#!/usr/bin/env python

import os

import csv

#import Queue

import zipfile

import requests

import argparse

import multiprocessing

# TODO: Don't hardcode the relative path?

samples_path = "gym_malware/envs/utils/samples/"

hashes_path = "gym_malware/envs/utils/sample_hashes.csv"

vturl = "https://www.virustotal.com/intelligence/download"

def get_sample_hashes():

    hash_rows = []

    with open(hashes_path) as csvfile:

        for row in csv.DictReader(csvfile):

            hash_rows.append(row)

    return hash_rows

def vt_download_sample(sha256, sample_path, vtapikey):

    tries = 0

    success = False

    while not success and tries < 10:

        resp = requests.get(vturl, params={"hash": sha256, "apikey": vtapikey})

        if not resp.ok:

            tries += 1

            continue

        else:

            success = True

    if not success:

        return False

    with open(sample_path, "wb") as ofile:

        ofile.write(resp.content)

    return True

def download_worker_function(download_queue, vtapikey):

    while True:

        try:

            sha256 = download_queue.get()

        except queue.Empty:

            continue

        if sha256 == "STOP":

            download_queue.task_done()

            return True

        print("{} downloading".format(sha256))

        sample_path = os.path.join(samples_path, sha256)

        success = vt_download_sample(sha256, sample_path, vtapikey)

        if not success:

            print("{} had a problem".format(sha256))

        print("{} done".format(sha256))

        download_queue.task_done()

def use_virustotal(args):

    """

    Use Virustotal to download the environment malware

    """

    m = multiprocessing.Manager()

    download_queue = m.JoinableQueue(args.nconcurrent)

    archive_procs = [

        multiprocessing.Process(

            target=download_worker_function,

            args=(download_queue, args.vtapikey))

        for i in range(args.nconcurrent)

    ]

    for w in archive_procs:

        w.start()

    for row in get_sample_hashes():

        download_queue.put(row["sha256"])

    for i in range(args.narchiveprocs):

        download_queue.put("STOP")

    download_queue.join()

    for w in archive_procs:

        w.join()

def use_virusshare(args):

    """

    Use VirusShare zip files as the source for the envirnment malware

    """

    pwd = bytes(args.zipfilepassword, "ascii")

    md5_to_sha256_dict = {d["md5"]: d["sha256"] for d in get_sample_hashes()}

    for path in args.zipfile:

        z = zipfile.ZipFile(path)

        for f in z.namelist():

            z_object_md5 = f.split("_")[1]

            if z_object_md5 in md5_to_sha256_dict:

                sample_bytez = z.open(f, "r", pwd).read()

                with open(md5_to_sha256_dict[z_object_md5], "wb") as ofile:

                    ofile.write(sample_bytez)

                print("Extracted {}".format(md5_to_sha256_dict[z_object_md5]))

if __name__ == '__main__':

    prog = "download_samples"

    descr = "Download the samples that define the malware gym environment"

    parser = argparse.ArgumentParser(prog=prog, description=descr)

    parser.add_argument(

        "--virustotal",

        default=False,

        action="store_true",

        help="Use Virustotal to download malware samples")

    parser.add_argument(

        "--vtapikey", type=str, default=None, help="Virustotal API key")

    parser.add_argument(

        "--nconcurrent",

        type=int,

        default=6,

        help="Maximum concurrent downloads from Virustotal")

    parser.add_argument(

        "--virusshare",

        default=False,

        action="store_true",

        help="Use malware samples from VirusShare torrents")

    parser.add_argument(

        "--zipfile",

        type=str,

        nargs="+",

        help="The path of VirusShare zipfile 290 or 291")

    parser.add_argument(

        "--zipfilepassword",

        type=str,

        default=None,

        help="Password for the VirusShare zipfiles 290 or 291")

    args = parser.parse_args()

    if not args.virustotal and not args.virusshare:

        parser.error("Must use either Virustotal or VirusShare")

    if args.virusshare:

        if len(args.zipfile) == 0:

            parser.error("Must the paths for one or more Virusshare zip files")

        if args.zipfilepassword is None:

            parser.error("Must enter a password for the VirusShare zip files")

        use_virusshare(args)

    if args.virustotal:

        if args.vtapikey is None:

            parser.error("Must enter a VirusTotal API key")

        use_virustotal(args)

