Minotauranalysis.com Malware sample downloader -help

Minotauranalysis.com Malware sample downloader -help

Minotauranalysis.com Malware sample downloader – usage

Minotauranalysis.com Malware sample downloader – usage

#!/usr/bin/env python

##### Script License:
# - no warranty express or implied
# - free to use if you don't use-it to gain money
#
##### Warning:
# - downloaded files may harm your computer.
#
##### Usage examples:
# python script.py -h

import re
import urllib2
import hashlib
import os
import random
import argparse

print r"""
Minotauranalysis.com Malware sample downloader                  _
                                                              _( (~\
       _ _                        /                          ( \> > \
   -/~/ / ~\                     :;                \       _  > /(~\/
  || | | /\ ;\                   |l      _____     |;     ( \/ /   /
  _\\)\)\)/ ;;;                  `8o __-~     ~\   d|      \   \  //
 ///(())(__/~;;\                  "88p;.  -. _\_;.oP        (_._/ /
(((__   __ \\   \                  `>,% (\  (\./)8"         ;:'  i
)))--`.'-- (( ;,8 \               ,;%%%:  ./V^^^V'          ;.   ;.
((\   |   /)) .,88  `: ..,,;;;;,-::::::'_::\   ||\         ;[8:   ;
 )|  ~-~  |(|(888; ..``'::::8888oooooo.  :\`^^^/,,~--._    |88::| |
  \ -===- /|  \8;; ``:.      oo.8888888888:`((( o.ooo8888Oo;:;:'  |
 |_~-___-~_|   `-\.   `        `o`88888888b` )) 888b88888P""'     ;
  ;~~~~;~~         "`--_`.       b`888888888;(.,"888b888"  ..::;-'
   ;      ;              ~"-....  b`8888888:::::.`8888. .:;;;''
      ;    ;                 `:::. `:::OOO:::::::.`OO' ;;;''
 :       ;                     `.      "``::::::''    .'
    ;                           `.   \_              /
  ;       ;                       +:   ~~--  `:'  -';
                                   `:         : .::/
      ;                            ;;+_  :::. :..;;;
http://virii.tk                            http://twitter.com/ViRiiTk
"""
#Credits for ascii art: http://www.retrojunkie.com/asciiart/myth/minotaur.htm
      
parser = argparse.ArgumentParser(description="Minotauranalysis.com Malware sample downloader ")

parser.add_argument("-a", "--agent", default="Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36",
                    help= "User Agent used to download samples")

parser.add_argument("-d", "--dldfolder", default = "C:\malware\\",
                    help= "Local folder to download samples (Default: C:\malware\\ )")

parser.add_argument("-i", "--info", default = "_files.txt",
                    help = "file to store info about downloaded samples (Default: _files.txt)")

parser.add_argument("-e", "--error", default = "_errors.txt",
                    help = "file to store errors (Default: _errors.txt)")

parser.add_argument("-u", "--malurl", default = "_mal_url.txt",
                    help = "file to store malware urls (Default: _mal_url.txt)")

args = parser.parse_args()

useragent = {'User-Agent' : 'Minotaur samples downloader, more info on: http://ViRii.Tk'}
dldagent  = {'User-Agent' : args.agent}

# create download folder if not exist
if not os.path.isdir(args.dldfolder):
    os.mkdir(args.dldfolder)

# generate random string
def get_random_word(a):
    word = ''
    for i in range(a):
        word += random.choice('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789')
    return word

# md5 file
def md5Checksum(filePath):
    fh = open(filePath, 'rb')
    m = hashlib.md5()
    while True:
        data = fh.read(8192)
        if not data:
            break
        m.update(data)
    return m.hexdigest()

# download malware samples
def dld_mal(url_mal):
    
    # write address of this sample on _mal_url.txt
    with open(args.dldfolder + args.malurl, "a") as handle:
        handle.write(url_mal + "\n")
        handle.close()
    url_mal = re.sub(" ", "%20", url_mal)
    
    #get file name    
    file_name = url_mal.split("/")[-1]
    
    # remove bad characters from file name
    if len(file_name)==0 or re.search("\?", file_name) or re.search("\&", file_name) or len(file_name) >32 :
        file_name =  "No_name" + str(get_random_word(8))
        
