tis-emocheck

1.0.0-6
Emotet (malware) detection tool for Windows. (Windows 7 does not support UTF-8 output in the Command Prompt. The package is working since he's silent)
1032 downloads
Download

  Description 

  • package : tis-emocheck
  • version : 1.0.0-6
  • architecture : x86
  • categories : Security
  • maintainer : WAPT Team,Tranquil IT,Jimmy PELÉ
  • description : Emotet (malware) detection tool for Windows. (Windows 7 does not support UTF-8 output in the Command Prompt. The package is working since he's silent)
  • locale :
  • target_os : windows
  • min_os_version : 6.1
  • max_os_version :
  • min_wapt_version : 1.8
  • sources : https://github.com/JPCERTCC/EmoCheck/releases
  • installed_size :
  • impacted_process :
  • description_fr : Outil de détection du malware Emotet pour Windows. (Windows 7 ne prend pas en charge la sortie UTF-8 dans l'invite de commande. Le paquet fonctionne car il est silencieux)
  • description_pl :
  • description_de :
  • description_es :
  • description_pt :
  • description_it :
  • description_nl :
  • description_ru :
  • editor :
  • licence :
  • signature_date : 2020-09-09T11:45:08.487545
  • Homepage : https://github.com/JPCERTCC/EmoCheck

  Setup.py 

# -*- coding: utf-8 -*-
from setuphelpers import *
import json

uninstallkey = []

# Defining variables
bin_name_string = 'emocheck_v%s_x86.exe'
app_dir = makepath(programfiles,'EmoCheck')


def install():
    # Initializing variables
    package_version = control.version.split('-',1)[0]
    bin_name = bin_name_string % package_version
    app_path = makepath(app_dir,bin_name)

    # Installing the package
    print('Copying: %s to %s' % (bin_name, app_path))
    killalltasks(bin_name)
    if isdir(app_dir):
        remove_tree(app_dir)
    mkdirs(app_dir)
    filecopyto(makepath(basedir, bin_name), app_path)


def uninstall():
    # Initializing variables
    package_version = control.version.split('-',1)[0]
    bin_name = bin_name_string % package_version
    app_path = makepath(app_dir,bin_name)

    # Uninstalling the package
    killalltasks(bin_name)
    if isdir(app_dir):
        remove_tree(app_dir)


def audit():
    # Initializing variables
    package_version = control.version.split('-',1)[0]
    bin_name = bin_name_string % package_version
    app_path = makepath(app_dir,bin_name)

    for old_json in glob.glob(makepath(app_dir,'*.json')):
        remove_file(old_json)

    # Checking
    run('"%s" -quiet -output "%s" -json' % (app_path, app_dir))
    if not isfile(glob.glob(makepath(app_dir,'*.json'))[0]):
        print("WARNING: The scan do not return a result !")
        return "WARNING"

    json_scan = json_load_file(glob.glob(makepath(app_dir,'*.json'))[0])
    print("Scan result in json format:")
    print(json_scan)

    if json_scan['is_infected'] == 'no':
        print("OK: This machine is not infected.")
        return "OK"
    else:
        print("CRITICAL: This machine is infected!")
        return "ERROR"


def update_package():
    print('Downloading/Updating package content from upstream binary sources')

    # Initializing variables
    proxies = get_proxies()
    app_name = control.name
    git_repo = 'JPCERTCC/EmoCheck'
    url_api = 'https://api.github.com/repos/%s/releases/latest' % git_repo
    bin_end = bin_name_string.split('%s')[-1]

    # Getting latest version from official website
    print('API used is: ' + url_api)
    json_load = json.loads(wgets(url_api,proxies=proxies))

    for download in json_load['assets']:
        if download['name'].endswith(bin_end):
            url_dl = download['browser_download_url']
            break

    version = json_load['tag_name'].replace('v','')
    latest_bin = bin_name_string % version

    print("Latest %s version is: %s" % (app_name, version))
    print("Download url is: %s" % url_dl)

    # Downloading latest binaries
    if not isfile(latest_bin):
        print('Downloading: %s' % latest_bin)
        wget(url_dl, latest_bin, proxies=proxies)

        # Checking version from file
        version_from_file = get_version_from_binary(latest_bin)
        if version_from_file != '' and version != version_from_file:
            os.rename(latest_bin, bin_name_string % version_from_file)
            version = version_from_file

        # Changing version of the package
        control.version = '%s-%s'%(version,int(control.version.split('-')[-1])+1)
        control.save_control_to_wapt()
        print('Changing version to: %s in WAPT\\control' % control.version)

    # Deleting outdated binaries
    remove_outdated_binaries(version, list_extensions=bin_name_string.split('.'[-1]), list_filename_contain=control.architecture)




def json_load_file(json_file):
    with open(json_file) as read_file:
        data = json.load(read_file)
    return data


def get_proxies():
    import platform
    if platform.python_version_tuple()[0] == '3':
        from urllib.request import getproxies
    else:
        from urllib import getproxies
    return getproxies()


def get_version_from_binary(filename):
    if filename.endswith('.msi'):
        return get_msi_properties(filename)['ProductVersion']
    else:
        return get_file_properties(filename)['ProductVersion']


def remove_outdated_binaries(version, list_extensions=['exe','msi','deb','rpm','dmg','pkg'], list_filename_contain=None):
    if type(list_extensions) != list:
        list_extensions = [list_extensions]
    if list_filename_contain:
        if type(list_filename_contain) != list:
            list_filename_contain = [list_filename_contain]
    list_extensions = ['.' + ext for ext in list_extensions if ext[0] != '.']
    for file_ext in list_extensions:
        for bin_in_dir in glob.glob('*%s' % file_ext):
            if not version in bin_in_dir:
                remove_file(bin_in_dir)
            if list_filename_contain:
                for filename_contain in list_filename_contain:
                    if not filename_contain in bin_in_dir:
                        remove_file(bin_in_dir)


										

  Changelog 


Changelog software url : https://github.com/JPCERTCC/EmoCheck/releases

No changelog
  manifest.sha256 
[["emocheck_v1.0.0_x86.exe","544b6eb3bc04e9015ae7b4078e20a33a28c35370fb9e2c498d65e072c4c81bf3"],["setup.py","e1878f088208a16ff6fdf4a2f5330b8c1bd33ffb9f06028515de006af822d28f"],["WAPT/icon.png","6c397954cb9707a2201568ea512a02584ec87287d16330a6407e0659913a0d47"],["WAPT/certificate.crt","a5a97261381e1d0ad46ee15916abec9c2631d0201f5cc50ceb0197a165a0bbbf"],["WAPT/control","29c6d4e703b6b8002dc37c28b1259fb6430ca9142833ea15f0afb54ea74c5197"]]