EmoCheck

package           : tis-emocheck
version           : 2.4.0-8
architecture      : arm
section           : base
priority          : optional
name              : EmoCheck
categories        : Security
maintainer        : WAPT Team,Tranquil IT,Jimmy PELÉ,Pierre COSSON
description       : Emotet (malware) detection tool for Windows. (Windows 7 does not support UTF-8 output in the Command Prompt. The package is working since he's silent)
depends           : 
conflicts         : 
maturity          : PROD
locale            : all
target_os         : windows
min_wapt_version  : 2.1
sources           : https://github.com/JPCERTCC/EmoCheck/releases
installed_size    : 
impacted_process  : 
description_fr    : Outil de détection du malware Emotet pour Windows. (Windows 7 ne prend pas en charge la sortie UTF-8 dans l'invite de commande. Le paquet fonctionne car il est silencieux)
description_pl    : Narzędzie do wykrywania Emotet (malware) dla systemu Windows. (Windows 7 nie obsługuje wyjścia UTF-8 w Wierszu polecenia. Pakiet działa, ponieważ jest cichy)
description_de    : Emotet (Malware)-Erkennungstool für Windows. (Windows 7 unterstützt keine UTF-8-Ausgabe in der Eingabeaufforderung. Das Paket funktioniert, da er still ist)
description_es    : Herramienta de detección de Emotet (malware) para Windows. (Windows 7 no admite la salida de UTF-8 en el símbolo del sistema. El paquete funciona desde que es silencioso)
description_pt    : Ferramenta de detecção de Emotet (malware) para Windows. (Windows 7 não suporta a saída UTF-8 no Prompt de Comando. O pacote está a funcionar uma vez que ele está silencioso)
description_it    : Strumento di rilevamento di Emotet (malware) per Windows. (Windows 7 non supporta l'output UTF-8 nel Prompt dei comandi. Il pacchetto funziona poiché è silenzioso)
description_nl    : Emotet (malware) opsporingsprogramma voor Windows. (Windows 7 ondersteunt geen UTF-8 uitvoer in de opdrachtprompt. Het pakket werkt sinds hij stil is)
description_ru    : Средство обнаружения Emotet (вредоносного ПО) для Windows. (Windows 7 не поддерживает вывод UTF-8 в командной строке. Пакет работает, так как он молчит)
audit_schedule    : 
editor            : JPCERT Coordination Center
keywords          : security,malware,malware-detection,emotet
licence           : 
homepage          : https://github.com/JPCERTCC/EmoCheck
package_uuid      : 405312f8-0ea3-4aaa-b579-e0e2fa36c87a
valid_from        : 
valid_until       : 
forced_install_on : 
changelog         : https://github.com/JPCERTCC/EmoCheck/releases
min_os_version    : 6.1
max_os_version    : 
icon_sha256sum    : 94130e338c36d879e0991839f23a03c6597c804310e38f44b0fdaf6d090a288a
signer            : Tranquil IT
signer_fingerprint: 8c5127a75392be9cc9afd0dbae1222a673072c308c14d88ab246e23832e8c6bb
signature_date    : 2025-11-11T16:08:02.000000
signed_attributes : package,version,architecture,section,priority,name,categories,maintainer,description,depends,conflicts,maturity,locale,target_os,min_wapt_version,sources,installed_size,impacted_process,description_fr,description_pl,description_de,description_es,description_pt,description_it,description_nl,description_ru,audit_schedule,editor,keywords,licence,homepage,package_uuid,valid_from,valid_until,forced_install_on,changelog,min_os_version,max_os_version,icon_sha256sum,signer,signer_fingerprint,signature_date,signed_attributes
signature         : Cx0u40HxilIfpKYMm7hnUIxbIwOLcuF4ZkkhjLH3WruEhlOMcrgaZ26/GKafz3x0pyi+D7aUTbwxKQMiAMWPV3lNj7g/Svvzs+r4WlV/e+38SbwSzZm7eJrsf7S7Aj+y+7LTTJ8uv/B+Iou/QM74Ec+FLtTTfolZgWzUysQJrgopdnM/FecVBejTizS9CnU/QFsB0FRw/eqd3gu9Vn0D9kOudozFxbV9qgXkPR8hUvlEsEGhTH+QrU8KKZ587tBDwD3TuqXB//Htbn66heSIU+2rmh062Nam3LchRWGW4TwRj6qXW+TrkEBV5Xu+6Ig22NrJ9tjjLCzTkheRNqHiCg==

