#!/usr/bin/env python

import os

import csv

#import Queue

import zipfile

import requests

import argparse

import multiprocessing

# TODO: Don't hardcode the relative path?

samples_path = "gym_malware/envs/utils/samples/"

hashes_path = "gym_malware/envs/utils/sample_hashes.csv"

vturl = "https://www.virustotal.com/intelligence/download"

def get_sample_hashes():

    hash_rows = []

    with open(hashes_path) as csvfile:

        for row in csv.DictReader(csvfile):

            hash_rows.append(row)

    return hash_rows

def vt_download_sample(sha256, sample_path, vtapikey):

    tries = 0

    success = False

    while not success and tries < 10:

        resp = requests.get(vturl, params={"hash": sha256, "apikey": vtapikey})

        if not resp.ok:

            tries += 1

            continue

        else:

            success = True

    if not success:

        return False

    with open(sample_path, "wb") as ofile:

        ofile.write(resp.content)

    return True

def download_worker_function(download_queue, vtapikey):

    while True:

        try:

            sha256 = download_queue.get()

        except queue.Empty:

            continue

        if sha256 == "STOP":

            download_queue.task_done()

            return True

        print("{} downloading".format(sha256))

        sample_path = os.path.join(samples_path, sha256)

        success = vt_download_sample(sha256, sample_path, vtapikey)

        if not success:

            print("{} had a problem".format(sha256))

        print("{} done".format(sha256))

        download_queue.task_done()

def use_virustotal(args):

    """

    Use Virustotal to download the environment malware

    """

    m = multiprocessing.Manager()

    download_queue = m.JoinableQueue(args.nconcurrent)

    archive_procs = [

        multiprocessing.Process(

            target=download_worker_function,

            args=(download_queue, args.vtapikey))

        for i in range(args.nconcurrent)

    ]

    for w in archive_procs:

        w.start()

    for row in get_sample_hashes():

        download_queue.put(row["sha256"])

    for i in range(args.narchiveprocs):

        download_queue.put("STOP")

    download_queue.join()

    for w in archive_procs:

        w.join()

def use_virusshare(args):

    """

    Use VirusShare zip files as the source for the envirnment malware

    """

    pwd = bytes(args.zipfilepassword, "ascii")

    md5_to_sha256_dict = {d["md5"]: d["sha256"] for d in get_sample_hashes()}

    for path in args.zipfile:

        z = zipfile.ZipFile(path)

        for f in z.namelist():

            z_object_md5 = f.split("_")[1]

            if z_object_md5 in md5_to_sha256_dict:

                sample_bytez = z.open(f, "r", pwd).read()

                with open(md5_to_sha256_dict[z_object_md5], "wb") as ofile:

                    ofile.write(sample_bytez)

                print("Extracted {}".format(md5_to_sha256_dict[z_object_md5]))

if __name__ == '__main__':

    prog = "download_samples"

    descr = "Download the samples that define the malware gym environment"

    parser = argparse.ArgumentParser(prog=prog, description=descr)

    parser.add_argument(

        "--virustotal",

        default=False,

        action="store_true",

        help="Use Virustotal to download malware samples")

    parser.add_argument(

        "--vtapikey", type=str, default=None, help="Virustotal API key")

    parser.add_argument(

        "--nconcurrent",

        type=int,

        default=6,

        help="Maximum concurrent downloads from Virustotal")

    parser.add_argument(

        "--virusshare",

        default=False,

        action="store_true",

        help="Use malware samples from VirusShare torrents")

    parser.add_argument(

        "--zipfile",

        type=str,

        nargs="+",

        help="The path of VirusShare zipfile 290 or 291")

    parser.add_argument(

        "--zipfilepassword",

        type=str,

        default=None,

        help="Password for the VirusShare zipfiles 290 or 291")

    args = parser.parse_args()

    if not args.virustotal and not args.virusshare:

        parser.error("Must use either Virustotal or VirusShare")

    if args.virusshare:

        if len(args.zipfile) == 0:

            parser.error("Must the paths for one or more Virusshare zip files")

        if args.zipfilepassword is None:

            parser.error("Must enter a password for the VirusShare zip files")

        use_virusshare(args)

    if args.virustotal:

        if args.vtapikey is None:

            parser.error("Must enter a VirusTotal API key")

        use_virustotal(args)

