Popular Post Danyfirex Posted May 13, 2013 Popular Post Share Posted May 13, 2013 (edited) Hi mates, well this is my first contribution. a simple UDF to use Virustotal API v2.0 The response return is not parsed|splitted. requires >WinHttp UDF Functions List: Update: Now a Only Function using a flags for respective mode. VT() Use respective flag($Type) VT(ByRef $aAPI, $Type, $sResource, $sAPIkey,$Comments="") flags($Type) $fReport = retrieve a scan report on a given file $fScan = submit a file for Scanning $fRescan = Rescan files in VirusTotal's file store $uReport = retrieve a scan report on a given URL $uScan = submit a URL for Scanning $Comment = Make a commnet on files and URLs Example: #include <Crypt.au3> #include "VT.au3" Example() Func Example() _Crypt_Startup() Local $sFilePath = @WindowsDir & "\Explorer.exe" Local $bHash = _Crypt_HashFile($sFilePath, $CALG_MD5) _Crypt_Shutdown() Local $hVirusTotal = VT_Open() Local $APIkey='Your API key' ConsoleWrite(VT($hVirusTotal, $fReport, '20c83c1c5d1289f177bc222d248dab261a62529b19352d7c0f965039168c0654',$APIkey) & @CRLF) ConsoleWrite(VT($hVirusTotal, $fScan, $sFilePath,$APIkey) & @CRLF) ConsoleWrite(VT($hVirusTotal, $fRescan, hex($bHash),$APIkey) & @CRLF) ConsoleWrite(VT($hVirusTotal, $uReport, "http://www.virustotal.com",$APIkey) & @CRLF) ConsoleWrite(VT($hVirusTotal, $uScan, "http://www.google.com",$APIkey) & @CRLF) ConsoleWrite(VT($hVirusTotal, $Comment, hex($bHash) ,$APIkey,"Hello Word | Hola Mundo") & @CRLF) VT_Close($hVirusTotal) ; EndFunc ;==>Example Saludos VT.au3 Edited June 3, 2013 by Danyfirex argumentum, 0xdefea7, Chamlien and 3 others 6 Danysys.com AutoIt... UDFs: VirusTotal API 2.0 UDF - libZPlay UDF - Apps: Guitar Tab Tester - VirusTotal Hash Checker Examples: Text-to-Speech ISpVoice Interface - Get installed applications - Enable/Disable Network connection PrintHookProc - WINTRUST - Mute Microphone Level - Get Connected NetWorks - Create NetWork Connection ShortCut Link to comment Share on other sites More sharing options...
czardas Posted May 13, 2013 Share Posted May 13, 2013 Nice idea! operator64 ArrayWorkshop Link to comment Share on other sites More sharing options...
guinness Posted May 13, 2013 Share Posted May 13, 2013 A nice idea and UDF. May I provide some suggestions? ; Firstly, Global variables should be at the top a script and not in a function. ; Secondly, how about removing Global variables and doing something like this? Global Const $__sVirusTotal_Page = 'www.virustotal.com' Func Example() Local $hVirusTotal = VT_Open() ; Pass the 'handle' to the appropriate functions. ConsoleWrite(VT_Url_Scan($hVirusTotal, 'someurl.com', 'API') & @CRLF) VT_Close($hVirusTotal) ; Pass the 'handle' from $hVirusTotal. EndFunc ;==>Example Func VT_Open() ; Pass Local Enum $eAPI_HttpOpen, $eAPI_HttpConnect ; These could be in the Global space too. Local $aAPI[2] = [0, 0] $aAPI[$eAPI_HttpOpen] = _WinHttpOpen() If @error Then $aAPI[$eAPI_HttpOpen] = -1 $aAPI[$eAPI_HttpConnect] = _WinHttpConnect($aAPI[$eAPI_HttpOpen], $__sVirusTotal_Page) If @error Then $aAPI[$eAPI_HttpConnect] = -1 Return $aAPI EndFunc ;==>VT_Open Func VT_Close(ByRef Const $aAPI) Local Enum $eAPI_HttpOpen, $eAPI_HttpConnect ; These could be in the Global space too. _WinHttpCloseHandle($aAPI[$eAPI_HttpOpen]) _WinHttpCloseHandle($aAPI[$eAPI_HttpConnect]) Return True EndFunc ;==>VT_Close Func VT_Url_Scan(ByRef $aAPI, $sURL, $sAPIkey) Local Enum $eAPI_HttpOpen, $eAPI_HttpConnect ; These could be in the Global space too. If $aAPI[$eAPI_HttpConnect] = -1 Then $aAPI = VT_Open() ; Check if HttpConnect isn't -1, if it is then connect to VirusTotal. Return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], 'POST', '/vtapi/v2/url/scan', Default, 'url=' & $sURL & '&key=' & $sAPIkey) EndFunc ;==>VT_Url_Scan Chamlien 1 UDF List: _AdapterConnections() • _AlwaysRun() • _AppMon() • _AppMonEx() • _ArrayFilter/_ArrayReduce • _BinaryBin() • _CheckMsgBox() • _CmdLineRaw() • _ContextMenu() • _ConvertLHWebColor()/_ConvertSHWebColor() • _DesktopDimensions() • _DisplayPassword() • _DotNet_Load()/_DotNet_Unload() • _Fibonacci() • _FileCompare() • _FileCompareContents() • _FileNameByHandle() • _FilePrefix/SRE() • _FindInFile() • _GetBackgroundColor()/_SetBackgroundColor() • _GetConrolID() • _GetCtrlClass() • _GetDirectoryFormat() • _GetDriveMediaType() • _GetFilename()/_GetFilenameExt() • _GetHardwareID() • _GetIP() • _GetIP_Country() • _GetOSLanguage() • _GetSavedSource() • _GetStringSize() • _GetSystemPaths() • _GetURLImage() • _GIFImage() • _GoogleWeather() • _GUICtrlCreateGroup() • _GUICtrlListBox_CreateArray() • _GUICtrlListView_CreateArray() • _GUICtrlListView_SaveCSV() • _GUICtrlListView_SaveHTML() • _GUICtrlListView_SaveTxt() • _GUICtrlListView_SaveXML() • _GUICtrlMenu_Recent() • _GUICtrlMenu_SetItemImage() • _GUICtrlTreeView_CreateArray() • _GUIDisable() • _GUIImageList_SetIconFromHandle() • _GUIRegisterMsg() • _GUISetIcon() • _Icon_Clear()/_Icon_Set() • _IdleTime() • _InetGet() • _InetGetGUI() • _InetGetProgress() • _IPDetails() • _IsFileOlder() • _IsGUID() • _IsHex() • _IsPalindrome() • _IsRegKey() • _IsStringRegExp() • _IsSystemDrive() • _IsUPX() • _IsValidType() • _IsWebColor() • _Language() • _Log() • _MicrosoftInternetConnectivity() • _MSDNDataType() • _PathFull/GetRelative/Split() • _PathSplitEx() • _PrintFromArray() • _ProgressSetMarquee() • _ReDim() • _RockPaperScissors()/_RockPaperScissorsLizardSpock() • _ScrollingCredits • _SelfDelete() • _SelfRename() • _SelfUpdate() • _SendTo() • _ShellAll() • _ShellFile() • _ShellFolder() • _SingletonHWID() • _SingletonPID() • _Startup() • _StringCompact() • _StringIsValid() • _StringRegExpMetaCharacters() • _StringReplaceWholeWord() • _StringStripChars() • _Temperature() • _TrialPeriod() • _UKToUSDate()/_USToUKDate() • _WinAPI_Create_CTL_CODE() • _WinAPI_CreateGUID() • _WMIDateStringToDate()/_DateToWMIDateString() • Au3 script parsing • AutoIt Search • AutoIt3 Portable • AutoIt3WrapperToPragma • AutoItWinGetTitle()/AutoItWinSetTitle() • Coding • DirToHTML5 • FileInstallr • FileReadLastChars() • GeoIP database • GUI - Only Close Button • GUI Examples • GUICtrlDeleteImage() • GUICtrlGetBkColor() • GUICtrlGetStyle() • GUIEvents • GUIGetBkColor() • Int_Parse() & Int_TryParse() • IsISBN() • LockFile() • Mapping CtrlIDs • OOP in AutoIt • ParseHeadersToSciTE() • PasswordValid • PasteBin • Posts Per Day • PreExpand • Protect Globals • Queue() • Resource Update • ResourcesEx • SciTE Jump • Settings INI • SHELLHOOK • Shunting-Yard • Signature Creator • Stack() • Stopwatch() • StringAddLF()/StringStripLF() • StringEOLToCRLF() • VSCROLL • WM_COPYDATA • More Examples... Updated: 22/04/2018 Link to comment Share on other sites More sharing options...
storme Posted May 13, 2013 Share Posted May 13, 2013 Nice start! Do you have any plans to marry it up to one of the JSON UDFs to extract the info? Have fun! John Morrison Some of my small contributions to AutoIt Browse for Folder Dialog - Automation SysTreeView32 | FileHippo Download and/or retrieve program information | Get installedpath from uninstall key in registry | RoboCopy function John Morrison aka Storm-E Link to comment Share on other sites More sharing options...
Danyfirex Posted May 13, 2013 Author Share Posted May 13, 2013 Thanks mates. A nice idea and UDF. May I provide some suggestions? ... Thanks for your suggestions I'will update it. maybe use JSON UDF to Get response returns Error too. I thought some like this for Http If @Error Return SetError(@Error,0,0) or Simple return @error obvious I need split the response to manage page returns. regards Danysys.com AutoIt... UDFs: VirusTotal API 2.0 UDF - libZPlay UDF - Apps: Guitar Tab Tester - VirusTotal Hash Checker Examples: Text-to-Speech ISpVoice Interface - Get installed applications - Enable/Disable Network connection PrintHookProc - WINTRUST - Mute Microphone Level - Get Connected NetWorks - Create NetWork Connection ShortCut Link to comment Share on other sites More sharing options...
ricky Posted May 13, 2013 Share Posted May 13, 2013 Hello, thanks, very useful, How can I connect through a proxy? Link to comment Share on other sites More sharing options...
