tis-emocheck
2.4.0-8
Outil de détection du malware Emotet pour Windows. (Windows 7 ne prend pas en charge la sortie UTF-8 dans l'invite de commande. Le paquet fonctionne car il est silencieux)
5721 téléchargements
Télécharger
Voir le résultat de la construction Voir l'analyse de VirusTotal
- package : tis-emocheck
- name : EmoCheck
- version : 2.4.0-8
- categories : Security
- maintainer : WAPT Team,Tranquil IT,Jimmy PELÉ,Pierre COSSON
- editor : JPCERT Coordination Center
- licence :
- locale : all
- target_os : windows
- impacted_process :
- architecture : x64
- signature_date : 2023-03-25 17:00
- size : 1.60 Mo
- homepage : https://github.com/JPCERTCC/EmoCheck
package : tis-emocheck
version : 2.4.0-8
architecture : x64
section : base
priority : optional
name : EmoCheck
categories : Security
maintainer : WAPT Team,Tranquil IT,Jimmy PELÉ,Pierre COSSON
description : Emotet (malware) detection tool for Windows. (Windows 7 does not support UTF-8 output in the Command Prompt. The package is working since he's silent)
depends :
conflicts :
maturity : PROD
locale : all
target_os : windows
min_wapt_version : 2.1
sources : https://github.com/JPCERTCC/EmoCheck/releases
installed_size :
impacted_process :
description_fr : Outil de détection du malware Emotet pour Windows. (Windows 7 ne prend pas en charge la sortie UTF-8 dans l'invite de commande. Le paquet fonctionne car il est silencieux)
description_pl : Narzędzie do wykrywania Emotet (malware) dla systemu Windows. (Windows 7 nie obsługuje wyjścia UTF-8 w Wierszu polecenia. Pakiet działa, ponieważ jest cichy)
description_de : Emotet (Malware)-Erkennungstool für Windows. (Windows 7 unterstützt keine UTF-8-Ausgabe in der Eingabeaufforderung. Das Paket funktioniert, da er still ist)
description_es : Herramienta de detección de Emotet (malware) para Windows. (Windows 7 no admite la salida de UTF-8 en el símbolo del sistema. El paquete funciona desde que es silencioso)
description_pt : Ferramenta de detecção de Emotet (malware) para Windows. (Windows 7 não suporta a saída UTF-8 no Prompt de Comando. O pacote está a funcionar uma vez que ele está silencioso)
description_it : Strumento di rilevamento di Emotet (malware) per Windows. (Windows 7 non supporta l'output UTF-8 nel Prompt dei comandi. Il pacchetto funziona poiché è silenzioso)
description_nl : Emotet (malware) opsporingsprogramma voor Windows. (Windows 7 ondersteunt geen UTF-8 uitvoer in de opdrachtprompt. Het pakket werkt sinds hij stil is)
description_ru : Средство обнаружения Emotet (вредоносного ПО) для Windows. (Windows 7 не поддерживает вывод UTF-8 в командной строке. Пакет работает, так как он молчит)
audit_schedule :
editor : JPCERT Coordination Center
keywords : security,malware,malware-detection,emotet
licence :
homepage : https://github.com/JPCERTCC/EmoCheck
package_uuid : 97fbef1f-f082-4638-b769-731f77f2eb30
valid_from :
valid_until :
forced_install_on :
changelog : https://github.com/JPCERTCC/EmoCheck/releases
min_os_version : 6.1
max_os_version :
icon_sha256sum : 94130e338c36d879e0991839f23a03c6597c804310e38f44b0fdaf6d090a288a
signer : Tranquil IT
signer_fingerprint: 8c5127a75392be9cc9afd0dbae1222a673072c308c14d88ab246e23832e8c6bb
signature : KIdc298mQNQbjrkd7y1SKfX9yEN6XuOFJAj1paMMzcE1qIcZJPB5qZWMZwtC/AC5sERi1uo0LOvNITtSRG6w9kIqV/ajGpLLAe3cPc4Xm/NXcESW5v+maqz8dlEfsuG4gC3BlqM4So6tAEH+rG5EnoB1Xe0KtiTNha0rnRg3T8yvnSIx1xM/vRvFBjCUl7zUKVkRwDxZp2i9AlDvkDIfdW5mpbl21h64dMtRDOsllkqY6paGPfizyfCAuykDeYOGGn+mqtgeAFVTC3xxxRJ1JI+JCWiFZ+RsTxR94TKMc6o/K3KPJkwj/a52oQ2AtQpmcUH7ZsA1oSvikrRM4TSdfg==
signature_date : 2023-03-25T17:00:10.872035