使用方法:

python download_samples.py  --virustotal --vtapikey 1a7b7440ceca037b88fd160ef6c8e04b69ba434bdd76ef2ab0ab52a567xxxxx

csv文件格式:

sha256,sha1,md5

0007df5e92070f8d12411078070bdcafb24df81c837d8113a1e047ed7ac9fba1,e760b4ae027975928735024273a4240995442e2b,002e5581fabb21af4d4e7ec070561d38

0026b14f896934c621eccca48474353fff08f592ebc2949dde4b881f2353e3d2,f5cc8bd5accc281a8a41a9b13d870734361ec26b,292bd61f51ef0983b058a3b0f16ad263

00341b912ae7a9fc5bd25ac544bb2525cdc10f7dfcf51e6d96e9221a9ca06525,0329a4316eea3cf6d1376ea1eab5e2806258193b,c0370cb71216559beef7fe943b52003e

007792005ee9d835d5d0d4e0d6f7b886605272252a202e97a04bbc30bbbe12ae,f8190fe3936eff91a011901e30d66d0ad96e7e0c,64fed9d345dec9156090832c2b768982

009868767950256d823b0e9c6a89b8a7b2cef63424adc1840d1350ffa0bd3e42,50d4083adcd17910c2889842daf0d5e6ec41ab40,2f7a71e7abfd8536b9dee243656e0a8a

00a52b54695bac31830bdecf1c0e71b10da9bf3e9ff3d52cf1fc90f110458475,26f7549b66b2578112a77ceda7be7647ce5bc763,84b7490cae7fb84010863e006988951a

00c00e802109d0a3cb122c90168380ca23dfd3c28b1f03711b6218a8b1800f7c,eca4d84561c6440975ca64402e92ab01cf1bf4c8,d40cf7ae9174d5dc79c2e9db8cdb1bbb

0105e7aadf4e069b10aea00a43d90b753acfdd81c8db6e37df2c5b563162c30b,310a76a010cb58b510da8eb743f53ff517e441a9,2d4dcc983545014af6c8994ffa478488

0106fb2d96d5643f7ccb4a3e9fe8f3bb34c7d65d03333370648915991a3b200d,ad073b1ada3bb0aff0cae2edd7d41f6f09816cbe,f3e5b6b8c47211d54c2031d7a9a8f54f

012244e5a30708451b0b8b36a45e7d36fc8694f999adec739ef21efbc5f8e922,ef0ce82ca912e79a4fe64879ceb7fc30605367bb,ef24712cdbd8bd210e44d1546f5b91ab

014b392af2230b6275acf08a1384b1dd578e7fa3e7aba70c1b5b2ea6956c2108,43336578eb0efb1f9096836ff420fba635527020,d8f99268a5727a64bbac9a149b169afc

01640574490f32ba3d84bef60bdc30794edacf32932e93bada4d068dc5e27457,320c06678b0253ef5e30933d341a981744702c49,06c7dcdcdc887e052c2b6ee0dc88a2a6

从virustotal上下载病毒样本的更多相关文章

  1. Android版本的"Wannacry"文件加密病毒样本分析(附带锁机)

    一.前言 之前一个Wannacry病毒样本在PC端肆意了很久,就是RSA加密文件,勒索钱财.不给钱就删除.但是现在移动设备如此之多,就有一些不法分子想把这个病毒扩散到移动设备了,这几天一个哥们给了一个 ...

  2. demon病毒样本分析

    1. 简介 该样本是前几周爆发的THINKPHP漏洞中,被批量上传的一个病毒样本.如图所示. 2. 分析 该样本未经混淆,加壳,所以直接拖到IDA中即可分析. 首先从main函数开始.做一些初始化的函 ...

  3. 【tomcat 无法部署】svn上下载的maven项目无法部署到tomcat中

    问题: svn上下载的maven项目无法部署到tomcat中,tomcat不识别项目,但是这个项目确实是web项目 发现的过程: 然后依次产看项目的编译版本: 项目的依赖架包: 才发现: 解决方法: ...