Danyfirex Posted May 13, 2013 Author Share Posted May 13, 2013 Hello, thanks, very useful, How can I connect through a proxy? change _WinHttpOpen parameters. _WinHttpOpen([$sUserAgent = Default [, $iAccessType = Default [, $sProxyName = Default [, $sProxyBypass = Default [, $iFlag = Default ]]]]]) regards Danysys.com AutoIt... UDFs: VirusTotal API 2.0 UDF - libZPlay UDF - Apps: Guitar Tab Tester - VirusTotal Hash Checker Examples: Text-to-Speech ISpVoice Interface - Get installed applications - Enable/Disable Network connection PrintHookProc - WINTRUST - Mute Microphone Level - Get Connected NetWorks - Create NetWork Connection ShortCut Link to comment Share on other sites More sharing options...
ricky Posted May 13, 2013 Share Posted May 13, 2013 Hello, I tried, but no way. Impossible to connect,! Link to comment Share on other sites More sharing options...
Danyfirex Posted June 3, 2013 Author Share Posted June 3, 2013 Update... Danysys.com AutoIt... UDFs: VirusTotal API 2.0 UDF - libZPlay UDF - Apps: Guitar Tab Tester - VirusTotal Hash Checker Examples: Text-to-Speech ISpVoice Interface - Get installed applications - Enable/Disable Network connection PrintHookProc - WINTRUST - Mute Microphone Level - Get Connected NetWorks - Create NetWork Connection ShortCut Link to comment Share on other sites More sharing options...
guinness Posted June 4, 2013 Share Posted June 4, 2013 Awesome, you went with my design. Thanks for that. Danyfirex 1 UDF List: _AdapterConnections() • _AlwaysRun() • _AppMon() • _AppMonEx() • _ArrayFilter/_ArrayReduce • _BinaryBin() • _CheckMsgBox() • _CmdLineRaw() • _ContextMenu() • _ConvertLHWebColor()/_ConvertSHWebColor() • _DesktopDimensions() • _DisplayPassword() • _DotNet_Load()/_DotNet_Unload() • _Fibonacci() • _FileCompare() • _FileCompareContents() • _FileNameByHandle() • _FilePrefix/SRE() • _FindInFile() • _GetBackgroundColor()/_SetBackgroundColor() • _GetConrolID() • _GetCtrlClass() • _GetDirectoryFormat() • _GetDriveMediaType() • _GetFilename()/_GetFilenameExt() • _GetHardwareID() • _GetIP() • _GetIP_Country() • _GetOSLanguage() • _GetSavedSource() • _GetStringSize() • _GetSystemPaths() • _GetURLImage() • _GIFImage() • _GoogleWeather() • _GUICtrlCreateGroup() • _GUICtrlListBox_CreateArray() • _GUICtrlListView_CreateArray() • _GUICtrlListView_SaveCSV() • _GUICtrlListView_SaveHTML() • _GUICtrlListView_SaveTxt() • _GUICtrlListView_SaveXML() • _GUICtrlMenu_Recent() • _GUICtrlMenu_SetItemImage() • _GUICtrlTreeView_CreateArray() • _GUIDisable() • _GUIImageList_SetIconFromHandle() • _GUIRegisterMsg() • _GUISetIcon() • _Icon_Clear()/_Icon_Set() • _IdleTime() • _InetGet() • _InetGetGUI() • _InetGetProgress() • _IPDetails() • _IsFileOlder() • _IsGUID() • _IsHex() • _IsPalindrome() • _IsRegKey() • _IsStringRegExp() • _IsSystemDrive() • _IsUPX() • _IsValidType() • _IsWebColor() • _Language() • _Log() • _MicrosoftInternetConnectivity() • _MSDNDataType() • _PathFull/GetRelative/Split() • _PathSplitEx() • _PrintFromArray() • _ProgressSetMarquee() • _ReDim() • _RockPaperScissors()/_RockPaperScissorsLizardSpock() • _ScrollingCredits • _SelfDelete() • _SelfRename() • _SelfUpdate() • _SendTo() • _ShellAll() • _ShellFile() • _ShellFolder() • _SingletonHWID() • _SingletonPID() • _Startup() • _StringCompact() • _StringIsValid() • _StringRegExpMetaCharacters() • _StringReplaceWholeWord() • _StringStripChars() • _Temperature() • _TrialPeriod() • _UKToUSDate()/_USToUKDate() • _WinAPI_Create_CTL_CODE() • _WinAPI_CreateGUID() • _WMIDateStringToDate()/_DateToWMIDateString() • Au3 script parsing • AutoIt Search • AutoIt3 Portable • AutoIt3WrapperToPragma • AutoItWinGetTitle()/AutoItWinSetTitle() • Coding • DirToHTML5 • FileInstallr • FileReadLastChars() • GeoIP database • GUI - Only Close Button • GUI Examples • GUICtrlDeleteImage() • GUICtrlGetBkColor() • GUICtrlGetStyle() • GUIEvents • GUIGetBkColor() • Int_Parse() & Int_TryParse() • IsISBN() • LockFile() • Mapping CtrlIDs • OOP in AutoIt • ParseHeadersToSciTE() • PasswordValid • PasteBin • Posts Per Day • PreExpand • Protect Globals • Queue() • Resource Update • ResourcesEx • SciTE Jump • Settings INI • SHELLHOOK • Shunting-Yard • Signature Creator • Stack() • Stopwatch() • StringAddLF()/StringStripLF() • StringEOLToCRLF() • VSCROLL • WM_COPYDATA • More Examples... Updated: 22/04/2018 Link to comment Share on other sites More sharing options...
