malwarescanner icon indicating copy to clipboard operation
malwarescanner copied to clipboard

verified publisher icon password123456

Metadata

Simple Malware Scanner written in python

MalwareScanner

made-with-python Python Versions Hits

  • Very basic malware Scanner by hash comparison
  • Sometimes this can be needed when an incident response.
  • If you found new or suspicious files when you do response, you want to check out where these files exist in systems. so then you may need like this tool. this is a demo version. not complete. you have to change and modify code and make it yours.
  • Let me know if there are any changes required or additional features need it.

blah..blah-220510

  • Digital Signature Extraction feature has been added.
  • next revison, configruration format will be change.
  • I'm thinking of a very simple log receiving server to collect logs centrally.
  • Let me know feedback.

v1.0.3 (10/05/2022)

  • https://github.com/password123456/malwarescanner/blob/main/CHANGES_1.0.3-220510

Preview

# python .\main.py         
▌║█║▌│║▌│║▌║▌█║ Simple Basic Malware Scanner ▌│║▌║▌│║║▌█║▌║█

usage: main.py [-h] [--path PATH] [--update]

Simple Basic Malware Scanner

optional arguments:
  -h, --help   show this help message and exit
  --path PATH  ex) /var/www/html/upload
  --update     AV Engine Update
  
  
# python .\main_v1.0.3-220510.py --path .\scan_test_dir\


▌║█║▌│║▌│║▌║▌█║ Simple Basic Malware Scanner v1.0.3-220510 ▌│║▌║▌│║║▌█║▌║█

- Run time: 2022-05-10 14:46:08
- For questions contact github.com/password123456
------------------------------------->

- Engine Updated  : 2022-05-10 02:38:12 UTC
- AV Signatures   : 497578
- Scan Directory  : F:\code\pythonProject\malware_hash_scanner3\scan_test_dir
- Number of files : 12
- Scan Extensions : '.exe', '.dll', '.sys'
------------------------------------->

O.K Here We go.!
- Currently scanning...
- 11 files scanned / 8 infected [00:00:05] (F:\code\pythonProject\malware_hash_scanner3\scan_test_dir\vmware-view.exe)  


(1)
- Result
------O------M------G--------------->-
- Scanner Found 8 infected files!
- See the F:\code\pythonProject\malware_hash_scanner3/output/2022-05-10-infected.log

(2)
- Result
- OK.Good. No infection found.

Scan result_log

  • datetime, scan_id, os, hostname, ip, file_type, file.........hash, code_sign
2022-05-10-infected.log

