Jump to content

Recommended Posts

  • Replies 51
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

Hi mates, well this is my first contribution. a simple UDF to use Virustotal API v2.0 The response return is not parsed|splitted. requires >WinHttp UDF Functions List:   Update:   Now a Only Fu

A nice idea and UDF. May I provide some suggestions? ; Firstly, Global variables should be at the top a script and not in a function. ; Secondly, how about removing Global variables and doing someth

Awesome, you went with my design. Thanks for that.

A nice idea and UDF. May I provide some suggestions?

; Firstly, Global variables should be at the top a script and not in a function.
; Secondly, how about removing Global variables and doing something like this?

Global Const $__sVirusTotal_Page = 'www.virustotal.com'

Func Example()
    Local $hVirusTotal = VT_Open() ; Pass the 'handle' to the appropriate functions.
    ConsoleWrite(VT_Url_Scan($hVirusTotal, 'someurl.com', 'API') & @CRLF)
    VT_Close($hVirusTotal) ; Pass the 'handle' from $hVirusTotal.
EndFunc   ;==>Example

Func VT_Open() ; Pass
    Local Enum $eAPI_HttpOpen, $eAPI_HttpConnect ; These could be in the Global space too.
    Local $aAPI[2] = [0, 0]
    $aAPI[$eAPI_HttpOpen] = _WinHttpOpen()
    If @error Then $aAPI[$eAPI_HttpOpen] = -1
    $aAPI[$eAPI_HttpConnect] = _WinHttpConnect($aAPI[$eAPI_HttpOpen], $__sVirusTotal_Page)
    If @error Then $aAPI[$eAPI_HttpConnect] = -1
    Return $aAPI
EndFunc   ;==>VT_Open

Func VT_Close(ByRef Const $aAPI)
    Local Enum $eAPI_HttpOpen, $eAPI_HttpConnect ; These could be in the Global space too.
    _WinHttpCloseHandle($aAPI[$eAPI_HttpOpen])
    _WinHttpCloseHandle($aAPI[$eAPI_HttpConnect])
    Return True
EndFunc   ;==>VT_Close

Func VT_Url_Scan(ByRef $aAPI, $sURL, $sAPIkey)
    Local Enum $eAPI_HttpOpen, $eAPI_HttpConnect ; These could be in the Global space too.
    If $aAPI[$eAPI_HttpConnect] = -1 Then $aAPI = VT_Open() ; Check if HttpConnect isn't -1, if it is then connect to VirusTotal.
    Return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], 'POST', '/vtapi/v2/url/scan', Default, 'url=' & $sURL & '&key=' & $sAPIkey)
EndFunc   ;==>VT_Url_Scan

UDF List:

 
_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_ArrayFilter/_ArrayReduce_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 22/04/2018

Link to post
Share on other sites

Nice start!

Do you have any plans to marry it up to one of the JSON UDFs to extract the info?

Have fun!

John Morrison

Link to post
Share on other sites

Thanks mates.

 

A nice idea and UDF. May I provide some suggestions?

...

 

Thanks for your suggestions I'will update it. maybe use JSON UDF to Get response returns Error too.

 

I thought some like this for Http 

 

If @Error Return SetError(@Error,0,0)

or 

Simple return @error

obvious I need split the response to manage page returns.

regards

Link to post
Share on other sites

Hello,

thanks, very useful, How can I connect through a proxy?

 

change  _WinHttpOpen parameters.

_WinHttpOpen([$sUserAgent = Default [, $iAccessType = Default [, $sProxyName = Default [, $sProxyBypass = Default [, $iFlag = Default ]]]]])

regards

Link to post
Share on other sites
  • 3 weeks later...

Awesome, you went with my design. Thanks for that.

UDF List:

 
_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_ArrayFilter/_ArrayReduce_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 22/04/2018

Link to post
Share on other sites
  • 2 weeks later...

I had a bit of a play with the UDF and I don't appear to be getting anything back from "$fScan" and subsequent checks indicate that the file wasn't uploaded.

My Code (well actually just your example modified).