signed_attributes : package,version,architecture,section,priority,name,categories,maintainer,description,depends,conflicts,maturity,locale,target_os,min_wapt_version,sources,installed_size,impacted_process,description_fr,description_pl,description_de,description_es,description_pt,description_it,description_nl,description_ru,audit_schedule,editor,keywords,licence,homepage,package_uuid,valid_from,valid_until,forced_install_on,changelog,min_os_version,max_os_version,icon_sha256sum,signer,signer_fingerprint,signature_date,signed_attributes# -*- coding: utf-8 -*-
from setuphelpers import *
app_dir = makepath(programfiles, "EmoCheck")
def install():
# Initializing variables
bin_name = glob.glob("emocheck_v*.exe")[0]
app_path = makepath(app_dir, bin_name)
# Installing the package
print("Copying: %s to %s" % (bin_name, app_path))
killalltasks(bin_name)
if isdir(app_dir):
remove_tree(app_dir)
mkdirs(app_dir)
filecopyto(makepath(basedir, bin_name), app_path)
def uninstall():
bin_name = glob.glob(makepath(app_dir, "emocheck_v*%s*.exe" % control.architecture))[0]
killalltasks(bin_name)
if isdir(app_dir):
remove_tree(app_dir)
def audit():
# Initializing variables
bin_name = glob.glob(makepath(app_dir, "emocheck_v*%s*.exe" % control.architecture))[0]
app_path = makepath(app_dir, bin_name)
for old_json in glob.glob(makepath(app_dir, "*.json")):
remove_file(old_json)
# Checking
run('"%s" -quiet -output "%s" -json' % (app_path, app_dir))
if not isfile(glob.glob(makepath(app_dir, "*.json"))[0]):
print("WARNING: The scan do not return a result !")
return "WARNING"
json_scan = json_load_file(glob.glob(makepath(app_dir, "*.json"))[0])
print("Scan result in json format:")
print(json_scan)
if json_scan["is_infected"] == "no":
print("OK: This machine is not infected.")
return "OK"
else:
print("CRITICAL: This machine is infected!")
return "ERROR"
# -*- coding: utf-8 -*-
from setupdevhelpers import *
import json
def update_package():
# Declaring local variables
package_updated = False
proxies = get_proxies()
if not proxies:
proxies = get_proxies_from_wapt_console()
app_name = control.name
api_url = "https://api.github.com/repos/JPCERTCC/EmoCheck/releases/latest"
if control.architecture == "x64":
arch_contains = "_x64.exe"
else:
arch_contains = "_x86.exe"
# Getting latest version information from official sources
print("API used is: %s" % api_url)
json_load = json.loads(wgets(api_url, proxies=proxies))
for download in json_load["assets"]:
if arch_contains in download["name"]:
download_url = download["browser_download_url"]
version = json_load["tag_name"].split("-")[-1].replace("v", "")
latest_bin = download["name"]
break
# Downloading latest binaries
print("Latest %s version is: %s" % (app_name, version))
print("Download URL is: %s" % download_url)
if not isfile(latest_bin):
print("Downloading: %s" % latest_bin)
wget(download_url, latest_bin, proxies=proxies)
else:
print("Binary is present: %s" % latest_bin)
# Changing version of the package
if Version(version) > Version(control.get_software_version()):
print("Software version updated (from: %s to: %s)" % (control.get_software_version(), Version(version)))
package_updated = True
else:
print("Software version up-to-date (%s)" % Version(version))
control.set_software_version(version)
control.save_control_to_wapt()
# Deleting outdated binaries
for exe in glob.glob("emocheck_v*.exe"):
if exe != latest_bin:
remove_file(exe)
# Validating update-package-sources
return package_updated
f02fb1771fe1f0073f2dbf28503e80f21943d6f7b5c8ffd11c8817c16cc9cb1e : setup.py
79aade568bbc6e0c52a4e02229d851a8e213db079a5f67329b051fc3c3ca6fde : update_package.py
006b0cd2b9c1592b69f78016108df3304de7141bf511112f234b9f18844bfc57 : emocheck_v2.4_x64.exe
94130e338c36d879e0991839f23a03c6597c804310e38f44b0fdaf6d090a288a : WAPT/icon.png
a5a97261381e1d0ad46ee15916abec9c2631d0201f5cc50ceb0197a165a0bbbf : WAPT/certificate.crt
d4521032626775e04f4bfe6c490c66024286af601137b67b1db7cc6778141ff2 : luti.json
a37e030fa96916ef03bc5963e2a75cf3fa39a4d5e31cd889cf68972f55face5b : WAPT/control