tis-emocheck
2.3.1-6
Outil de détection du malware Emotet pour Windows. (Windows 7 ne prend pas en charge la sortie UTF-8 dans l'invite de commande. Le paquet fonctionne car il est silencieux)
5721 téléchargements
Télécharger
Voir le résultat de la construction Voir l'analyse de VirusTotal
- package : tis-emocheck
- name : EmoCheck
- version : 2.3.1-6
- categories : Security
- maintainer : WAPT Team,Tranquil IT,Jimmy PELÉ
- editor : JPCERT Coordination Center
- licence :
- locale :
- target_os : windows
- impacted_process :
- architecture : x86
- signature_date : 2022-05-29 11:00
- size : 432.88 Ko
- homepage : https://github.com/JPCERTCC/EmoCheck
package : tis-emocheck
version : 2.3.1-6
architecture : x86
section : base
priority : optional
name : EmoCheck
categories : Security
maintainer : WAPT Team,Tranquil IT,Jimmy PELÉ
description : Emotet (malware) detection tool for Windows. (Windows 7 does not support UTF-8 output in the Command Prompt. The package is working since he's silent)
depends :
conflicts :
maturity : PROD
locale :
target_os : windows
min_wapt_version : 1.8
sources : https://github.com/JPCERTCC/EmoCheck/releases
installed_size :
impacted_process :
description_fr : Outil de détection du malware Emotet pour Windows. (Windows 7 ne prend pas en charge la sortie UTF-8 dans l'invite de commande. Le paquet fonctionne car il est silencieux)
description_pl :
description_de :
description_es :
description_pt :
description_it :
description_nl :
description_ru :
audit_schedule :
editor : JPCERT Coordination Center
keywords : security,malware,malware-detection,emotet
licence :
homepage : https://github.com/JPCERTCC/EmoCheck
package_uuid : 033f5bd2-7700-494e-b248-fc4eb7f7864f
valid_from :
valid_until :
forced_install_on :
changelog : https://github.com/JPCERTCC/EmoCheck/releases
min_os_version : 6.1
max_os_version :
icon_sha256sum : 6c397954cb9707a2201568ea512a02584ec87287d16330a6407e0659913a0d47
signer : Tranquil IT
signer_fingerprint: 8c5127a75392be9cc9afd0dbae1222a673072c308c14d88ab246e23832e8c6bb
signature : gGeFnf5Fioi6NX/0X6WkiGWFWsV7Y3aOEct8EtVj0yIu3OOFw2djmQV1ZWguZOLnDgQ4dhBXeF+Ipv4kK4oVkM+vlRGnhlFwESsX+cCkrSPY4PNpAeBxTTpX98uIxBth5JfcV5JydJ4FblW6fwZmZ+0OGJJw/ttSuUR42lwpf5hOo7qf/B1wCtituFabgwfToTX9PBICi3lMjnx4RM2io5E2aELMJUqXuHDdc7Lr8u8vzEKzM559eTtckTLl1s5h1AjO0ks+4WJ7i6qa1kEErwDh1+TOGMtuRo+zH5GjYpaU0/zSM6oZhxrTpS57wkSk69f4fXlXTJLOM/79o95QUA==
signature_date : 2022-05-29T11:00:10.885182
signed_attributes : package,version,architecture,section,priority,name,categories,maintainer,description,depends,conflicts,maturity,locale,target_os,min_wapt_version,sources,installed_size,impacted_process,description_fr,description_pl,description_de,description_es,description_pt,description_it,description_nl,description_ru,audit_schedule,editor,keywords,licence,homepage,package_uuid,valid_from,valid_until,forced_install_on,changelog,min_os_version,max_os_version,icon_sha256sum,signer,signer_fingerprint,signature_date,signed_attributes# -*- coding: utf-8 -*-
from setuphelpers import *
import json
uninstallkey = []
# Defining variables
bin_name_string = 'emocheck_v%s_x86.exe'
app_dir = makepath(programfiles,'EmoCheck')
def install():
# Initializing variables
package_version = control.version.split('-',1)[0]
bin_name = bin_name_string % package_version
app_path = makepath(app_dir,bin_name)
# Installing the package
print('Copying: %s to %s' % (bin_name, app_path))
killalltasks(bin_name)
if isdir(app_dir):
remove_tree(app_dir)
mkdirs(app_dir)
filecopyto(makepath(basedir, bin_name), app_path)
def uninstall():
# Initializing variables
package_version = control.version.split('-',1)[0]
bin_name = bin_name_string % package_version
app_path = makepath(app_dir,bin_name)
# Uninstalling the package
killalltasks(bin_name)
if isdir(app_dir):
remove_tree(app_dir)
def audit():
# Initializing variables
package_version = control.version.split('-',1)[0]
bin_name = bin_name_string % package_version
app_path = makepath(app_dir,bin_name)
for old_json in glob.glob(makepath(app_dir,'*.json')):
remove_file(old_json)
# Checking
run('"%s" -quiet -output "%s" -json' % (app_path, app_dir))
if not isfile(glob.glob(makepath(app_dir,'*.json'))[0]):
print("WARNING: The scan do not return a result !")