Local $hVirusTotal = VT_Open()
    ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    ConsoleWrite(":" & VT($hVirusTotal, $fScan, $sFileName,$sVirusTotalAPIkey) & ":" & @CRLF)
    ConsoleWrite("@error = " & @error & @cr)
    ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    ;ConsoleWrite(VT($hVirusTotal, $fRescan, hex($bHash),$sVirusTotalAPIkey) & @CRLF)
    ;1 = queued for rescanning. -1 = not present. 0 = unexpected error
    ;ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    ConsoleWrite(VT($hVirusTotal, $fReport, hex($bHash),$sVirusTotalAPIkey) & @CRLF)
    ;
    ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    VT_Close($hVirusTotal) ;

The result

 

----------------------------------------------------------------------------------
::
@error = 0
----------------------------------------------------------------------------------
{"response_code": 0, "resource": "46B3CC00ECD3D3E042DECA0072B063B3", "verbose_msg": "The requested resource is not among the finished, queued or pending scans"}
----------------------------------------------------------------------------------

 

The file exists...... Any ideas what's going on?

Thanks!

Link to post
Share on other sites

storme, 

Probably best to actually post what data the other variables contain instead of second guessing. Thanks.

UDF List:

 
_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_ArrayFilter/_ArrayReduce_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 22/04/2018

Link to post
Share on other sites

storme, 

Probably best to actually post what data the other variables contain instead of second guessing. Thanks.

No Guessing necessary.

The code is basically a cut and paste from the example in the OP.

This is the important line
VT($hVirusTotal, $fScan, $sFileName,$sVirusTotalAPIkey)

$hVirusTotal is set in the line above

$fscan is a UDF constant

$sFileName is the full path of the file (useless to anyone else, I stated it exists...and I checked with fileexists() to make sure it was ok)

$sVirusTotalAPIkey is my Virus total API key (Private not to be published)

The API states there should be a return from the file scan ($fScan) but as you see from the results it returns nothing.

Link to post
Share on other sites

@storme I think the problem is that you'r not waiting the file scan and you trying to get the report.

When you upload some file for scanning you should wait some time to get the report file.

So

if I get this "The requested resource is not among the finished, queued or pending scans"  So I should wait. I'll try some minutes later.

regards

Edited by Danyfirex
Link to post
Share on other sites

@storme I think the problem is that you'r not waiting the file scan and you trying to get the report.

 

When you upload some file for scanning you should wait some time to get the report file.

Yep understand that, the script I'm writing will do that when I can get it to submit a file to be scanned.

However, I'm not getting anything back from the submit to indicate it's done anything. According to the API help page there should be a report sent back with various information that I'll then use to keep track of files submitted.

if I get this "The requested resource is not among the finished, queued or pending scans"  

So I should wait. I'll try some minutes later.

The message you quoted above states "or pending scans" so shouldn't my "pending scan" be in the list?

I submitted the file last night and it still isn't in the list.  If it was submitted it should be there by now.

 

It appears as if the file isn't being submitted.

Have you tried your URL on a brand new EXE file that hasn't been submitted before?

BTW everything else works fine, if I use a file/hash that is already scanned.

So back to you...

John

Link to post
Share on other sites

@storme have you tried with another file?

 

For me work correctly I just upload another file right now this is the response that you should to get

:{"scan_id": "c38c7912767533053ef8f1c647b4fbf9f37f5ee305ead5b3049c4346b5c4419a-1371648640", "sha1": "01fc1499d986a1593f51a40d8f4294b5b69e83d9", "resource": "c38c7912767533053ef8f1c647b4fbf9f37f5ee305ead5b3049c4346b5c4419a", "response_code": 1, "sha256": "c38c7912767533053ef8f1c647b4fbf9f37f5ee305ead5b3049c4346b5c4419a", "permalink": "https://www.virustotal.com/file/c38c7912767533053ef8f1c647b4fbf9f37f5ee305ead5b3049c4346b5c4419a/analysis/1371648640/", "md5": "e0efdfe49b64cf7c2fc191c969d2d29d", "verbose_msg": "Scan request successfully queued, come back later for the report"}:

which is the size of your file?

 

I keep thinking the problem is that you're not waiting enough(some minutes maybe  3 or 5)

 

Also

You can use a Http debugger to see what's wrong.

Edited by Danyfirex
Link to post
Share on other sites

The file I was trying to upload/scan was an AutoIt program and my antivirus was intercepting and blocking it.

So the file was not passed to VT thus no report from the "$fScan".

I finally got it to go by disabling the antivirus.

It maybe worth adding some checks to your code to see if the files exists and can be opened.

An antivirus will probably allow you to check it exists but not open it.

Don't have any time to do any major checking now, wish I had found this last night when I did have time.

John

Link to post
Share on other sites

The file I was trying to upload/scan was an AutoIt program and my antivirus was intercepting and blocking it.

So the file was not passed to VT thus no report from the "$fScan".

I finally got it to go by disabling the antivirus.

It maybe worth adding some checks to your code to see if the files exists and can be opened.