storme Posted June 18, 2013 Share Posted June 18, 2013 I had a bit of a play with the UDF and I don't appear to be getting anything back from "$fScan" and subsequent checks indicate that the file wasn't uploaded. My Code (well actually just your example modified). Local $hVirusTotal = VT_Open() ConsoleWrite("----------------------------------------------------------------------------------" & @cr) ConsoleWrite(":" & VT($hVirusTotal, $fScan, $sFileName,$sVirusTotalAPIkey) & ":" & @CRLF) ConsoleWrite("@error = " & @error & @cr) ConsoleWrite("----------------------------------------------------------------------------------" & @cr) ;ConsoleWrite(VT($hVirusTotal, $fRescan, hex($bHash),$sVirusTotalAPIkey) & @CRLF) ;1 = queued for rescanning. -1 = not present. 0 = unexpected error ;ConsoleWrite("----------------------------------------------------------------------------------" & @cr) ConsoleWrite(VT($hVirusTotal, $fReport, hex($bHash),$sVirusTotalAPIkey) & @CRLF) ; ConsoleWrite("----------------------------------------------------------------------------------" & @cr) VT_Close($hVirusTotal) ; The result ---------------------------------------------------------------------------------- :: @error = 0 ---------------------------------------------------------------------------------- {"response_code": 0, "resource": "46B3CC00ECD3D3E042DECA0072B063B3", "verbose_msg": "The requested resource is not among the finished, queued or pending scans"} ---------------------------------------------------------------------------------- The file exists...... Any ideas what's going on? Thanks! Some of my small contributions to AutoIt Browse for Folder Dialog - Automation SysTreeView32 | FileHippo Download and/or retrieve program information | Get installedpath from uninstall key in registry | RoboCopy function John Morrison aka Storm-E Link to comment Share on other sites More sharing options...
guinness Posted June 18, 2013 Share Posted June 18, 2013 storme, Probably best to actually post what data the other variables contain instead of second guessing. Thanks. UDF List: _AdapterConnections() • _AlwaysRun() • _AppMon() • _AppMonEx() • _ArrayFilter/_ArrayReduce • _BinaryBin() • _CheckMsgBox() • _CmdLineRaw() • _ContextMenu() • _ConvertLHWebColor()/_ConvertSHWebColor() • _DesktopDimensions() • _DisplayPassword() • _DotNet_Load()/_DotNet_Unload() • _Fibonacci() • _FileCompare() • _FileCompareContents() • _FileNameByHandle() • _FilePrefix/SRE() • _FindInFile() • _GetBackgroundColor()/_SetBackgroundColor() • _GetConrolID() • _GetCtrlClass() • _GetDirectoryFormat() • _GetDriveMediaType() • _GetFilename()/_GetFilenameExt() • _GetHardwareID() • _GetIP() • _GetIP_Country() • _GetOSLanguage() • _GetSavedSource() • _GetStringSize() • _GetSystemPaths() • _GetURLImage() • _GIFImage() • _GoogleWeather() • _GUICtrlCreateGroup() • _GUICtrlListBox_CreateArray() • _GUICtrlListView_CreateArray() • _GUICtrlListView_SaveCSV() • _GUICtrlListView_SaveHTML() • _GUICtrlListView_SaveTxt() • _GUICtrlListView_SaveXML() • _GUICtrlMenu_Recent() • _GUICtrlMenu_SetItemImage() • _GUICtrlTreeView_CreateArray() • _GUIDisable() • _GUIImageList_SetIconFromHandle() • _GUIRegisterMsg() • _GUISetIcon() • _Icon_Clear()/_Icon_Set() • _IdleTime() • _InetGet() • _InetGetGUI() • _InetGetProgress() • _IPDetails() • _IsFileOlder() • _IsGUID() • _IsHex() • _IsPalindrome() • _IsRegKey() • _IsStringRegExp() • _IsSystemDrive() • _IsUPX() • _IsValidType() • _IsWebColor() • _Language() • _Log() • _MicrosoftInternetConnectivity() • _MSDNDataType() • _PathFull/GetRelative/Split() • _PathSplitEx() • _PrintFromArray() • _ProgressSetMarquee() • _ReDim() • _RockPaperScissors()/_RockPaperScissorsLizardSpock() • _ScrollingCredits • _SelfDelete() • _SelfRename() • _SelfUpdate() • _SendTo() • _ShellAll() • _ShellFile() • _ShellFolder() • _SingletonHWID() • _SingletonPID() • _Startup() • _StringCompact() • _StringIsValid() • _StringRegExpMetaCharacters() • _StringReplaceWholeWord() • _StringStripChars() • _Temperature() • _TrialPeriod() • _UKToUSDate()/_USToUKDate() • _WinAPI_Create_CTL_CODE() • _WinAPI_CreateGUID() • _WMIDateStringToDate()/_DateToWMIDateString() • Au3 script parsing • AutoIt Search • AutoIt3 Portable • AutoIt3WrapperToPragma • AutoItWinGetTitle()/AutoItWinSetTitle() • Coding • DirToHTML5 • FileInstallr • FileReadLastChars() • GeoIP database • GUI - Only Close Button • GUI Examples • GUICtrlDeleteImage() • GUICtrlGetBkColor() • GUICtrlGetStyle() • GUIEvents • GUIGetBkColor() • Int_Parse() & Int_TryParse() • IsISBN() • LockFile() • Mapping CtrlIDs • OOP in AutoIt • ParseHeadersToSciTE() • PasswordValid • PasteBin • Posts Per Day • PreExpand • Protect Globals • Queue() • Resource Update • ResourcesEx • SciTE Jump • Settings INI • SHELLHOOK • Shunting-Yard • Signature Creator • Stack() • Stopwatch() • StringAddLF()/StringStripLF() • StringEOLToCRLF() • VSCROLL • WM_COPYDATA • More Examples... Updated: 22/04/2018 Link to comment Share on other sites More sharing options...
storme Posted June 18, 2013 Share Posted June 18, 2013 storme, Probably best to actually post what data the other variables contain instead of second guessing. Thanks. No Guessing necessary. The code is basically a cut and paste from the example in the OP. This is the important line VT($hVirusTotal, $fScan, $sFileName,$sVirusTotalAPIkey) $hVirusTotal is set in the line above $fscan is a UDF constant $sFileName is the full path of the file (useless to anyone else, I stated it exists...and I checked with fileexists() to make sure it was ok) $sVirusTotalAPIkey is my Virus total API key (Private not to be published) The API states there should be a return from the file scan ($fScan) but as you see from the results it returns nothing. Some of my small contributions to AutoIt Browse for Folder Dialog - Automation SysTreeView32 | FileHippo Download and/or retrieve program information | Get installedpath from uninstall key in registry | RoboCopy function John Morrison aka Storm-E Link to comment Share on other sites More sharing options...
Danyfirex Posted June 19, 2013 Author Share Posted June 19, 2013 (edited) @storme I think the problem is that you'r not waiting the file scan and you trying to get the report. When you upload some file for scanning you should wait some time to get the report file. So if I get this "The requested resource is not among the finished, queued or pending scans" So I should wait. I'll try some minutes later. regards Edited June 19, 2013 by Danyfirex Danysys.com AutoIt... UDFs: VirusTotal API 2.0 UDF - libZPlay UDF - Apps: Guitar Tab Tester - VirusTotal Hash Checker Examples: Text-to-Speech ISpVoice Interface - Get installed applications - Enable/Disable Network connection PrintHookProc - WINTRUST - Mute Microphone Level - Get Connected NetWorks - Create NetWork Connection ShortCut Link to comment Share on other sites More sharing options...
storme Posted June 19, 2013 Share Posted June 19, 2013 @storme I think the problem is that you'r not waiting the file scan and you trying to get the report. When you upload some file for scanning you should wait some time to get the report file.Yep understand that, the script I'm writing will do that when I can get it to submit a file to be scanned.However, I'm not getting anything back from the submit to indicate it's done anything. According to the API help page there should be a report sent back with various information that I'll then use to keep track of files submitted.if I get this "The requested resource is not among the finished, queued or pending scans" So I should wait. I'll try some minutes later.The message you quoted above states "or pending scans" so shouldn't my "pending scan" be in the list?I submitted the file last night and it still isn't in the list. If it was submitted it should be there by now. It appears as if the file isn't being submitted.Have you tried your URL on a brand new EXE file that hasn't been submitted before?BTW everything else works fine, if I use a file/hash that is already scanned.So back to you...John Some of my small contributions to AutoIt Browse for Folder Dialog - Automation SysTreeView32 | FileHippo Download and/or retrieve program information | Get installedpath from uninstall key in registry | RoboCopy function John Morrison aka Storm-E Link to comment Share on other sites More sharing options...