    # try to download sample   
    try:

        # check if url start with "http://
        if url_mal[:7] != "http://":
            url_mal = "http://" + url_mal

        #construct url and set timeout
        url_construct = urllib2.Request(url_mal, None, dldagent)
        u = urllib2.urlopen(url_construct, timeout = 59) #timeout 1 min
        
        # make every filename uniq: "Malware_original_filename" + "_" + 3 random characters
        f_name = str(args.dldfolder) + str(file_name) +"_" + str(get_random_word(3)) 

        # write to file
        f = open(f_name, 'wb')
        block_sz = 8192
        while True:
            buffer = u.read(block_sz)
            if not buffer:
                break
            f.write(buffer)
        f.close()
        
        # write info to _files.txt
        with open(args.dldfolder + args.info, "a") as handle:
            md5hash = md5Checksum(f_name)
            handle.write(str(md5Checksum(f_name)) +"\t" + str(file_name)+ "\t" + url_mal + "\n")
            handle.close
        
        print "\n" + "Am descarcat: " + file_name,
        
    except Exception as e:
        # adding error to _errors.txt
        with open(args.dldfolder + args.error, "a") as handle:
            handle.write(url_mal + "\t" + str(e) + "\n")
            handle.close()
        pass

# get samples address
adresa = "http://minotauranalysis.com/"      

# set useragent
req = urllib2.Request(adresa, None, useragent)

# access  
continut = urllib2.urlopen(req, timeout =  60).read()

#get list of malware urls
mal_list = re.findall("\<td style='word-break:break-all;\'\>(.+?)\<\/td\>\<td\>", continut)
print "Samples found: %i" %(len(mal_list))
print "Download to: %s" %(args.dldfolder)
for i in mal_list:
    try:
        dld_mal(i)
    except:
        pass

Referinte:
http://minotauranalysis.com/






JoxeanKoret.com Malware sample downloader -help

JoxeanKoret.com Malware sample downloader – help

JoxeanKoret.com Malware sample downloader -usage

JoxeanKoret.com Malware sample downloader – usage

#!/usr/bin/env python

##### Script License:
# - no warranty express or implied
# - free to use if you don't use-it to gain money
#
##### Warning:
# - downloaded files may harm your computer.
#
##### Usage examples:
# - download 100 samples:
# python this_scrypt.py 100
# - download 100 samples, using 50 threads:
# python this_scrypt.py 100 -t 50
# - download all samples listed on http://malwareurls.joxeankoret.com/normal.txt
# python this_script.py 0

import re
import urllib2
import hashlib
import os
import random
import Queue
import threading
import argparse

print r"""
JoxeanKoret.com Malware sample downloader 
        __.,,------.._
     ,'"   _      _   "`.
    /.__, ._  -=- _"`    Y
   (.____.-.`      ""`   j
    VvvvvvV`.Y,.    _.,-'       ,     ,     ,
        Y    ||,   '"\         ,/    ,/    ./
        |   ,'  ,     `-..,'_,'/___,'/   ,'/   ,
   ..  ,;,,',-'"\,'  ,  .     '     ' ""' '--,/    .. ..
 ,'. `.`---'     `, /  , Y -=-    ,'   ,   ,. .`-..||_|| ..
ff\\`. `._        /f ,'j j , ,' ,   , f ,  \=\ Y   || ||`||_..
l` \` `.`."`-..,-' j  /./ /, , / , / /l \   \=\l   || `' || ||...
 `  `   `-._ `-.,-/ ,' /`"/-/-/-/-"'''"`.`.  `'.\--`'--..`'_`' || ,
            "`-_,',  ,'  f    ,   /      `._    ``._     ,  `-.`'//         ,
          ,-"'' _.,-'    l_,-'_,,'          "`-._ . "`. /|     `.'\ ,       |
        ,',.,-'"          \=) ,`-.         ,    `-'._`.V |       \ // .. . /j
        |f\\               `._ )-."`.     /|         `.| |        `.`-||-\\/
        l` \`                 "`._   "`--' j          j' j          `-`---'
         `  `                     "`_,-','/       ,-'"  /
                                 ,'",__,-'       /,, ,-'
                                 Vvv'            VVv'
http://virii.tk                                    http://twitter.com/ViRiiTk
"""
# credits for alien: http://www.chris.com/ascii/index.php?art=creatures/aliens