An antivirus will probably allow you to check it exists but not open it.

Don't have any time to do any major checking now, wish I had found this last night when I did have time.

John

Good.

 

Yes you're right. I'll update soon.

 

regards

Link to post
Share on other sites

It's 2am here and I have to sleep but I did a bit of checking and got some strange results.

Test Code - VirusSubmit.exe (331KB) is the program I'm working on and Bitdefender (my antivirus) doesn't like it and is blocking it.

$sFileName = "P:\Autoit\_Projects\_MyProjects\VirusSubmit\VirusSubmit.exe"

; submit to Virustotal
    _Crypt_Startup()
    Local $bHash = _Crypt_HashFile($sFileName, $CALG_MD5)
    _Crypt_Shutdown()

    ;Check if hash exists
        ; Doesn't exist
            ; Submit file

    ;Get report
        ; Not ready yet (come back later)


    ConsoleWrite("FileExists = " & FileExists($sFileName) & @cr)
    ConsoleWrite("$bHash = " & $bHash & @cr)
    local $stest =  __WinHttpFileContent("", "file", $sFileName,"--------Boundary")

    ConsoleWrite("$stest-LEN = " & StringLen($stest) & " @error = " & @error & @cr)
    ConsoleWrite("$stest = " & $stest& @cr)

    Local $hVirusTotal = VT_Open()
    ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    ConsoleWrite(":" & VT($hVirusTotal, $fScan, $sFileName,$sVirusTotalAPIkey) & ":" & @CRLF)
    ConsoleWrite("@error = " & @error & @cr)
    ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    ;ConsoleWrite(VT($hVirusTotal, $fRescan, hex($bHash),$sVirusTotalAPIkey) & @CRLF)
    ;1 = queued for rescanning. -1 = not present. 0 = unexpected error
    ;ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    ConsoleWrite(VT($hVirusTotal, $fReport, hex($bHash),$sVirusTotalAPIkey) & @CRLF)
    ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $bHash = ' & $bHash & @crlf & '>Error code: ' & @error & @crlf) ;### Debug Console
    ;
    ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    VT_Close($hVirusTotal) ;

The result

 

FileExists = 1
$bHash = -1
$stest-LEN = 117 @error = 0
$stest = Content-Disposition: form-data; name="file"; filename="VirusSubmit.exe"
Content-Type: application/octet-stream



----------------------------------------------------------------------------------
@@ Debug(104) : $stest = :Content-Disposition: form-data; name="file"; filename="VirusSubmit.exe"
Content-Type: application/octet-stream


:
>Error code: 0
@@ Debug(107) : $tURL[$Type] = /vtapi/v2/file/scan
>Error code: 0
:{"scan_id": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855-1371656634", "sha1": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "resource": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "response_code": 1, "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "permalink": "https://www.virustotal.com/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/analysis/1371656634/", "md5": "d41d8cd98f00b204e9800998ecf8427e", "verbose_msg": "Scan request successfully queued, come back later for the report"}:
@error = 0
----------------------------------------------------------------------------------
{"response_code": 0, "resource": "FFFFFFFF", "verbose_msg": "Invalid resource, check what you are submitting"}
@@ Debug(95) : $bHash = -1
>Error code: 0
----------------------------------------------------------------------------------

 

Now for the original program I couldn't get to submit and still can't when the antivirus is on.  Code is the same the only change is

$sFileName = "D:\MemoryStickDEV\AHC_technology\programs\AHC_UserInfo.exe"

result

 

FileExists = 1
$bHash = 0x46B3CC00ECD3D3E042DECA0072B063B3
$stest-LEN = 664091 @error = 0
$stest = Content-Disposition: form-data; name="file"; filename="AHC_UserInfo.exe"
Content-Type: application/octet-stream

MZ----------------------------------------------------------------------------------
@@ Debug(104) : $stest = :Content-Disposition: form-data; name="file"; filename="AHC_UserInfo.exe"
Content-Type: application/octet-stream

