tis-emocheck
2.3.2-8
Emotet (malware) detection tool for Windows. (Windows 7 does not support UTF-8 output in the Command Prompt. The package is working since he's silent)
5619 downloads
Download
See build result See VirusTotal scan
- package : tis-emocheck
- name : EmoCheck
- version : 2.3.2-8
- categories : Security
- maintainer : WAPT Team,Tranquil IT,Jimmy PELÉ,Pierre COSSON
- installed_size :
- editor : JPCERT Coordination Center
- licence :
- signature_date : 2023-03-22T12:00:12.445262
- size : 433.07 Ko
- locale : all
- target_os : windows
- impacted_process :
- architecture : x86
- Homepage : https://github.com/JPCERTCC/EmoCheck
package : tis-emocheck
version : 2.3.2-8
architecture : x86
section : base
priority : optional
name : EmoCheck
categories : Security
maintainer : WAPT Team,Tranquil IT,Jimmy PELÉ,Pierre COSSON
description : Emotet (malware) detection tool for Windows. (Windows 7 does not support UTF-8 output in the Command Prompt. The package is working since he's silent)
depends :
conflicts :
maturity : PROD
locale : all
target_os : windows
min_wapt_version : 2.1
sources : https://github.com/JPCERTCC/EmoCheck/releases
installed_size :
impacted_process :
description_fr : Outil de détection du malware Emotet pour Windows. (Windows 7 ne prend pas en charge la sortie UTF-8 dans l'invite de commande. Le paquet fonctionne car il est silencieux)
description_pl : Narzędzie do wykrywania Emotet (malware) dla systemu Windows. (Windows 7 nie obsługuje wyjścia UTF-8 w Wierszu polecenia. Pakiet działa, ponieważ jest cichy)
description_de : Emotet (Malware)-Erkennungstool für Windows. (Windows 7 unterstützt keine UTF-8-Ausgabe in der Eingabeaufforderung. Das Paket funktioniert, da er still ist)
description_es : Herramienta de detección de Emotet (malware) para Windows. (Windows 7 no admite la salida de UTF-8 en el símbolo del sistema. El paquete funciona desde que es silencioso)
description_pt : Ferramenta de detecção de Emotet (malware) para Windows. (Windows 7 não suporta a saída UTF-8 no Prompt de Comando. O pacote está a funcionar uma vez que ele está silencioso)
description_it : Strumento di rilevamento di Emotet (malware) per Windows. (Windows 7 non supporta l'output UTF-8 nel Prompt dei comandi. Il pacchetto funziona poiché è silenzioso)
description_nl : Emotet (malware) opsporingsprogramma voor Windows. (Windows 7 ondersteunt geen UTF-8 uitvoer in de opdrachtprompt. Het pakket werkt sinds hij stil is)
description_ru : Средство обнаружения Emotet (вредоносного ПО) для Windows. (Windows 7 не поддерживает вывод UTF-8 в командной строке. Пакет работает, так как он молчит)
audit_schedule :
editor : JPCERT Coordination Center
keywords : security,malware,malware-detection,emotet
licence :
homepage : https://github.com/JPCERTCC/EmoCheck
package_uuid : 5ae96fbe-a7cc-473f-b3e1-a1b2fc638ae5
valid_from :
valid_until :
forced_install_on :
changelog : https://github.com/JPCERTCC/EmoCheck/releases
min_os_version : 6.1
max_os_version :
icon_sha256sum : 94130e338c36d879e0991839f23a03c6597c804310e38f44b0fdaf6d090a288a
signer : Tranquil IT
signer_fingerprint: 8c5127a75392be9cc9afd0dbae1222a673072c308c14d88ab246e23832e8c6bb
signature : uZ/dEDa73cqns0Br9ODiqHlffGAdwNo7XjpLUyUMM89Wpt6IRkYlNOYHy7YHjwFYmVvL+0GoEVvp+BfVjeaBzfiP6lJ63fKWt/+ke+EAf/Vz+9oJZ433XEe+I5NAu7I2+5ZRfdnzVy1T+XMkix9RoEgTJDhyqdt58p+gtTmfykDxL8hY5wb4RWoo+ouETqwb8LS4KQ0rYUJyqjo4FpsFtQDccTPQY0vaaZ97xKD6tD+NDqyTQ9la8pghARNqeN2JDJpoTYNkuxDjb/yUx6JZ0qEQ3pwbB22OFNeMOlFHQDSkhTthoiHpWjNg+U5ew2KjPQHDPCD+KsS0wnlIorjrjg==
signature_date : 2023-03-22T12:00:12.445262