parser = argparse.ArgumentParser(description="JoxeanKoret.com Malware sample downloader ")

parser.add_argument("nr_samples", type=int, default = 0,
                    help= "Number of samples you want to download, 0 = all")

parser.add_argument("-t", "--nr_threads", metavar="threads", type=int, default=200, 
                    help= "Threads number (Default: 200)")

parser.add_argument("-a", "--agent", default="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36",
                    help= "User Agent used to download samples")

parser.add_argument("-d", "--dldfolder", default = "C:\malware\\",
                    help= "Local folder to download samples (Default: C:\malware\\ )")

parser.add_argument("-i", "--info", default = "_files.txt",
                    help = "file to store info about downloaded samples (Default: _files.txt)")

parser.add_argument("-e", "--error", default = "_errors.txt",
                    help = "file to store errors (Default: _errors.txt)")

parser.add_argument("-u", "--malurl", default = "_mal_url.txt",
                    help = "file to store malware urls (Default: _mal_url.txt)")

args = parser.parse_args()

useragent = {'User-Agent' : 'JoxeanKoret.com samples downloader, more info on: http://ViRii.Tk'}
dldagent  = {'User-Agent' : args.agent}

# create download folder if not exist
if not os.path.isdir(args.dldfolder):
    os.mkdir(args.dldfolder)

# remove sample nr errors
if args.nr_samples < 0:
    print "You want to download %i ?? I can't do that" %(args.nr_samples)
    exit()
    
# remove useless threads
if args.nr_threads >= args.nr_samples and args.nr_samples !=0 :
    args.nr_threads = args.nr_samples    
    
print "Try to download %s samples" %("all" if args.nr_samples == 0 else str(args.nr_samples))
print "Threads: %i" %(args.nr_threads) 
print "Malware samples will be downloaded to %s" %(args.dldfolder), "\n"

# queue
q = Queue.Queue()

# generate random string
def get_random_word(a):
    word = ''
    for i in range(a):
        word += random.choice('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789')
    return word

# md5 file
def md5Checksum(filePath):
    fh = open(filePath, 'rb')
    m = hashlib.md5()
    while True:
        data = fh.read(8192)
        if not data:
            break
        m.update(data)
    return m.hexdigest()


# get samples address
adresa = "http://malwareurls.joxeankoret.com/normal.txt"      
# set useragent

req = urllib2.Request(adresa, None, useragent)

# access  
continut = urllib2.urlopen(req, timeout =  60).read()
    
continut = continut.split("\n")

if args.nr_samples != 0:
    for malware in continut[18: 18 + args.nr_samples ]:
        q.put(malware)
else:
    for malware in continut[18:]:
        q.put(malware)

#print malware colected date
print continut[1]
#print total number of samples
print continut[2]

# download malware samples
def dld_mal(url_mal):
    
    # write address of this sample on _mal_url.txt
    with open(args.dldfolder + args.malurl, "a") as handle:
        handle.write(url_mal + "\n")
        handle.close()
    url_mal = re.sub(" ", "%20", url_mal)
    
    #get file name    
    file_name = url_mal.split("/")[-1]
    
    # remove bad characters from file name
    if len(file_name)==0 or re.search("\?", file_name) or re.search("\&", file_name) or len(file_name) >32 :
        file_name =  "No_name" + str(get_random_word(8))
        
    # try to download sample   
    try:

        # check if url start with "http://
        if url_mal[:7] != "http://":
            url_mal = "http://" + url_mal

        #construct url and set timeout
        url_construct = urllib2.Request(url_mal, None, dldagent)
        u = urllib2.urlopen(url_construct, timeout = 59) #timeout 1 min
        
        # make every filename uniq: "Malware_original_filename" + "_" + 3 random characters
        f_name = str(args.dldfolder) + str(file_name) +"_" + str(get_random_word(3)) 

        # write to file
        f = open(f_name, 'wb')
        block_sz = 8192
        while True:
            buffer = u.read(block_sz)
            if not buffer:
                break
            f.write(buffer)
        f.close()
        