Danyfirex Posted June 19, 2013 Author Share Posted June 19, 2013 (edited) @storme have you tried with another file? For me work correctly I just upload another file right now this is the response that you should to get :{"scan_id": "c38c7912767533053ef8f1c647b4fbf9f37f5ee305ead5b3049c4346b5c4419a-1371648640", "sha1": "01fc1499d986a1593f51a40d8f4294b5b69e83d9", "resource": "c38c7912767533053ef8f1c647b4fbf9f37f5ee305ead5b3049c4346b5c4419a", "response_code": 1, "sha256": "c38c7912767533053ef8f1c647b4fbf9f37f5ee305ead5b3049c4346b5c4419a", "permalink": "https://www.virustotal.com/file/c38c7912767533053ef8f1c647b4fbf9f37f5ee305ead5b3049c4346b5c4419a/analysis/1371648640/", "md5": "e0efdfe49b64cf7c2fc191c969d2d29d", "verbose_msg": "Scan request successfully queued, come back later for the report"}: which is the size of your file? I keep thinking the problem is that you're not waiting enough(some minutes maybe 3 or 5) Also You can use a Http debugger to see what's wrong. Edited June 19, 2013 by Danyfirex Danysys.com AutoIt... UDFs: VirusTotal API 2.0 UDF - libZPlay UDF - Apps: Guitar Tab Tester - VirusTotal Hash Checker Examples: Text-to-Speech ISpVoice Interface - Get installed applications - Enable/Disable Network connection PrintHookProc - WINTRUST - Mute Microphone Level - Get Connected NetWorks - Create NetWork Connection ShortCut Link to comment Share on other sites More sharing options...
storme Posted June 19, 2013 Share Posted June 19, 2013 The file I was trying to upload/scan was an AutoIt program and my antivirus was intercepting and blocking it. So the file was not passed to VT thus no report from the "$fScan". I finally got it to go by disabling the antivirus. It maybe worth adding some checks to your code to see if the files exists and can be opened. An antivirus will probably allow you to check it exists but not open it. Don't have any time to do any major checking now, wish I had found this last night when I did have time. John Some of my small contributions to AutoIt Browse for Folder Dialog - Automation SysTreeView32 | FileHippo Download and/or retrieve program information | Get installedpath from uninstall key in registry | RoboCopy function John Morrison aka Storm-E Link to comment Share on other sites More sharing options...
Danyfirex Posted June 19, 2013 Author Share Posted June 19, 2013 The file I was trying to upload/scan was an AutoIt program and my antivirus was intercepting and blocking it. So the file was not passed to VT thus no report from the "$fScan". I finally got it to go by disabling the antivirus. It maybe worth adding some checks to your code to see if the files exists and can be opened. An antivirus will probably allow you to check it exists but not open it. Don't have any time to do any major checking now, wish I had found this last night when I did have time. John Good. Yes you're right. I'll update soon. regards Danysys.com AutoIt... UDFs: VirusTotal API 2.0 UDF - libZPlay UDF - Apps: Guitar Tab Tester - VirusTotal Hash Checker Examples: Text-to-Speech ISpVoice Interface - Get installed applications - Enable/Disable Network connection PrintHookProc - WINTRUST - Mute Microphone Level - Get Connected NetWorks - Create NetWork Connection ShortCut Link to comment Share on other sites More sharing options...
storme Posted June 19, 2013 Share Posted June 19, 2013 It's 2am here and I have to sleep but I did a bit of checking and got some strange results. Test Code - VirusSubmit.exe (331KB) is the program I'm working on and Bitdefender (my antivirus) doesn't like it and is blocking it. $sFileName = "P:\Autoit\_Projects\_MyProjects\VirusSubmit\VirusSubmit.exe" ; submit to Virustotal _Crypt_Startup() Local $bHash = _Crypt_HashFile($sFileName, $CALG_MD5) _Crypt_Shutdown() ;Check if hash exists ; Doesn't exist ; Submit file ;Get report ; Not ready yet (come back later) ConsoleWrite("FileExists = " & FileExists($sFileName) & @cr) ConsoleWrite("$bHash = " & $bHash & @cr) local $stest = __WinHttpFileContent("", "file", $sFileName,"--------Boundary") ConsoleWrite("$stest-LEN = " & StringLen($stest) & " @error = " & @error & @cr) ConsoleWrite("$stest = " & $stest& @cr) Local $hVirusTotal = VT_Open() ConsoleWrite("----------------------------------------------------------------------------------" & @cr) ConsoleWrite(":" & VT($hVirusTotal, $fScan, $sFileName,$sVirusTotalAPIkey) & ":" & @CRLF) ConsoleWrite("@error = " & @error & @cr) ConsoleWrite("----------------------------------------------------------------------------------" & @cr) ;ConsoleWrite(VT($hVirusTotal, $fRescan, hex($bHash),$sVirusTotalAPIkey) & @CRLF) ;1 = queued for rescanning. -1 = not present. 