It is a script that checks the hash value list of emo guys collectively with VT. Get all at once with API. There is a query volume limit (4 times / minute) so let's wait slowly
import requests
import json
import pandas as pd
import time
import csv
hashlist= [
'c9e17e63de9b882e820c829b415a4e13070453c8',
'dee5ff1d1910e27c2b6aed7ddffce3c3be6356d4']
url = 'https://www.virustotal.com/vtapi/v2/file/report'
apikey ='USE_YOUR_API_KEY'
f = open('vt_output.csv', 'w')
writer = csv.writer(f, lineterminator='\n')
for hash in hashlist:
print(hash)
params = {'apikey': apikey, 'resource': hash}
response = requests.get(url, params=params)
l = [hash]
response_code =response.json()['response_code']
l.append(response_code)
if response_code == 1:
df=pd.read_json( json.dumps(response.json()))
for x in range(df.index.size):
l.append(df['scans'][x]['result'])
writer.writerow(l)
time.sleep(25)
f.close()
The results can be obtained in a list.
1 Trojan.Downloader.DOC.Gen Other:Malware-gen [Trj] W97m.Downloader.IQU Trojan.MSWord.Generic.4!c VBA/Downloader.S70 W97m.Downloader.IQU Other:Malware-gen [Trj] VBA/Dldr.Agent.zzlmg W97m.Downloader.IQU W97M.Emotet.36301 Doc.Dropper.Emotet-7399725-0 W97M/Downldr.HB.gen!Eldorado W97M.DownLoader.4186 VBA/TrojanDownloader.Agent.QMI malicious (high confidence) Malware.VBA/Dldr.Agent.zzlmg W97m.Downloader.IQU VBA/Agent.QLT!tr.dldr Macro.Trojan.Kryptik.NK@susp Trojan-Downloader.VBA.Emotet HEUR:Trojan.MSOffice.SAgent.gen malware (ai score=89) W97M/Downloader.xx BehavesLike.Downloader.cg W97m.Downloader.IQU TrojanDownloader:O97M/Emotet.GF!MTB Trojan.Script.Downloader.ghylsa O97M/Downloader virus.office.obfuscated.1 DFI - Malicious OLE Mal/DocDl-K Trojan.Gen.2 Suspicious/W97M.Obfus.Gen.8 Heur.Macro.Generic.Gen.f Trojan.W97M.EMOTET.JKBG Trojan.W97M.EMOTET.JKBG Trojan.AvsMofer.bSGLro HEUR:Trojan.MSOffice.SAgent.gen Probably W97Obfuscated
Recommended Posts