# -*- coding: utf-8 -*-
from setuphelpers import *


app_dir = makepath(programfiles, "EmoCheck")


def install():
    # Initializing variables
    bin_name = glob.glob("emocheck_v*.exe")[0]
    app_path = makepath(app_dir, bin_name)

    # Installing the package
    print("Copying: %s to %s" % (bin_name, app_path))
    killalltasks(bin_name)
    if isdir(app_dir):
        remove_tree(app_dir)
    mkdirs(app_dir)
    filecopyto(makepath(basedir, bin_name), app_path)


def uninstall():
    bin_name = glob.glob(makepath(app_dir, "emocheck_v*x64*.exe"))[0]
    killalltasks(bin_name)
    if isdir(app_dir):
        remove_tree(app_dir)


def audit():
    # Initializing variables
    bin_name = glob.glob(makepath(app_dir, "emocheck_v*x64*.exe"))[0]
    app_path = makepath(app_dir, bin_name)

    for old_json in glob.glob(makepath(app_dir, "*.json")):
        remove_file(old_json)

    # Checking
    run('"%s" -quiet -output "%s" -json' % (app_path, app_dir))
    if not isfile(glob.glob(makepath(app_dir, "*.json"))[0]):
        print("WARNING: The scan do not return a result !")
        return "WARNING"

    json_scan = json_load_file(glob.glob(makepath(app_dir, "*.json"))[0])
    print("Scan result in json format:")
    print(json_scan)

    if json_scan["is_infected"] == "no":
        print("OK: This machine is not infected.")
        return "OK"
    else:
        print("CRITICAL: This machine is infected!")
        return "ERROR"

# -*- coding: utf-8 -*-
from setupdevhelpers import *
import json


def update_package():
    # Declaring local variables
    package_updated = False
    proxies = get_proxies()
    if not proxies:
        proxies = get_proxies_from_wapt_console()
    app_name = control.name
    api_url = "https://api.github.com/repos/JPCERTCC/EmoCheck/releases/latest"
    if control.architecture == "x64":
        arch_contains = "_x64.exe"
    elif control.architecture == "arm":
        arch_contains = "_x64.exe"
    else:
        arch_contains = "_x86.exe"

    # Getting latest version information from official sources
    print("API used is: %s" % api_url)
    json_load = json.loads(wgets(api_url, proxies=proxies))
    for download in json_load["assets"]:
        if arch_contains in download["name"]:
            download_url = download["browser_download_url"]
            version = json_load["tag_name"].split("-")[-1].replace("v", "")
            latest_bin = download["name"]
            break

    # Downloading latest binaries
    print("Latest %s version is: %s" % (app_name, version))
    print("Download URL is: %s" % download_url)
    if not isfile(latest_bin):
        print("Downloading: %s" % latest_bin)
        wget(download_url, latest_bin, proxies=proxies)
    else:
        print("Binary is present: %s" % latest_bin)

    # Changing version of the package
    if Version(version) > Version(control.get_software_version()):
        print("Software version updated (from: %s to: %s)" % (control.get_software_version(), Version(version)))
        package_updated = True
    else:
        print("Software version up-to-date (%s)" % Version(version))
    control.set_software_version(version)
    control.save_control_to_wapt()

    # Deleting outdated binaries
    for exe in glob.glob("emocheck_v*.exe"):
        if exe != latest_bin:
            remove_file(exe)

    # Validating update-package-sources
    return package_updated

38d056ab130f7bf7c481c12636a4e9959de36561d3dfcbe54c6e3571bc0c1dc3 : WAPT/certificate.crt
f4f8ed66e4ce841427309e24e05a83312c36d817961a6fb6ab24c7bc6effbf45 : WAPT/control
94130e338c36d879e0991839f23a03c6597c804310e38f44b0fdaf6d090a288a : WAPT/icon.png
006b0cd2b9c1592b69f78016108df3304de7141bf511112f234b9f18844bfc57 : emocheck_v2.4_x64.exe
f53b9caf5d92b032f1fc3e84c0ce6b9f72d11ccd0daa700dddb53fad3c6c091c : luti.json
cf37d6b0140a61afbc3834a2bb2f363d1875db3e8e32b268e5b307e04cb9764b : setup.py
4c924ef985e4d33053de8462e49f66cc865465034464235769fbd00501296369 : update_package.py