Searching With VirusTotal

-
Searching With VirusTotal:
Did you know that you can search VirusTotal? You don’t have to submit a file, but you can search for the report of a file has been submitted before. You use a cryptographic hash (MD5, SHA1, SHA256) to identify the file.
There are several tools to submit a batch of files to VirusTotal, but I didn’t find any that just searches VirusTotal for a list of search terms via VirusTotal’s API.
Thus I wrote my own Python program. It accepts a file with a list of hashes, and produces a CSV file with the result. Here is an example displayed with InteractiveSieve:

To get this program working, you need to get a VirusTotal API key and add it to this program. You need a VirusTotal account to get your API key.
And my program respects VirusTotal’s rate limitation (4 requests per minute), I don’t want it to DoS VirusTotal.
virustotal-search_V0_0_1.zip (https)

MD5: 0F3A1E18C79DFDB143CCC2F860E2C4B2

SHA256: BD213BBC55A9048DBB7B890209E2831EF81049B45ABE9091E01F0692F4F23283

Comments

Post a Comment

Popular posts from this blog

Investigating Indicators of Compromise In Your Environment With Latest Version of Redline

-
Image
Investigating Indicators of Compromise In Your Environment With Latest Version of Redline : Recently, Mandiant ® released a new version of Redline ™ . If you are not familiar with Redline, it is a great tool for investigating a specific Windows host in depth. We will have a more thorough look into Redline in the next month or so. What I wanted to touch on today is one of Redline’s brand new features: you can now use Indicators of Compromise (IOCs) to drive your Redline investigations. If you are not familiar with IOCs, I urge to you take a moment and head over to http://OpenIOC.org and have a look around. IOCs are the best way for finding indications of compromise and/or intrusion throughout your enterprise. IOCs are one of the main technologies that power Mandiant Intelligent Response, Mandiant’s flagship IR appliance, and have previously been accessible in free products with IOC Editor & IOC Finder . Some blog entries that might help bring you up to speed are Ryan Kazanciya...
Read more

Both Mac and Windows are Targeted at Once

-
Image
Both Mac and Windows are Targeted at Once : Symantec Security Response, along with some other security vendors, reported the discovery of the OSX.Flashback malware recently patched by Apple. Many people may be surprised to learn the infection volume is reported at over 600,000 computers. On a new front, we have recently identified new Java Applet malware, which uses the Oracle Java SE Remote Java Runtime Environment Code Execution Vulnerability (CVE-2012-0507) to download its payload. This attack vector is the same as the older one, but in this case the Java Applet checks which OS it is running on and downloads a suitable malware for the OS. This is explained further in the following illustration: When a victim loads the Java Applet malware, it breaks the Java Applet sandbox by using the CVE-2012-0507 vulnerability. This vulnerability is effective for both Mac and Windows operating systems. Then, if the threat is running on a Mac operating system, it downloads a dropper type ...
Read more

PDF Malware Protected by AES-256

-
Image
PDF Malware Protected by AES-256 : Adobe Systems released a security update for Adobe Acrobat and Reader 9.x for Windows on December 16, 2011, in order to fix a zero-day vulnerability. As Vikram Thakur reported recently , there have been zero-day attacks using this PDF vulnerability, dropping Backdoor.Sykipot on to the compromised computer. We have found another variant of PDF malware in the wild using the same vulnerability. This version of PDF malware uses an encryption method that is found natively in the PDF specifications. As I wrote in my Portable Document Format Malware whitepaper , the encryption method used by PDF malware has changed from RC4 to AES. The AES specifies the encryption key has 128 bits in length. However, this variant adopts AES-256 as the encryption method, with a key length of 256 bits. The specification for the encryption method using AES-256 in a PDF is described as an extension of the ISO32000 version of PDF specification. It is able to download the PDF ex...
Read more