MZ@@ Debug(107) : $tURL[$Type] = /vtapi/v2/file/scan
>Error code: 0
::
@error = 0
----------------------------------------------------------------------------------
{"scans": {"TotalDefense": {"detected": false, "version": "37.0.10473", "result": null, "update": "20130619"}, "MicroWorld-eScan": {"detected": false, "version": "12.0.250.0", "result": null, "update": "20130619"}, "nProtect": {"detected": false, "version": "2013-06-19.04", "result": null, "update": "20130619"}, "CAT-QuickHeal": {"detected": false, "version": "12.00", "result": null, "update": "20130619"}, "McAfee": {"detected": false, "version": "5.400.0.1158", "result": null, "update": "20130619"}, "Malwarebytes": {"detected": false, "version": "1.75.0.1", "result": null, "update": "20130619"}, "K7AntiVirus": {"detected": false, "version": "9.170.8884", "result": null, "update": "20130618"}, "K7GW": {"detected": false, "version": "12.7.0.12", "result": null, "update": "20130618"}, "TheHacker": {"detected": false, "version": "None", "result": null, "update": "20130619"}, "NANO-Antivirus": {"detected": false, "version": "0.24.0.52848", "result": null, "update": "20130619"}, "F-Prot": {"detected": false, "version": "4.7.1.166", "result": null, "update": "20130618"}, "Symantec": {"detected": false, "version": "20131.1.0.101", "result": null, "update": "20130619"}, "Norman": {"detected": false, "version": "7.01.04", "result": null, "update": "20130619"}, "ByteHero": {"detected": false, "version": "1.0.0.1", "result": null, "update": "20130613"}, "TrendMicro-HouseCall": {"detected": false, "version": "9.700.0.1001", "result": null, "update": "20130619"}, "Avast": {"detected": false, "version": "6.0.1289.0", "result": null, "update": "20130619"}, "eSafe": {"detected": false, "version": "7.0.17.0", "result": null, "update": "20130616"}, "ClamAV": {"detected": false, "version": "0.97.3.0", "result": null, "update": "20130619"}, "Kaspersky": {"detected": false, "version": "9.0.0.837", "result": null, "update": "20130619"}, "BitDefender": {"detected": true, "version": "7.2", "result": "Gen:Trojan.Heur.AutoIT.1", "update": "20130619"}, "Agnitum": {"detected": false, "version": "5.5.1.3", "result": null, "update": "20130618"}, "ViRobot": {"detected": false, "version": "2011.4.7.4223", "result": null, "update": "20130619"}, "Sophos": {"detected": false, "version": "4.90.0", "result": null, "update": "20130619"}, "Comodo": {"detected": false, "version": "16458", "result": null, "update": "20130619"}, "F-Secure": {"detected": true, "version": "11.0.19100.45", "result": "Gen:Trojan.Heur.AutoIT.1", "update": "20130619"}, "DrWeb": {"detected": false, "version": "", "result": null, "update": "20130619"}, "VIPRE": {"detected": false, "version": "18856", "result": null, "update": "20130619"}, "AntiVir": {"detected": false, "version": "7.11.85.142", "result": null, "update": "20130619"}, "TrendMicro": {"detected": false, "version": "9.740.0.1012", "result": null, "update": "20130619"}, "McAfee-GW-Edition": {"detected": false, "version": "2013", "result": null, "update": "20130619"}, "Emsisoft": {"detected": true, "version": "3.0.0.581", "result": "Gen:Trojan.Heur.AutoIT.1 (B)", "update": "20130619"}, "Jiangmin": {"detected": false, "version": "16.0.100", "result": null, "update": "20130619"}, "Antiy-AVL": {"detected": false, "version": "2.0.3.7", "result": null, "update": "20130619"}, "Kingsoft": {"detected": false, "version": "2013.4.9.267", "result": null, "update": "20130506"}, "Microsoft": {"detected": false, "version": "1.9607", "result": null, "update": "20130619"}, "SUPERAntiSpyware": {"detected": true, "version": "5.6.0.1008", "result": "Trojan.Agent/Gen-Autorun", "update": "20130619"}, "GData": {"detected": true, "version": "22", "result": "Gen:Trojan.Heur.AutoIT.1", "update": "20130619"}, "Commtouch": {"detected": false, "version": "5.4.1.7", "result": null, "update": "20130618"}, "AhnLab-V3": {"detected": false, "version": "2013.06.19.06", "result": null, "update": "20130619"}, "VBA32": {"detected": false, "version": "3.12.22.2", "result": null, "update": "20130619"}, "PCTools": {"detected": false, "version": "9.0.0.2", "result": null, "update": "20130521"}, "ESET-NOD32": {"detected": false, "version": "8467", "result": null, "update": "20130619"}, "Rising": {"detected": false, "version": "24.67.02.02", "result": null, "update": "20130619"}, "Ikarus": {"detected": false, "version": "T3.1.4.3.0", "result": null, "update": "20130619"}, "Fortinet": {"detected": false, "version": "5.1.146.0", "result": null, "update": "20130619"}, "AVG": {"detected": false, "version": "10.0.0.1190", "result": null, "update": "20130619"}, "Panda": {"detected": false, "version": "10.0.3.5", "result": null, "update": "20130619"}}, "scan_id": "2f65bd6f6ea409bb4b6ccd85226e46f24c8879b5d08811a2f24d8a2281816be5-1371651653", "sha1": "56f21e22ed9fc49b9de5d3961020a87b5efe3b68", "resource": "46B3CC00ECD3D3E042DECA0072B063B3", "response_code": 1, "scan_date": "2013-06-19 14:20:53", "permalink": "https://www.virustotal.com/file/2f65bd6f6ea409bb4b6ccd85226e46f24c8879b5d08811a2f24d8a2281816be5/analysis/1371651653/", "verbose_msg": "Scan finished, scan information embedded in this object", "total": 47, "positives": 5, "sha256": "2f65bd6f6ea409bb4b6ccd85226e46f24c8879b5d08811a2f24d8a2281816be5", "md5": "46b3cc00ecd3d3e042deca0072b063b3"}
@@ Debug(91) : $bHash = 0x46B3CC00ECD3D3E042DECA0072B063B3
>Error code: 0
----------------------------------------------------------------------------------

