tis-emocheck
2.3.2-8
Outil de détection du malware Emotet pour Windows. (Windows 7 ne prend pas en charge la sortie UTF-8 dans l'invite de commande. Le paquet fonctionne car il est silencieux)
5721 téléchargements
Télécharger
Voir le résultat de la construction Voir l'analyse de VirusTotal
- package : tis-emocheck
- name : EmoCheck
- version : 2.3.2-8
- categories : Security
- maintainer : WAPT Team,Tranquil IT,Jimmy PELÉ,Pierre COSSON
- editor : JPCERT Coordination Center
- licence :
- locale : all
- target_os : windows
- impacted_process :
- architecture : x64
- signature_date : 2023-03-22 12:02
- size : 498.21 Ko
- homepage : https://github.com/JPCERTCC/EmoCheck
package : tis-emocheck
version : 2.3.2-8
architecture : x64
section : base
priority : optional
name : EmoCheck
categories : Security
maintainer : WAPT Team,Tranquil IT,Jimmy PELÉ,Pierre COSSON
description : Emotet (malware) detection tool for Windows. (Windows 7 does not support UTF-8 output in the Command Prompt. The package is working since he's silent)
depends :
conflicts :
maturity : PROD
locale : all
target_os : windows
min_wapt_version : 2.1
sources : https://github.com/JPCERTCC/EmoCheck/releases
installed_size :
impacted_process :
description_fr : Outil de détection du malware Emotet pour Windows. (Windows 7 ne prend pas en charge la sortie UTF-8 dans l'invite de commande. Le paquet fonctionne car il est silencieux)
description_pl : Narzędzie do wykrywania Emotet (malware) dla systemu Windows. (Windows 7 nie obsługuje wyjścia UTF-8 w Wierszu polecenia. Pakiet działa, ponieważ jest cichy)
description_de : Emotet (Malware)-Erkennungstool für Windows. (Windows 7 unterstützt keine UTF-8-Ausgabe in der Eingabeaufforderung. Das Paket funktioniert, da er still ist)
description_es : Herramienta de detección de Emotet (malware) para Windows. (Windows 7 no admite la salida de UTF-8 en el símbolo del sistema. El paquete funciona desde que es silencioso)
description_pt : Ferramenta de detecção de Emotet (malware) para Windows. (Windows 7 não suporta a saída UTF-8 no Prompt de Comando. O pacote está a funcionar uma vez que ele está silencioso)
description_it : Strumento di rilevamento di Emotet (malware) per Windows. (Windows 7 non supporta l'output UTF-8 nel Prompt dei comandi. Il pacchetto funziona poiché è silenzioso)
description_nl : Emotet (malware) opsporingsprogramma voor Windows. (Windows 7 ondersteunt geen UTF-8 uitvoer in de opdrachtprompt. Het pakket werkt sinds hij stil is)
description_ru : Средство обнаружения Emotet (вредоносного ПО) для Windows. (Windows 7 не поддерживает вывод UTF-8 в командной строке. Пакет работает, так как он молчит)
audit_schedule :
editor : JPCERT Coordination Center
keywords : security,malware,malware-detection,emotet
licence :
homepage : https://github.com/JPCERTCC/EmoCheck
package_uuid : 63aad514-a6df-467c-9042-9b9b1e0bb224
valid_from :
valid_until :
forced_install_on :
changelog : https://github.com/JPCERTCC/EmoCheck/releases
min_os_version : 6.1
max_os_version :
icon_sha256sum : 94130e338c36d879e0991839f23a03c6597c804310e38f44b0fdaf6d090a288a
signer : Tranquil IT
signer_fingerprint: 8c5127a75392be9cc9afd0dbae1222a673072c308c14d88ab246e23832e8c6bb
signature : RIdcTSau/rEKi6pR+XV+Ir5k/bTX1dPZonoYEabvrj9tstAS0S2mwcuSITysRFk+IPc2fEcKBcqfu7O+FwaP4kUzbBdsBEtGxqF4sFvAZsyLqmGhGq9srkaM4MNpgDste2NvoiE78KiZhUWI7V8n7qDSA9AsZ8TmWwA3Csc818ulNOt4GlFspNOMLxD5D39cd7rxJzDm7V3bPdxDN1Q1DGN6HWv2eG7N1YI/U+mgI53pw5p5SsIchp6hFXmrFBmJU/vmKTdaSaMxYOYzvTp8A0uqXeCSR+1ad2M61pIts2T4tYh8mLVKvwlHw1KlrKMhU/JqGS1QOvsOchP6tqt3GQ==
signature_date : 2023-03-22T12:02:05.708174