使用方法:

python download_samples.py  --virustotal --vtapikey 1a7b7440ceca037b88fd160ef6c8e04b69ba434bdd76ef2ab0ab52a567xxxxx

csv文件格式:

sha256,sha1,md5

0007df5e92070f8d12411078070bdcafb24df81c837d8113a1e047ed7ac9fba1,e760b4ae027975928735024273a4240995442e2b,002e5581fabb21af4d4e7ec070561d38

0026b14f896934c621eccca48474353fff08f592ebc2949dde4b881f2353e3d2,f5cc8bd5accc281a8a41a9b13d870734361ec26b,292bd61f51ef0983b058a3b0f16ad263

00341b912ae7a9fc5bd25ac544bb2525cdc10f7dfcf51e6d96e9221a9ca06525,0329a4316eea3cf6d1376ea1eab5e2806258193b,c0370cb71216559beef7fe943b52003e

007792005ee9d835d5d0d4e0d6f7b886605272252a202e97a04bbc30bbbe12ae,f8190fe3936eff91a011901e30d66d0ad96e7e0c,64fed9d345dec9156090832c2b768982

009868767950256d823b0e9c6a89b8a7b2cef63424adc1840d1350ffa0bd3e42,50d4083adcd17910c2889842daf0d5e6ec41ab40,2f7a71e7abfd8536b9dee243656e0a8a

00a52b54695bac31830bdecf1c0e71b10da9bf3e9ff3d52cf1fc90f110458475,26f7549b66b2578112a77ceda7be7647ce5bc763,84b7490cae7fb84010863e006988951a

00c00e802109d0a3cb122c90168380ca23dfd3c28b1f03711b6218a8b1800f7c,eca4d84561c6440975ca64402e92ab01cf1bf4c8,d40cf7ae9174d5dc79c2e9db8cdb1bbb

0105e7aadf4e069b10aea00a43d90b753acfdd81c8db6e37df2c5b563162c30b,310a76a010cb58b510da8eb743f53ff517e441a9,2d4dcc983545014af6c8994ffa478488

0106fb2d96d5643f7ccb4a3e9fe8f3bb34c7d65d03333370648915991a3b200d,ad073b1ada3bb0aff0cae2edd7d41f6f09816cbe,f3e5b6b8c47211d54c2031d7a9a8f54f

012244e5a30708451b0b8b36a45e7d36fc8694f999adec739ef21efbc5f8e922,ef0ce82ca912e79a4fe64879ceb7fc30605367bb,ef24712cdbd8bd210e44d1546f5b91ab

014b392af2230b6275acf08a1384b1dd578e7fa3e7aba70c1b5b2ea6956c2108,43336578eb0efb1f9096836ff420fba635527020,d8f99268a5727a64bbac9a149b169afc

01640574490f32ba3d84bef60bdc30794edacf32932e93bada4d068dc5e27457,320c06678b0253ef5e30933d341a981744702c49,06c7dcdcdc887e052c2b6ee0dc88a2a6

从virustotal上下载病毒样本的更多相关文章

  1. Android版本的"Wannacry"文件加密病毒样本分析(附带锁机)

    一.前言 之前一个Wannacry病毒样本在PC端肆意了很久,就是RSA加密文件,勒索钱财.不给钱就删除.但是现在移动设备如此之多,就有一些不法分子想把这个病毒扩散到移动设备了,这几天一个哥们给了一个 ...

  2. demon病毒样本分析

    1. 简介 该样本是前几周爆发的THINKPHP漏洞中,被批量上传的一个病毒样本.如图所示. 2. 分析 该样本未经混淆,加壳,所以直接拖到IDA中即可分析. 首先从main函数开始.做一些初始化的函 ...

  3. 【tomcat 无法部署】svn上下载的maven项目无法部署到tomcat中

    问题: svn上下载的maven项目无法部署到tomcat中,tomcat不识别项目,但是这个项目确实是web项目 发现的过程: 然后依次产看项目的编译版本: 项目的依赖架包: 才发现: 解决方法: ...