Now as you can see there is information in VT now as I disabled the antivirus so it would transmit earlier tonight....

However you can see there was no submit for this file

 

::
@error = 0

 

Not sure how much this is going to help.  If you can think of any tests you want me to try let me know and I'll try them when I get home.

Onward and upward!

John

Link to post
Share on other sites

The file I was trying to upload/scan was an AutoIt program and my antivirus was intercepting and blocking it.

So the file was not passed to VT thus no report from the "$fScan".

I finally got it to go by disabling the antivirus.

It maybe worth adding some checks to your code to see if the files exists and can be opened.

An antivirus will probably allow you to check it exists but not open it.

Don't have any time to do any major checking now, wish I had found this last night when I did have time.

John

 

On a related note, does your script provide the ability to upload via HTTPS?  The reason I ask is that some UTM firewalls may block the transmission of a virus.  While some UTMs can interrogate SSL, most don't; so it would be good to have this capability if possible.

Great UDF.

-John

Edited by jftuga
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By mLipok
      I try to download some file with winhttp.au3
      I use code from here:

      My code looks like:
      #include <FileConstants.au3> #include "WinHttp.au3" #AutoIt3Wrapper_Run_AU3Check=N _Example() Func _Example() ; Initialize and get session handle Local $hOpen = _WinHttpOpen() ; Get connection handle Local $hConnect = _WinHttpConnect($hOpen, "https://MY_URL") Local $CurrentOption = _WinHttpQueryOption($hConnect, $WINHTTP_OPTION_SECURITY_FLAGS) Local $Options = BitOR($CurrentOption, _ $SECURITY_FLAG_IGNORE_UNKNOWN_CA, _ $SECURITY_FLAG_IGNORE_CERT_CN_INVALID, _ $SECURITY_FLAG_IGNORE_CERT_DATE_INVALID) _WinHttpSetOption($hConnect, $WINHTTP_OPTION_SECURITY_FLAGS, $Options) If @error Then ConsoleWrite("! ---> @error=" & @error & " @extended=" & @extended & _ " : _WinHttpSetOption" & @CRLF) ; Specify the reguest Local $hRequest = _WinHttpOpenRequest($hConnect, Default, "MY_FILE") ; Send request _WinHttpSendRequest($hRequest) ; Wait for the response _WinHttpReceiveResponse($hRequest) ProgressOn("Downloading", "In Progress...") Progress(_WinHttpQueryHeaders($hRequest, $WINHTTP_QUERY_CONTENT_LENGTH)) Local $sData ; Check if there is data available... If _WinHttpQueryDataAvailable($hRequest) Then While 1 $sChunk = _WinHttpReadData_Ex($hRequest, Default, Default, Default, Progress) If @error Then ExitLoop $sData &= $sChunk Sleep(20) WEnd Else MsgBox(48, "Error", "Site is experiencing problems (or you).") EndIf Sleep(1000) ProgressOff() ; Close handles _WinHttpCloseHandle($hRequest) _WinHttpCloseHandle($hConnect) _WinHttpCloseHandle($hOpen) Local $hFile = FileOpen(@ScriptDir & "\MY_FILE", $FO_OVERWRITE + $FO_CREATEPATH + $FO_BINARY) FileWrite($hFile, $sData) FileClose($hFile) EndFunc ;==>_Example Func Progress($iSizeAll, $iSizeChunk = 0) Local Static $iMax, $iCurrentSize If $iSizeAll Then $iMax = $iSizeAll $iCurrentSize += $iSizeChunk Local $iPercent = Round($iCurrentSize / $iMax * 100, 0) ProgressSet($iPercent, $iPercent & " %") EndFunc ;==>Progress Func _WinHttpReadData_Ex($hRequest, $iMode = Default, $iNumberOfBytesToRead = Default, $pBuffer = Default, $vFunc = Default) __WinHttpDefault($iMode, 0) __WinHttpDefault($iNumberOfBytesToRead, 8192) __WinHttpDefault($vFunc, 0) Local $tBuffer, $vOutOnError = "" If $iMode = 2 Then $vOutOnError = Binary($vOutOnError) Switch $iMode Case 1, 2 If $pBuffer And $pBuffer <> Default Then $tBuffer = DllStructCreate("byte[" & $iNumberOfBytesToRead & "]", $pBuffer) Else $tBuffer = DllStructCreate("byte[" & $iNumberOfBytesToRead & "]") EndIf Case Else $iMode = 0 If $pBuffer And $pBuffer <> Default Then $tBuffer = DllStructCreate("char[" & $iNumberOfBytesToRead & "]", $pBuffer) Else $tBuffer = DllStructCreate("char[" & $iNumberOfBytesToRead & "]") EndIf EndSwitch Local $sReadType = "dword*" If BitAND(_WinHttpQueryOption(_WinHttpQueryOption(_WinHttpQueryOption($hRequest, $WINHTTP_OPTION_PARENT_HANDLE), $WINHTTP_OPTION_PARENT_HANDLE), $WINHTTP_OPTION_CONTEXT_VALUE), $WINHTTP_FLAG_ASYNC) Then $sReadType = "ptr" Local $aCall = DllCall($hWINHTTPDLL__WINHTTP, "bool", "WinHttpReadData", _ "handle", $hRequest, _ "struct*", $tBuffer, _ "dword", $iNumberOfBytesToRead, _ $sReadType, 0) If @error Or Not $aCall[0] Then Return SetError(1, 0, "") If Not $aCall[4] Then Return SetError(-1, 0, $vOutOnError) If IsFunc($vFunc) Then $vFunc(0, $aCall[4]) If $aCall[4] < $iNumberOfBytesToRead Then Switch $iMode Case 0 Return SetExtended($aCall[4], StringLeft(DllStructGetData($tBuffer, 1), $aCall[4])) Case 1 Return SetExtended($aCall[4], BinaryToString(BinaryMid(DllStructGetData($tBuffer, 1), 1, $aCall[4]), 4)) Case 2 Return SetExtended($aCall[4], BinaryMid(DllStructGetData($tBuffer, 1), 1, $aCall[4])) EndSwitch Else Switch $iMode Case 0, 2 Return SetExtended($aCall[4], DllStructGetData($tBuffer, 1)) Case 1 Return SetExtended($aCall[4], BinaryToString(DllStructGetData($tBuffer, 1), 4)) EndSwitch EndIf EndFunc ;==>_WinHttpReadData_Ex
      As a result I get file with this contents:
       
      As so far I found this:
        

      So I even with added:
      Local $CurrentOption = _WinHttpQueryOption($hConnect, $WINHTTP_OPTION_SECURITY_FLAGS) Local $Options = BitOR($CurrentOption, _ $SECURITY_FLAG_IGNORE_UNKNOWN_CA, _ $SECURITY_FLAG_IGNORE_CERT_CN_INVALID, _ $SECURITY_FLAG_IGNORE_CERT_DATE_INVALID) _WinHttpSetOption($hConnect, $WINHTTP_OPTION_SECURITY_FLAGS, $Options) If @error Then ConsoleWrite("! ---> @error=" & @error & " @extended=" & @extended & _ " : _WinHttpSetOption" & @CRLF)
      I still get the same errors.

      Anyone know a way how to fix this problem?