  4. App Store上下载和安装Xcode

    App Store上下载和安装Xcode Xcode的下载和安装 要编写一个Sprite Kit程序,需要使用到Xcode开发工具.本节将主要讲解此工具的两种下载和安装方式:一种是在App Store ...

  5. Android———从GitHub上下载源码的方法【Written By KillerLegend】

    首先声明,本文说的是从GitHub上下载源码而非上传源码! 1:下载tortoisegit,下载地址为: https://code.google.com/p/tortoisegit/wiki/Down ...

  6. CSDN上下载的一些关于Android程序调用Webservice执行不成功的问题

    今天从书上和CSDN上找了几个关于android调用webservice的样例,这些样例从代码来看.没不论什么错误,可是就是执行不成功.分析了android调用web接口的写法,发现这些样例在调用的时 ...

  7. Android开发之从网络URL上下载JSON数据

    网络下载拉取数据中,json数据是一种格式化的xml数据,非常轻量方便,效率高,体验好等优点,下面就android中如何从给定的url下载json数据给予解析: 主要使用http请求方法,并用到Htt ...

  8. 用APK Downloader直接从Google Play上下载apk

    APK Downloader可以直接从Google Play上下载apk,相比较其他软件,这个不需要提供Google ID,对于没有刷机的同学还是有些帮助的.

  9. 怎么在Linux上下载并安装ESET NOD32 Antivirus 4桌面版

    转自:怎么在Linux上下载并安装ESET NOD32 Antivirus 4桌面版 下载并安装ESET NOD32 Antivirus 4的Linux桌面版,根据下面的步骤一步一步的来: I.  下 ...

随机推荐

  1. exist & in

    select a.* from A a where exists ( select 1 from B b where a.id=b.id ) public List exist(){ List res ...

  2. jQuery 查找标签

    1 基本选择器 2 基本筛选器 3 属性选择器 4 间接选择 1 基本选择器 //id选择器: $("#id") //标签选择器: $("tagName") / ...

  3. 解决后台无法进入提示DedeCMS Error: (PHP 5.3 and above) Please set 'request_order' ini value

    最近小美眉的网站被盯上了,被添加了非常多的dubo页面,删除了5w多个文件,但还是不停的增加,因为网站权重还可以,很多都被收录了,结果可想而知,ytkah帮她迁移,在迁移网站时遇到了一些问题,后台登录 ...

  4. iOS11 仿大标题 导航栏

    iOS11 SytleTitleController  仿大标题 风格 导航栏 仿 iOS11 大导航标题 风格 UI 适用范围 iOS8 + 前言 iOS11全面应用大标题设计,(岂止于大—— 比逼 ...

  5. 写python中的装饰器

    python中的装饰器主要用于在已有函数实现功能前附加需要输出的信息,下面将用实例展示我如何写装饰器. 首先分别尝试写装饰器装饰一个无参函数和一个有参函数(被装饰函数仅输出,无返回值情况下) def ...

  6. Cocos2d-x项目移植到WP8系列之四:文件操作

    原文链接: http://www.cnblogs.com/zouzf/p/3972457.html 读写文件Cocos已经用fopen fwrite来做好了,这里说的主要是文件和文件夹的创建.删除.判 ...

  7. IIS部署PHP项目并与mysql完美结合

    在上一篇文章中,提到iis与apache共用80端口,但是发现很多问题,例如 IIS网站有支付功能,而微信支付是不支持带有端口的网址的,虽然通过apche代理,在外面看来没有端口,可是内部还是避免不了 ...

  8. iOS面试必备-iOS基础知识

    近期为准备找工作面试,在网络上搜集了这些题,以备面试之用. 插一条广告:本人求职,2016级应届毕业生,有开发经验.可独立开发,低薪求职.QQ:895193543 1.简述OC中内存管理机制. 答:内 ...

  9. c# 类的序列化,以及嵌套问题

    简单的序列化,网上很多,但是突然想到一个问题,如果一个类里用到了另一个,那么怎么办,今天试了试,只需要加上序列号标签就可以了 using System.Collections; using Syste ...

  10. Qt开发动画

    #include <QPropertyAnimation> #include <QDesktopWidget> //下坠 void MainWindow::on_pushBut ...