        # write info to _files.txt
        with open(args.dldfolder + args.info, "a") as handle:
            md5hash = md5Checksum(f_name)
            handle.write(str(md5Checksum(f_name)) +"\t" + str(file_name)+ "\t" + url_mal + "\n")
            handle.close
        
        print "\n" + "Am descarcat: " + file_name,
        
    except Exception as e:
        # adding error to _errors.txt
        with open(args.dldfolder + args.error, "a") as handle:
            handle.write(url_mal + "\t" + str(e) + "\n")
            handle.close()
        pass

# get malware address from queue and download files
print "Downloading:\n",
def worker():
    while True:
        if not q.empty():
            try:
                item = q.get()
                dld_mal(item)
                q.task_done()
            except Exception as e:
                print e

# threads number limit            
for i in range(args.nr_threads):
    t = threading.Thread(target=worker)
    t.daemon = True
    t.start()

q.join()
exit()





Marmota Antivirus 2014 - help

Marmota Antivirus 2014 – help

Marmota Antivirus 2014 - scan

Marmota Antivirus 2014 – scan

Marmota Antivirus  - scan + removal

Marmota Antivirus 2014 – scan + removal

Main function:

#####
# main
print "Searching..."
logs("Scanning files:")
for root, subFolders, files in os.walk(args.scan):
    for file in files:
        fullpath = os.path.join(root, file)
        totalfisiere += 1
        i = 0
        
        if args.fast:
           try:
               i = fast_engine(fullpath)
           except Exception as e:
               logs(fullpath + "\t" + str(e))
               L_f_nescanate.append(fullpath)
               
        if args.md5:
            try:
                if i == 0:
                    i = md5_engine(fullpath)
            except Exception as e:
                logs(fullpath + "\t" + str(e))
                L_f_nescanate.append(fullpath)
                
        if args.deep: 
            try:
                if i == 0:
                    i = deep_engine(fullpath)          
            except Exception as e:
                logs(fullpath + "\t" + str(e))
                L_f_nescanate.append(fullpath)
 
        if i != 0:
            if m_pe_info !=0:
                try:
                    PE_info.extract(fullpath)
                except Exception as e:
                    logs(str(e))
              
            if args.removal:
                removal(fullpath)

Log file:

11/13/14 14:52:19
c:\MarmotaAntivirus20014;	Deep scan: Yes;	Fast scan: Yes;	MD5 scan: Yes;	Remove infected: Yes
Scanning files:
	GEN-evil-Miau 1.500	c:\MarmotaAntivirus20014\Testing_files\Miau1.5.exe
Process:	Miau1.5.exe	3928	...killed
Process:	Miau1.5.exe	380	...killed
Registry:	c:\MarmotaAntivirus20014\Testing_files\Miau1.5.exe removed
Renamed:	c:\MarmotaAntivirus20014\Testing_files\Miau1.5.exe --> Miau1.5.exe.vir
	md5-signature	c:\MarmotaAntivirus20014\Testing_files\M_1.exe
Process:	M_1.exe	3976	...killed
Renamed:	c:\MarmotaAntivirus20014\Testing_files\M_1.exe --> M_1.exe.vir
	malw2	c:\MarmotaAntivirus20014\Testing_files\M_2.exe
Process:	M_2.exe	3432	...killed
Renamed:	c:\MarmotaAntivirus20014\Testing_files\M_2.exe --> M_2.exe.vir
	Trojan-RAT 2.8	c:\MarmotaAntivirus20014\Testing_files\Rat.2.8.exe
Process:	Rat.2.8.exe	3316	...killed
Renamed:	c:\MarmotaAntivirus20014\Testing_files\Rat.2.8.exe --> Rat.2.8.exe.vir

Total scanned files: 21
Nu am putut scana fisierele: -
Scan time: h:0 min:0 s:11
===END===

Download:http://ge.tt/api/1/files/1uFlOR42/0/blob?download
File: MarmotaAntivirus20014.rar
MD5: 04f83ed91ba78f30c61f6a4845999d68
SHA-1: 5ae9768d932ab0246d59383d4550325e69459175