      Regards,
      mLipok
       
    • By water
      I have started to rewrite the PowerPoint UDF similar to the Word, Excel and Outlook UDF. The new UDF will not be compatible with the existing one.
      I will add examples, documentation, a section in the wiki etc.
      So far the following functions have been coded - more are on the ToDo list.
      _PPT_Open: Open a connection to a running instance of PowerPoint or start a new one _PPT_Close: Close a PowerPoint instance _PPT_CommentAdd: Add a Comment anywhere on a Slide or connected to a Shape (version 1.5.0.0 2021-08-31) _PPT_CommentDelete: Delete a single Comment from a Slide or all Comments from a SlideRange (version 1.5.0.0 2021-08-31) _PPT_CommentList: Get a list of all Comments in a Presentation (version 1.5.0.0 2021-08-31) _PPT_ConvertUnits: Convert units (like centimeters) to other units (like points) (version 1.3.0.0 2021-08-17) _PPT_HeaderFooterList: Returns a list of Headers and Footers for a Presentation (version 1.1.0.0 2021-07-25, removed with version 1.4.0.0 2021-08-25) _PPT_HeaderFooterSet: Sets the Header/Footer for a Slide/Slides or the Slide-/Notes-/Handout-/Title-Master of the Presentation (version 1.2.0.0 2021-08-09) _PPT_PresentationAttach: Attach to an already opened Presentation _PPT_PresentationClose: Close a Presentation _PPT_PresentationExport: Export one/multiple/all Slides as PDF or XPS. _PPT_PresentationExportGraphic: Export one/multiple/all Slides in a graphic format. _PPT_PresentationList: Returns a list of currently open Presentations (version 1.0.0.0 2021-07-20) _PPT_PresentationNew: Create a new Presentation _PPT_PresentationOpen: Open an existing Presentation _PPT_Print: Print one/multiple/all Slides of a Presentation (version 1.0.0.0 2021-07-20) _PPT_PresentationSave: Save a Presentation _PPT_PresentationSaveAs: Save a Presentation to another location or with another type _PPT_ShapeAdd: Add a Shape to a single or multiple Slides (version 1.1.0.0 2021-07-25) _PPT_ShapeAlignDistribute: Aligns and distributes the Shapes in the specified ShapeRange (version 1.6.0.0 - to be released) _PPT_ShapeCopyMove: Copy/move a Shape(s) of a single Slide to a Slide(s) in the same or a different Presentation (version 1.1.0.0 2021-07-25) _PPT_ShapeDelete: Delete a Shape or Shapes from a single or multiple Slides (version 1.1.0.0 2021-07-25) _PPT_SlideAdd: Add slide(s) to a Presentation _PPT_SlideCopyMove: Copy, move, duplicate Slide(s) _PPT_SlideDelete: Delete Slide(s) _PPT_SlideShow: Show a Presentation _PPT_TableGet: Extract data from a PowerPoint Table Shape to an array (version 1.3.0.0 2021-08-17) _PPT_TableSet: Write data to a PowerPoint Table Shape (version 1.3.0.0 2021-08-17) _PPT_TextFindReplace: Find & replace text throughout entire PowerPoint presentation (version 1.0.0.0 2021-07-20) _PPT_TextSet: Sets/modifies the Text of a Shape or Shapes of a single or multiple Slides (version 1.2.0.0 2021-08-09 Which functions do you want me to add to the UDF?
      ToDo list:
      create slide (JLogan3o13) - Done: _PPT_SlideAdd Apply template to slide (JLogan3o13) - Done: _PPT_SlideAdd Apply theme to slide (JLogan3o13) Cut/Copy/Duplicate/Move/Delete slide(s) (JLogan3o13) - Done: _PPT_SlideCopyMove, _PPT_SlideDelete Export slides (JLogan3o13) - Done: _PPT_PresentationExport Cut/Copy/Duplicate/Move/Delete shape(s) (JLogan3o13): Done : _PPT_ShapeCopyMove, _PPT_ShapeDelete (version 1.1.0.0 2021-07-25) ApplyAnimation, Select, SetDefaultProperties, and zOrder for shape(s) (JLogan3o13) Searching and replacing text (pcjunki) - Done: _PPT_TextFindReplace (version 1.0.0.0 2021-07-20) Export slides in a graphic format (JPG, GIF, PNG ...) (UEZ) - Done: _PPT_PresentationExportGraphic The UDF can be downloaded from the download forum.
       