0 = unexpected error ;ConsoleWrite("----------------------------------------------------------------------------------" & @cr) ConsoleWrite(VT($hVirusTotal, $fReport, hex($bHash),$sVirusTotalAPIkey) & @CRLF) ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $bHash = ' & $bHash & @crlf & '>Error code: ' & @error & @crlf) ;### Debug Console ; ConsoleWrite("----------------------------------------------------------------------------------" & @cr) VT_Close($hVirusTotal) ; The result FileExists = 1 $bHash = -1 $stest-LEN = 117 @error = 0 $stest = Content-Disposition: form-data; name="file"; filename="VirusSubmit.exe" Content-Type: application/octet-stream ---------------------------------------------------------------------------------- @@ Debug(104) : $stest = :Content-Disposition: form-data; name="file"; filename="VirusSubmit.exe" Content-Type: application/octet-stream : >Error code: 0 @@ Debug(107) : $tURL[$Type] = /vtapi/v2/file/scan >Error code: 0 :{"scan_id": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855-1371656634", "sha1": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "resource": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "response_code": 1, "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "permalink": "https://www.virustotal.com/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/analysis/1371656634/", "md5": "d41d8cd98f00b204e9800998ecf8427e", "verbose_msg": "Scan request successfully queued, come back later for the report"}: @error = 0 ---------------------------------------------------------------------------------- {"response_code": 0, "resource": "FFFFFFFF", "verbose_msg": "Invalid resource, check what you are submitting"} @@ Debug(95) : $bHash = -1 >Error code: 0 ---------------------------------------------------------------------------------- Now for the original program I couldn't get to submit and still can't when the antivirus is on. Code is the same the only change is $sFileName = "D:\MemoryStickDEV\AHC_technology\programs\AHC_UserInfo.exe" result FileExists = 1 $bHash = 0x46B3CC00ECD3D3E042DECA0072B063B3 $stest-LEN = 664091 @error = 0 $stest = Content-Disposition: form-data; name="file"; filename="AHC_UserInfo.exe" Content-Type: application/octet-stream MZ---------------------------------------------------------------------------------- @@ Debug(104) : $stest = :Content-Disposition: form-data; name="file"; filename="AHC_UserInfo.exe" Content-Type: application/octet-stream MZ@@ Debug(107) : $tURL[$Type] = /vtapi/v2/file/scan >Error code: 0 :: @error = 0 ---------------------------------------------------------------------------------- {"scans": {"TotalDefense": {"detected": false, "version": "37.0.10473", "result": null, "update": "20130619"}, "MicroWorld-eScan": {"detected": false, "version": "12.0.250.0", "result": null, "update": "20130619"}, "nProtect": {"detected": false, "version": "2013-06-19.04", "result": null, "update": "20130619"}, "CAT-QuickHeal": {"detected": false, "version": "12.00", "result": null, "update": "20130619"}, "McAfee": {"detected": false, "version": "5.400.0.1158", "result": null, "update": "20130619"}, "Malwarebytes": {"detected": false, "version": "1.75.0.1", "result": null, "update": "20130619"}, "K7AntiVirus": {"detected": false, "version": "9.170.8884", "result": null, "update": "20130618"}, "K7GW": {"detected": false, "version": "12.7.0.12", "result": null, "update": "20130618"}, "TheHacker": {"detected": false, "version": "None", "result": null, "update": "20130619"}, "NANO-Antivirus": {"detected": false, "version": "0.24.0.52848", "result": null, "update": "20130619"}, "F-Prot": {"detected": false, "version": "4.7.1.166", "result": null, "update": "20130618"}, "Symantec": {"detected": false, "version": "20131.1.0.101", "result": null, "update": "20130619"}, "Norman": {"detected": false, "version": "7.01.04", "result": null, "update": "20130619"}, "ByteHero": {"detected": false, "version": "1.0.0.1", "result": null, "update": "20130613"}, "TrendMicro-HouseCall": {"detected": false, "version": "9.700.0.1001", "result": null, "update": "20130619"}, "Avast": {"detected": false, "version": "6.0.1289.0", "result": null, "update": "20130619"}, "eSafe": {"detected": false, "version": "7.0.17.0", "result": null, "update": "20130616"}, "ClamAV": {"detected": false, "version": "0.97.3.0", "result": null, "update": "20130619"}, "Kaspersky": {"detected": false, "version": "9.0.0.837", "result": null, "update": "20130619"}, "BitDefender": {"detected": true, "version": "7.2", "result": "Gen:Trojan.Heur.AutoIT.1", "update": "20130619"}, "Agnitum": {"detected": false, "version": "5.5.1.3", "result": null, "update": "20130618"}, "ViRobot": {"detected": false, "version": "2011.4.7.4223", "result": null, "update": "20130619"}, "Sophos": {"detected": false, "version": "4.90.0", "result": null, "update": "20130619"}, "Comodo": {"detected": false, "version": "16458", "result": null, "update": "20130619"}, "F-Secure": {"detected": true, "version": "11.0.19100.45", "result": "Gen:Trojan.Heur.AutoIT.1", "update": "20130619"}, "DrWeb": {"detected": false, "version": "", "result": null, "update": "20130619"}, "VIPRE": {"detected": false, "version": "18856", "result": null, "update": "20130619"}, "AntiVir": {"detected": false, "version": "7.11.85.142", "result": null, "update": "20130619"}, "TrendMicro": {"detected": false, "version": "9.740.0.1012", "result": null, "update": "20130619"}, "McAfee-GW-Edition": {"detected": false, "version": "2013", "result": null, "update": "20130619"}, "Emsisoft": {"detected": true, "version": "3.0.0.581", "result": "Gen:Trojan.Heur.AutoIT.1 (B)", "update": "20130619"}, "Jiangmin": {"detected": false, "version": "16.0.100", "result": null, "update": "20130619"}, "Antiy-AVL": {"detected": false, "version": "2.0.3.7", "result": null, "update": "20130619"}, "Kingsoft": {"detected": false, "version": "2013.4.9.267", "result": null, "update": "20130506"}, "Microsoft": {"detected": false, "version": "1.9607", "result": null, "update": "20130619"}, "SUPERAntiSpyware": {"detected": true, "version": "5.6.0.1008", "result": "Trojan.Agent/Gen-Autorun", "update": "20130619"}, "GData": {"detected": true, "version": "22", "result": "Gen:Trojan.Heur.AutoIT.1", "update": "20130619"}, "Commtouch": {"detected": false, "version": "5.4.1.7", "result": null, "update": "20130618"}, "AhnLab-V3": {"detected": false, "version": "2013.06.19.06", "result": null, "update": "20130619"}, "VBA32": {"detected": false, "version": "3.12.22.2", "result": null, "update": "20130619"}, "PCTools": {"detected": false, "version": "9.0.0.2", "result": null, "update": "20130521"}, "ESET-NOD32": {"detected": false, "version": "8467", "result": null, "update": "20130619"}, "Rising": {"detected": false, "version": "24.67.02.02", "result": null, "update": "20130619"}, "Ikarus": {"detected": false, "version": "T3.1.4.3.0", "result": null, "update": "20130619"}, "Fortinet": {"detected": false, "version": "5.1.146.0", "result": null, "update": "20130619"}, "AVG": {"detected": false, "version": "10.0.0.1190", "result": null, "update": "20130619"}, "Panda": {"detected": false, "version": "10.0.3.5", "result": null, "update": "20130619"}}, "scan_id": "2f65bd6f6ea409bb4b6ccd85226e46f24c8879b5d08811a2f24d8a2281816be5-1371651653", "sha1": "56f21e22ed9fc49b9de5d3961020a87b5efe3b68", "resource": "46B3CC00ECD3D3E042DECA0072B063B3", "response_code": 1, "scan_date": "2013-06-19 14:20:53", "permalink": "https://www.virustotal.com/file/2f65bd6f6ea409bb4b6ccd85226e46f24c8879b5d08811a2f24d8a2281816be5/analysis/1371651653/", "verbose_msg": "Scan finished, scan information embedded in this object", "total": 47, "positives": 5, "sha256": "2f65bd6f6ea409bb4b6ccd85226e46f24c8879b5d08811a2f24d8a2281816be5", "md5": "46b3cc00ecd3d3e042deca0072b063b3"} @@ Debug(91) : $bHash = 0x46B3CC00ECD3D3E042DECA0072B063B3 >Error code: 0 ---------------------------------------------------------------------------------- Now as you can see there is information in VT now as I disabled the antivirus so it would transmit earlier tonight.... However you can see there was no submit for this file :: @error = 0 Not sure how much this is going to help. If you can think of any tests you want me to try let me know and I'll try them when I get home. Onward and upward! John Some of my small contributions to AutoIt Browse for Folder Dialog - Automation SysTreeView32 | FileHippo Download and/or retrieve program information | Get installedpath from uninstall key in registry | RoboCopy function John Morrison aka Storm-E Link to comment Share on other sites More sharing options...
jftuga Posted June 19, 2013 Share Posted June 19, 2013 (edited) The file I was trying to upload/scan was an AutoIt program and my antivirus was intercepting and blocking it. So the file was not passed to VT thus no report from the "$fScan". I finally got it to go by disabling the antivirus. It maybe worth adding some checks to your code to see if the files exists and can be opened. An antivirus will probably allow you to check it exists but not open it. Don't have any time to do any major checking now, wish I had found this last night when I did have time. John On a related note, does your script provide the ability to upload via HTTPS? The reason I ask is that some UTM firewalls may block the transmission of a virus. While some UTMs can interrogate SSL, most don't; so it would be good to have this capability if possible. Great UDF. -John Edited June 19, 2013 by jftuga Admin_Popup, show computer info or launch shellRemote Manager, facilitates connecting to RDP / VNCProc_Watch, reprioritize cpu intensive processesUDF: _ini_to_dict, transforms ini file entries into variablesUDF: monitor_resolutions, returns resolutions of multiple monitorsReport Computer Problem, for your IT help deskProfile Fixer, fixes a 'missing' AD user profile Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now