  4. App Store上下载和安装Xcode

    App Store上下载和安装Xcode Xcode的下载和安装 要编写一个Sprite Kit程序,需要使用到Xcode开发工具.本节将主要讲解此工具的两种下载和安装方式:一种是在App Store ...

  5. Android———从GitHub上下载源码的方法【Written By KillerLegend】

    首先声明,本文说的是从GitHub上下载源码而非上传源码! 1:下载tortoisegit,下载地址为: https://code.google.com/p/tortoisegit/wiki/Down ...

  6. CSDN上下载的一些关于Android程序调用Webservice执行不成功的问题

    今天从书上和CSDN上找了几个关于android调用webservice的样例,这些样例从代码来看.没不论什么错误,可是就是执行不成功.分析了android调用web接口的写法,发现这些样例在调用的时 ...

  7. Android开发之从网络URL上下载JSON数据

    网络下载拉取数据中,json数据是一种格式化的xml数据,非常轻量方便,效率高,体验好等优点,下面就android中如何从给定的url下载json数据给予解析: 主要使用http请求方法,并用到Htt ...

  8. 用APK Downloader直接从Google Play上下载apk

    APK Downloader可以直接从Google Play上下载apk,相比较其他软件,这个不需要提供Google ID,对于没有刷机的同学还是有些帮助的.

  9. 怎么在Linux上下载并安装ESET NOD32 Antivirus 4桌面版

    转自:怎么在Linux上下载并安装ESET NOD32 Antivirus 4桌面版 下载并安装ESET NOD32 Antivirus 4的Linux桌面版,根据下面的步骤一步一步的来: I.  下 ...

随机推荐

  1. jQuery解决鼠标单双击问题

    html代码如下: <button>点击</button> JQ代码如下: <script> $(function () { // 编写相关jQuery代码 // ...

  2. Meteor工作目录的划分

    现在说明一下Meteor的工作目录是这样划分的,但是在说明之前 做个约定,以免后面造成混淆或错误.  我们通过 meteor create API-002-Core创建meteor工程后,那么就会有一 ...

  3. (转)fiddler使用简介--其三

    原文地址:http://www.cnblogs.com/miantest/p/7294620.html 我们知道Fiddler是位于客户端和服务器之间的代理,它能够记录客户端和服务器之间的所有 HTT ...

  4. Verilog HDL设计规范及经验谈(转载)

    1. 规范很重要      工作过的朋友肯定知道,公司里是很强调规范的,特别是对于大的设计(无论软件还是硬件),不按照规范走几乎是不可实现的.逻辑设计也是这样:如果不按规范做的话,过一个月后调试时发现 ...

  5. 测试百度地图输入GPS经纬度显示位置API

    1.我的GPS获取的经纬度做度分秒转换后为 34.636055,112.40832 2.百度API介绍 GPS的坐标是WGS84,所以测试API http://api.map.baidu.com/ge ...

  6. 4.5 基于STM32+MC20远程短信控制开关

    需要准备的硬件 MC20开发板 1个 https://item.taobao.com/item.htm?id=562661881042 GSM/GPRS天线 1根 https://item.taoba ...

  7. python基础28 -----python中sockserver模块

    一.Python中的sockserver模块 1.该模块与sock模块不同之处是该模块自动帮我们分装好了一些功能,让我们在编程的时候直接调用这些功能就可以了,节省了编程步骤. 2.如图所示 注释:上图 ...

  8. 2015.7.8(千股跌停!做T不应当只做中色,中国软件)

    2015.7.81.今天开盘所有的股票全部跌停,真是一大奇观! 今天中色股份和以往不同买卖盘为正! 但是中色的爬升比较慢,价位始终没有高过昨天的收盘价————这种情况下是否应该做T呢? 2.做T不应当 ...

  9. Spring 手动获取request和response

    //获取responseHttpServletResponse response = ((ServletRequestAttributes) RequestContextHolder.getReque ...

  10. 【HackerRank】Lonely Integer

    There are N integers in an array A. All but one integer occur in pairs. Your task is to find out the ...