return "WARNING"
json_scan = json_load_file(glob.glob(makepath(app_dir,'*.json'))[0])
print("Scan result in json format:")
print(json_scan)
if json_scan['is_infected'] == 'no':
print("OK: This machine is not infected.")
return "OK"
else:
print("CRITICAL: This machine is infected!")
return "ERROR"
def update_package():
print('Downloading/Updating package content from upstream binary sources')
# Initializing variables
proxies = get_proxies()
app_name = control.name
git_repo = 'JPCERTCC/EmoCheck'
url_api = 'https://api.github.com/repos/%s/releases/latest' % git_repo
bin_end = bin_name_string.split('%s')[-1]
# Getting latest version from official website
print('API used is: ' + url_api)
json_load = json.loads(wgets(url_api,proxies=proxies))
for download in json_load['assets']:
if download['name'].endswith(bin_end):
url_dl = download['browser_download_url']
break
version = json_load['tag_name'].replace('v','')
latest_bin = bin_name_string % version
print("Latest %s version is: %s" % (app_name, version))
print("Download url is: %s" % url_dl)
# Downloading latest binaries
if not isfile(latest_bin):
print('Downloading: %s' % latest_bin)
wget(url_dl, latest_bin, proxies=proxies)
# Checking version from file
version_from_file = get_version_from_binary(latest_bin)
if version_from_file != '' and version != version_from_file:
os.rename(latest_bin, bin_name_string % version_from_file)
version = version_from_file
# Changing version of the package
control.version = '%s-%s'%(version,int(control.version.split('-')[-1])+1)
control.save_control_to_wapt()
print('Changing version to: %s in WAPT\\control' % control.version)
# Deleting outdated binaries
remove_outdated_binaries(version, list_extensions=bin_name_string.split('.'[-1]), list_filename_contain=control.architecture)
def json_load_file(json_file):
with open(json_file) as read_file:
data = json.load(read_file)
return data
def get_proxies():
import platform
if platform.python_version_tuple()[0] == '3':
from urllib.request import getproxies
else:
from urllib import getproxies
return getproxies()
def get_version_from_binary(filename):
if filename.endswith('.msi'):
return get_msi_properties(filename)['ProductVersion']
else:
return get_file_properties(filename)['ProductVersion']
def remove_outdated_binaries(version, list_extensions=['exe','msi','deb','rpm','dmg','pkg'], list_filename_contain=None):
if type(list_extensions) != list:
list_extensions = [list_extensions]
if list_filename_contain:
if type(list_filename_contain) != list:
list_filename_contain = [list_filename_contain]
list_extensions = ['.' + ext for ext in list_extensions if ext[0] != '.']
for file_ext in list_extensions:
for bin_in_dir in glob.glob('*%s' % file_ext):
if not version in bin_in_dir:
remove_file(bin_in_dir)
if list_filename_contain:
for filename_contain in list_filename_contain:
if not filename_contain in bin_in_dir:
remove_file(bin_in_dir)
e1878f088208a16ff6fdf4a2f5330b8c1bd33ffb9f06028515de006af822d28f : setup.py
6c397954cb9707a2201568ea512a02584ec87287d16330a6407e0659913a0d47 : WAPT/icon.png
a5a97261381e1d0ad46ee15916abec9c2631d0201f5cc50ceb0197a165a0bbbf : WAPT/certificate.crt
db68e60532ad19a3bb3df553a95d2177f15d9e667e2628b4da4d85a3b972413c : luti.json
692117d3ce4355cce990bbe756eb8880687a142fa63b4ba04032b581c7c7de01 : emocheck_v2.3.1_x86.exe
95799a8f22d88c6e6f0f7af040a219a3c2923cfd8e1ecbe31475ad0a81ebabc2 : WAPT/control