    • By p4sCh
      Hello everyone,
      I've created a UDF for basic communication with SSH servers. I know there is already such a UDF, but I wasn't satisfied with it for my purpose, so I created a new one.
      This UDF also acts as a wrapper for the plink executable. Its essential functions are _SSHConnect, _SSHSend, _SSHRecv and _SSHCloseSocket.
      It does support multiple simultaneous connections and aims to be pretty robust. Feel free to share your opinions
      Two of the included examples use a slightly modified version of Vintage Terminal by @Chimp
      Download
      The download includes ssh.au3 (UDF), plink.exe (necessary), vintage terminal and code examples:
      SSH UDF.zip
    • By mLipok
      This is TeamViewer.au3 UDF for TeamViewer API.
      ; #INDEX# ======================================================================== ; Title .........: TeamViewer.au3 ; AutoIt Version : 3.3.10.2++ ; Language ......: English ; Description ...: A collection of function for use with TeamViewer API ; Author ........: mLipok ; Modified ......: ; URL ...........: ; URL ...........: https://www.teamviewer.com/ ; URL ...........: https://www.teamviewer.com/en/integrations/ ; URL ...........: https://integrate.teamviewer.com/en/develop/api/get-started/ ; URL ...........: https://downloadeu1.teamviewer.com/integrate/TeamViewer_API_Documentation.pdf ; Remarks .......: This UDF was created based on TeamViewer_API_Documentation.pdf v 1.4.1 ; Remarks .......: This UDF is using Free Chilkat component look here https://www.autoitscript.com/forum/files/file/433-chilkat-udf/ ; Remarks .......: Documentation is "work in progress" ; Date ..........: 2017/02/08 ; Version .......: 0.1.1 BETA - Work in progress ; ================================================================================ in TeamViewer_Example.au3 you can see few examples:

       
      Func _Example() ; If not exist then create new INI file from template If Not FileExists('TeamViewer_Example.ini') Then FileCopy('TeamViewer_Example — Template.ini', 'TeamViewer_Example.ini') ; Read Access Token from INI Local $sTV_AccessToken = IniRead('TeamViewer_Example.ini', 'Settings', 'AccessToken', '') If $sTV_AccessToken = '' Then ; Your Access Token, can be left empty when OAuth (below) is configured. ; ClientId = <----------------- Create an app in your TeamViewer Management Console and insert the client ID to the INI ; ClientSecret = <------------- Insert your client secret to the INI ; AuthorizationCode = <-------- Visit https://webapi.teamviewer.com/api/v1/oauth2/authorize?response_type=code&client_id=YOUR$i_ClientIdHERE ; Login, grant the permissions (popup) and put the code shown in the AuthorizationCode variable to the INI Local $sTVOAuth_ClientID = IniRead('TeamViewer_Example.ini', 'OAuth2', 'ClientID', '') Local $sTVOAuth_ClientSecret = IniRead('TeamViewer_Example.ini', 'OAuth2', 'ClientSecret', '') _IECreate('https://webapi.teamviewer.com/api/v1/oauth2/authorize?response_type=code&client_id=' & $sTVOAuth_ClientID) ; Local $sTVOAuth_AuthorizationCode = IniRead('TeamViewer_Example.ini', 'OAuth2', 'authorizationCode', '') Local $sTVOAuth_AuthorizationCode = InputBox('AuthorizationCode', 'Please provide TV OAuth2 AuthorizationCode') If @error Then Return If $sTVOAuth_ClientID Then $sTV_AccessToken = _TVAPI_RequestOAuth2_AccessToken($sTVOAuth_ClientID, $sTVOAuth_ClientSecret, $sTVOAuth_AuthorizationCode) EndIf If $sTV_AccessToken Then _TVAPI_AccessToken($sTV_AccessToken) If _TVAPI_Ping() = True Then ; ping API to check connection and $sTV_AccessToken _Example_TeamViewer__1_Devices_SaveToFile() ;~ _Example_TeamViewer__2_Devices_ChangeDetails() ;~ _Example_TeamViewer__3_Devices_GetDevicesSingleID() ;~ _Example_TeamViewer__4_Reports_GetAllConnections() ;~ _Example_TeamViewer__5_Users_GetUserInfomation() ;~ _Example_TeamViewer__6_Groups_ListGroups() ;~ _Example_TeamViewer__7_Devices_AddDeleteDevice() Else MsgBox(0, '_TVAPI_Ping', "$v_Token or connection problem.") EndIf EndFunc ;==>_Example You can download it here:
      I'm using TeamViewer_Example.ini to store my secret tokens/keys.
      [Settings] AccessToken= [OAuth2] ClientID= ClientSecret= authorizationCode=  
    • By seadoggie01
      This UDF is because I'm tired of trying to use UI Automation and Send to automate Adobe Acrobat. I often need to read the contents of PDFs and Acrobat is not easy to work with as a window.  The functions are based on the API Reference from Adobe located here.
      Acrobat Pro is required for all functions.
      It's very beta right now, but it still seems to work. Currently, the functions are based around page level manipulation of PDF documents: re-arranging, swapping, deleting, and moving pages as this is what I use the most.
      Please feel free to request/suggest features!
       
       
×
×
  • Create New...