datetime="2022-05-10 14:46:09",scan_id="5c35f9da-4987-4eaf-8648-eaf526c42d9c",os="Windows-10-10.0.19042-SP0",hostname="DESKTOP-S5VJGLH",ip="192.168.56.1 192.168.0.23",file_type="PE32+ executable (DLL) (native) x86-64, for MS Windows",file="F:\code\pythonProject\malware_hash_scanner3\scan_test_dir\cdm2drnt.sys",created_at="2022-05-02 07:47:10",modified_at="2020-02-05 02:20:00",hash="b575a5a6063567bea25674c71a3491eefa76f5ad7c97521bc140a7dce68b834b",code_sign="GlobalSign TSA for MS Authenticode - G2_GlobalSign nv-sa_valid(2016-05-24 00:00:00-2027-06-24 00:00:00)|AhnLab, Inc._GlobalSign nv-sa_valid(2019-11-22 07:40:15-2020-11-06 06:32:26)|"
datetime="2022-05-10 14:46:10",scan_id="5c35f9da-4987-4eaf-8648-eaf526c42d9c",os="Windows-10-10.0.19042-SP0",hostname="DESKTOP-S5VJGLH",ip="192.168.56.1 192.168.0.23",file_type="PE32+ executable (GUI) x86-64, for MS Windows",file="F:\code\pythonProject\malware_hash_scanner3\scan_test_dir\chrome.exe",created_at="2022-05-02 21:33:38",modified_at="2022-04-14 06:17:04",hash="45de9f5a25bf478c6a8d8625a984895c9b3fdea6eb12a55ddd088dcebd9df5ab",code_sign="Google LLC_DigiCert, Inc._valid(2021-07-02 00:00:00-2024-07-10 23:59:59)|"
datetime="2022-05-10 14:46:11",scan_id="5c35f9da-4987-4eaf-8648-eaf526c42d9c",os="Windows-10-10.0.19042-SP0",hostname="DESKTOP-S5VJGLH",ip="192.168.56.1 192.168.0.23",file_type="PE32 executable (GUI) Intel 80386, for MS Windows",file="F:\code\pythonProject\malware_hash_scanner3\scan_test_dir\LineLauncher.exe",created_at="2022-05-10 12:38:18",modified_at="2022-03-10 18:00:10",hash="60fd9ceac8d1c40e835d3dc9aa77599d3f810a646199ecbdcb8003521ce7d502",code_sign="DigiCert Timestamp 2021_DigiCert Inc_valid(2021-01-01 00:00:00-2031-01-06 00:00:00)|LINE Corporation_Symantec Corporation_valid(2020-04-21 00:00:00-2022-04-21 23:59:59)|Symantec Class 3 Extended Validation Code Signing CA - G2_VeriSign, Inc._valid(2014-03-04 00:00:00-2024-03-03 23:59:59)|"
datetime="2022-05-10 14:46:11",scan_id="5c35f9da-4987-4eaf-8648-eaf526c42d9c",os="Windows-10-10.0.19042-SP0",hostname="DESKTOP-S5VJGLH",ip="192.168.56.1 192.168.0.23",file_type="PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed",file="F:\code\pythonProject\malware_hash_scanner3\scan_test_dir\LineUpdater.exe",created_at="2022-05-10 12:38:22",modified_at="2022-04-06 10:06:28",hash="6b663f9f7bf3b6c1a2ce898b2402b691fff6dced36e9b0196e152bbfc409db42",code_sign="DigiCert Timestamp 2021_DigiCert Inc_valid(2021-01-01 00:00:00-2031-01-06 00:00:00)|LINE Corporation_Symantec Corporation_valid(2020-04-21 00:00:00-2022-04-21 23:59:59)|Symantec Class 3 Extended Validation Code Signing CA - G2_VeriSign, Inc._valid(2014-03-04 00:00:00-2024-03-03 23:59:59)|"
datetime="2022-05-10 14:46:12",scan_id="5c35f9da-4987-4eaf-8648-eaf526c42d9c",os="Windows-10-10.0.19042-SP0",hostname="DESKTOP-S5VJGLH",ip="192.168.56.1 192.168.0.23",file_type="PE32 executable (GUI) Intel 80386, for MS Windows",file="F:\code\pythonProject\malware_hash_scanner3\scan_test_dir\PCHunter32.exe",created_at="2022-05-10 11:36:04",modified_at="2017-08-14 02:27:08",hash="0544b99c52d607712d70351c6d9afb1fba6adb0de256baf662f06fdf6058aa3d",code_sign="** No Digital-Signed File **"
datetime="2022-05-10 14:46:14",scan_id="5c35f9da-4987-4eaf-8648-eaf526c42d9c",os="Windows-10-10.0.19042-SP0",hostname="DESKTOP-S5VJGLH",ip="192.168.56.1 192.168.0.23",file_type="PE32 executable (GUI) Intel 80386, for MS Windows",file="F:\code\pythonProject\malware_hash_scanner3\scan_test_dir\unins000.exe",created_at="2022-04-27 23:54:53",modified_at="2022-04-26 12:19:01",hash="2da3b504c2b68219c0b4c6f062867dae091560c3f1e0735f1a7b17b1d79b5a90",code_sign="** No Digital-Signed File **"
datetime="2022-05-10 14:46:15",scan_id="5c35f9da-4987-4eaf-8648-eaf526c42d9c",os="Windows-10-10.0.19042-SP0",hostname="DESKTOP-S5VJGLH",ip="192.168.56.1 192.168.0.23",file_type="PE32 executable (GUI) Intel 80386, for MS Windows",file="F:\code\pythonProject\malware_hash_scanner3\scan_test_dir\vmware-view.exe",created_at="2022-05-10 12:38:38",modified_at="2020-07-07 18:08:06",hash="17b21902170784d460fd0168e08f6e2075d6eb0a501093bc35184c550d73b5d8",code_sign="VMware, Inc._DigiCert Inc_valid(2019-12-03 00:00:00-2022-12-07 12:00:00)|DigiCert Timestamp Responder_DigiCert Inc_valid(2014-10-22 00:00:00-2024-10-22 00:00:00)|"


##### For more information about infected file, search the Virustotal ###
https://www.virustotal.com/gui/file/$infected_file_hash

Metadata

84
Stars
22
Forks
Watchers

Owner

verified publisher icon password123456

Metadata

Simple Malware Scanner written in python

Back