dc2bf5e7c7946eeae7dacdd6032f2c050525bc07-1282091669"
Report Results for /LABS/pdf-basics/samples/AdamSamples/15 :
"nProtect": "Trojan-Exploit/W32.Pidief.16718.AV"
"CAT-QuickHeal": ""
"McAfee": "Exploit-PDF.b.gen"
"TheHacker": ""
"VirusBuster": "JS.Crypt.BSP"
"NOD32": "PDF/Exploit.Pidief.AUT"
"F-Prot": "JS/Psyme.HU"
"Symantec": "Trojan.Pidief.D"
"Norman": "JS/Shellcode.GS"
"TrendMicro-HouseCall": "TROJ_PIDIEF.ADY"
"Avast": "JS:Pdfka-PO"
"eSafe": "PDF.Exploit.2"
"ClamAV": "Suspect.PDF.ObfuscatedJS-5"
"Kaspersky": "Exploit.Win32.Pidief.aut"
"BitDefender": "Exploit.PDF-JS.Gen"
"ViRobot": ""
"Sophos": "Mal/PdfEx-C"
"Comodo": "TrojWare.Win32.Exploit.Pidief.aut"
"F-Secure": "Exploit.PDF-JS.Gen"
"DrWeb": "Exploit.PDF.166"
"AntiVir": "EXP/Pidief.JX"
"TrendMicro": "TROJ_PIDIEF.ADY"
"Emsisoft": "Exploit.Pidief!IK"
"eTrust-Vet": "PDF/Pidief.IQ"
"Authentium": "PDF/Obfusc.D!Camelot"
"Jiangmin": ""
"Antiy-AVL": "Exploit/Win32.Pidief"
"Microsoft": "Exploit:Win32/Pdfjsc.AS"
"SUPERAntiSpyware": ""
"Prevx": ""
"GData": "Exploit.PDF-JS.Gen"
"AhnLab-V3": "PDF/Shellcode"
"VBA32": ""
"Sunbelt": "Exploit.PDF-JS.Gen (v)"
"PCTools": "Trojan.Pidief"
"Rising": ""
"Ikarus": "Exploit.Pidief"
"Fortinet": ""
"AVG": "Exploit"
"Panda": ""
"Avast5": "JS:Pdfka-PO"
Detection : (31/41)
I'll improve and fix the code so I can share because now it's impossible . That 120 seconds that I wait is just to make sure that the scan will finish before I try to retrive the results but sometimes depending on file size it'll probably fail .
Nice resource from VirusTotal Team , congratulations!
Happy Hacking!
Rodrigo "Sp0oKeR" Montoro
Nenhum comentário:
Postar um comentário