signed_attributes : package,version,architecture,section,priority,name,categories,maintainer,description,depends,conflicts,maturity,locale,target_os,min_wapt_version,sources,installed_size,impacted_process,description_fr,description_pl,description_de,description_es,description_pt,description_it,description_nl,description_ru,audit_schedule,editor,keywords,licence,homepage,package_uuid,valid_from,valid_until,forced_install_on,changelog,min_os_version,max_os_version,icon_sha256sum,signer,signer_fingerprint,signature_date,signed_attributes# -*- coding: utf-8 -*-
from setuphelpers import *
app_dir = makepath(programfiles, "EmoCheck")
def install():
# Initializing variables
bin_name = glob.glob("emocheck_v*.exe")[0]
app_path = makepath(app_dir, bin_name)
# Installing the package
print("Copying: %s to %s" % (bin_name, app_path))
killalltasks(bin_name)
if isdir(app_dir):
remove_tree(app_dir)
mkdirs(app_dir)
filecopyto(makepath(basedir, bin_name), app_path)
def uninstall():
bin_name = glob.glob(makepath(app_dir, "emocheck_v*%s*.exe" % control.architecture))[0]
killalltasks(bin_name)
if isdir(app_dir):
remove_tree(app_dir)
def audit():
# Initializing variables
bin_name = glob.glob(makepath(app_dir, "emocheck_v*%s*.exe" % control.architecture))[0]
app_path = makepath(app_dir, bin_name)
for old_json in glob.glob(makepath(app_dir, "*.json")):
remove_file(old_json)
# Checking
run('"%s" -quiet -output "%s" -json' % (app_path, app_dir))
if not isfile(glob.glob(makepath(app_dir, "*.json"))[0]):
print("WARNING: The scan do not return a result !")
return "WARNING"
json_scan = json_load_file(glob.glob(makepath(app_dir, "*.json"))[0])
print("Scan result in json format:")
print(json_scan)
if json_scan["is_infected"] == "no":
print("OK: This machine is not infected.")
return "OK"
else:
print("CRITICAL: This machine is infected!")
return "ERROR"
# -*- coding: utf-8 -*-
from setuphelpers import *
import json
def update_package():
# Declaring local variables
package_updated = False
proxies = get_proxies()
if not proxies:
proxies = get_proxies_from_wapt_console()
app_name = control.name
api_url = "https://api.github.com/repos/JPCERTCC/EmoCheck/releases/latest"
if control.architecture == "x64":
arch_contains = "_x64.exe"
else:
arch_contains = "_x86.exe"
# Getting latest version information from official sources
print("API used is: %s" % api_url)
json_load = json.loads(wgets(api_url, proxies=proxies))
for download in json_load["assets"]:
if arch_contains in download["name"]:
download_url = download["browser_download_url"]
version = json_load["tag_name"].split("-")[-1].replace("v", "")
latest_bin = download["name"]
break
# Downloading latest binaries
print("Latest %s version is: %s" % (app_name, version))
print("Download URL is: %s" % download_url)
if not isfile(latest_bin):
print("Downloading: %s" % latest_bin)
wget(download_url, latest_bin, proxies=proxies)
else:
print("Binary is present: %s" % latest_bin)
# Changing version of the package
if Version(version) > Version(control.get_software_version()):
print("Software version updated (from: %s to: %s)" % (control.get_software_version(), Version(version)))
package_updated = True
else:
print("Software version up-to-date (%s)" % Version(version))
control.set_software_version(version)
control.save_control_to_wapt()
# Deleting outdated binaries
remove_outdated_binaries(version)
# Validating update-package-sources
return package_updated
f02fb1771fe1f0073f2dbf28503e80f21943d6f7b5c8ffd11c8817c16cc9cb1e : setup.py
26a04dc64e715ff4203669d41c0f7b73ff840829be83ffb684fb7cdd21aef00f : emocheck_v2.3.2_x86.exe
929061f5688f2959fcaf7a6a9a2f2c0e01dc151651836db9cc474dd39c282244 : update_package.py
94130e338c36d879e0991839f23a03c6597c804310e38f44b0fdaf6d090a288a : WAPT/icon.png
a5a97261381e1d0ad46ee15916abec9c2631d0201f5cc50ceb0197a165a0bbbf : WAPT/certificate.crt
583fc64594db9bca8de436b9cd0499f95427badda1500e37f21f244490c2563c : luti.json
17ad5574e249fe3eada671ab97a17a2121cf55cc66c02e0a87a8f561730db792 : WAPT/control