November 12, 2009
11 Comments

[Perl] Scan Malware at the Virustotal Database using MD5 checksums.

Posted in Home by ApoNie

Assalamulaikum..

This perl script is command-line tools developed to scan malware with MD5 checksum at Virustotal.com database. You can choose malware file or MD5 checksum to scan it using virustotal.com database. The detection just limited to current virustotal.com database. That’s mean, if the file not yet received and scanned by virustotal before, so the program just simply give output “no Malware found”.

I’m just fixed the code because the code write by Iñaki R. (http://www.virtualminds.es) not working anymore. So, the credit is fully to Iñaki R. :)

Example of usage:

perl scanvt.pl –file “c:\a.exe”
or
perl scanvt.pl –hash 6838138fa9e49a53508c72a4b9a1a7a5

#!/usr/bin/perl

###########################################################################
##
##  Scan Malware at the Virustotal Database using MD5 checksums.
##  =====================================================================
##   Code Fixed By: ApoNie
##   Mail: shahrir1999@yahoo.com
##   Web: http://geekzlife.net
##
##   Full Credit To: Iñaki R. (http://www.virtualminds.es)
##
###########################################################################

use strict;
use LWP;
use Digest::MD5;
use Getopt::Long;

my $md5 = Digest::MD5->new;
my $virhash;
my $file;
my $hash;

GetOptions ( "file=s" => \$file,
"hash=s" => \$hash
);

if($file && $hash) {
usage();
exit 100;
}

if(!$file && !$hash) {
usage();
exit 100;
}

if(-f $file) {
open FILE,$file;
binmode(FILE);
$virhash = $md5->addfile(*FILE)->hexdigest;
print "[HASH] Using MD5 hash $virhash\n";
}
elsif ($hash) {
$virhash = $hash;
print "[HASH] Using hash $virhash\n";
}

my $ua = LWP::UserAgent->new;
push @{$ua->requests_redirectable }, 'POST';

my $resp = $ua->post('http://www.virustotal.com/vt/en/consultamd5',[ "hash" => $virhash , "x" => 138 , "y" => 24 ]);

if($resp->is_success) {
my $data = $resp->content;
my $a;
if($data =~ /Result: <span id=\"porcentaje\"><span style="color:red\;\">/) {

if ( $data =~ /color:red\;\">(.*?)\ \(/ )
{
    $a = $1;
	$a =~ s/<\/span>//;

if ( $a =~ /0\//  )
{
print "Clean "; 

}
else{ print "Malware Found "; }

}

print "($a)\n";
exit 1;
} else {
print "Malware Not Found\n";
exit 0;
}
} else {
print $resp->status_line;
exit 100;
}

sub usage () {
print "$0 (--file file | --hash hash)\n";
}

11 Comments to “[Perl] Scan Malware at the Virustotal Database using MD5 checksums.”

  • November 14, 2009 at 10:32 pm
    Arief says:

    Pergh…. mmg best walaupun faham sket je, tapi nak guna tu yg x faham sgt :)

  • November 15, 2009 at 8:01 pm
    xanda says:

    w00t
    ==================SNIP======================
    adnan@xps:~$ cat /usr/bin/virustotal.pl | more

    #!/usr/bin/perl

    ###########################################################################
    ##
    ## Scan Malware at the Virustotal Database using MD5 checksums.
    ## =====================================================================
    ## Code Fixed By: ApoNie
    ## Mail: shahrir1999@yahoo.com
    ## Web: http://geekzlife.net
    ##
    ## Full Credit To: Iñaki R. (http://www.virtualminds.es)
    ##
    ###########################################################################

    use strict;
    use LWP;
    use Digest::MD5;
    use Getopt::Long;

    my $md5 = Digest::MD5->new;
    my $virhash;
    my $file;
    my $hash;
    ==================SNIP======================

  • November 15, 2009 at 11:03 pm
    ApoNie says:

    apa tujuan hang post code tu?

  • November 18, 2009 at 9:51 am
    xanda says:

    aku letak dalam /usr/bin .. maksudnye aku pakai la code hang.. tapi aku ubah sket

  • November 18, 2009 at 10:56 am
    ApoNie says:

    ooo.. aku noob perl, aku rasa leh optimize banyak lagi code tu.. hehehe..

    p/s: leh implement dalam MKP aku tu.. ko implementkan ahh.. :P

  • November 18, 2009 at 11:28 am
    xanda says:

    ko datang la buat… kalo free-free sket datang la

  • November 18, 2009 at 8:51 pm
    ApoNie says:

    alah.. simple jer.. edit skit kat aku punya python tu jer, kalau ko faham ahh code yang terlebih “l337″ aku tu… wahahaha..

    aku baru jer abis exam, t ada masa aku jenguk.. ;)

  • November 20, 2009 at 2:44 pm
    fazrin2211 says:

    teruskan usaha, selamat maju jaya bro. b t w, good luck

  • November 21, 2009 at 5:52 am
    ApoNie says:

    @fazrin2211 thanks.. good luck untuk hang gak.. ;)

  • December 11, 2009 at 3:45 pm
    orang utan says:

    waaaah.. abg kite dah start post dalam english.. cayalah.. when we can eat steam rice again..

  • December 11, 2009 at 5:31 pm
    ApoNie says:

    ceh.. panggil aku adik, aku lebih muda dari hang.. perasan muda dari aku ahh tu.. :P datang sini ahh, selain hari sabtu, ada jer steam rice tu.. hehe..

Post comment

:p 8) :lol: =( :8 ;) :(( :o: :[ :) :D :-| :-[) :bloody: :cool: :choler: :love: :oups: :aie: :beurk:

Search

Download GVR 4.2 Beta

GVR Malware Definition

Twitter Updates

RSS Forum My0d.My

ShoutBox

Hosting Sponsor By

Langgan GeeKzLife.Net

Enter your email address:

Pautan