signed_attributes : package,version,architecture,section,priority,name,categories,maintainer,description,depends,conflicts,maturity,locale,target_os,min_wapt_version,sources,installed_size,impacted_process,description_fr,description_pl,description_de,description_es,description_pt,description_it,description_nl,description_ru,audit_schedule,editor,keywords,licence,homepage,package_uuid,valid_from,valid_until,forced_install_on,changelog,min_os_version,max_os_version,icon_sha256sum,signer,signer_fingerprint,signature_date,signed_attributes# -*- coding: utf-8 -*-
from setuphelpers import *
app_dir = makepath(programfiles, "EmoCheck")
def install():
# Initializing variables
bin_name = glob.glob("emocheck_v*.exe")[0]
app_path = makepath(app_dir, bin_name)
# Installing the package
print("Copying: %s to %s" % (bin_name, app_path))
killalltasks(bin_name)
if isdir(app_dir):
remove_tree(app_dir)
mkdirs(app_dir)
filecopyto(makepath(basedir, bin_name), app_path)
def uninstall():
bin_name = glob.glob(makepath(app_dir, "emocheck_v*%s*.exe" % control.architecture))[0]
killalltasks(bin_name)
if isdir(app_dir):
remove_tree(app_dir)
def audit():
# Initializing variables
bin_name = glob.glob(makepath(app_dir, "emocheck_v*%s*.exe" % control.architecture))[0]
app_path = makepath(app_dir, bin_name)
for old_json in glob.glob(makepath(app_dir, "*.json")):
remove_file(old_json)
# Checking
run('"%s" -quiet -output "%s" -json' % (app_path, app_dir))
if not isfile(glob.glob(makepath(app_dir, "*.json"))[0]):
print("WARNING: The scan do not return a result !")
return "WARNING"
json_scan = json_load_file(glob.glob(makepath(app_dir, "*.json"))[0])
print("Scan result in json format:")
print(json_scan)
if json_scan["is_infected"] == "no":
print("OK: This machine is not infected.")
return "OK"
else:
print("CRITICAL: This machine is infected!")
return "ERROR"
# -*- coding: utf-8 -*-
from setuphelpers import *
import json
def update_package():
# Declaring local variables
package_updated = False
proxies = get_proxies()
if not proxies:
proxies = get_proxies_from_wapt_console()
app_name = control.name
api_url = "https://api.github.com/repos/JPCERTCC/EmoCheck/releases/latest"
if control.architecture == "x64":
arch_contains = "_x64.exe"
else:
arch_contains = "_x86.exe"
# Getting latest version information from official sources
print("API used is: %s" % api_url)
json_load = json.loads(wgets(api_url, proxies=proxies))
for download in json_load["assets"]:
if arch_contains in download["name"]:
download_url = download["browser_download_url"]
version = json_load["tag_name"].split("-")[-1].replace("v", "")
latest_bin = download["name"]
break
# Downloading latest binaries
print("Latest %s version is: %s" % (app_name, version))
print("Download URL is: %s" % download_url)
if not isfile(latest_bin):
print("Downloading: %s" % latest_bin)
wget(download_url, latest_bin, proxies=proxies)
else:
print("Binary is present: %s" % latest_bin)
# Changing version of the package
if Version(version) > Version(control.get_software_version()):
print("Software version updated (from: %s to: %s)" % (control.get_software_version(), Version(version)))
package_updated = True
else:
print("Software version up-to-date (%s)" % Version(version))
control.set_software_version(version)
control.save_control_to_wapt()
# Deleting outdated binaries
remove_outdated_binaries(version)
# Validating update-package-sources
return package_updated
f02fb1771fe1f0073f2dbf28503e80f21943d6f7b5c8ffd11c8817c16cc9cb1e : setup.py
929061f5688f2959fcaf7a6a9a2f2c0e01dc151651836db9cc474dd39c282244 : update_package.py
40d689b38f0dce2d5f4eda981860a1511557f4455b65bb5bb9fd1b8395adc332 : emocheck_v2.3.2_x64.exe
94130e338c36d879e0991839f23a03c6597c804310e38f44b0fdaf6d090a288a : WAPT/icon.png
a5a97261381e1d0ad46ee15916abec9c2631d0201f5cc50ceb0197a165a0bbbf : WAPT/certificate.crt
19ac11cda32932db8d8740592356c5e8449296c9c3dc74364e6d01056ec6d963 : luti.json
88759eef1976cb44e9874cc5861af872c1cd5ce6a0733e92c0306a664e6dbf89 : WAPT/control