Jump to content
Danyfirex

VirusTotal API 2.0 UDF

By Danyfirex, in AutoIt Example Scripts

Recommended Posts

Danyfirex    457

Danyfirex
Posted (edited)

Hi mates, well this is my first contribution. a simple UDF to use Virustotal API v2.0 The response return is not parsed|splitted. requires >WinHttp UDF

Functions List:

 

Update:
 
Now a Only Function using a flags for respective mode.
 
VT() Use respective flag($Type)
VT(ByRef $aAPI, $Type, $sResource, $sAPIkey,$Comments="")
flags($Type)
$fReport = retrieve a scan report on a given file
$fScan   = submit a file for Scanning
$fRescan = Rescan files in VirusTotal's file store
$uReport = retrieve a scan report on a given URL
$uScan   = submit a URL for Scanning
$Comment = Make a commnet on files and URLs
 
 
Example:
 
 
#include <Crypt.au3>
#include "VT.au3"

Example()

Func Example()

    _Crypt_Startup()
    Local $sFilePath = @WindowsDir & "\Explorer.exe" 

    Local $bHash = _Crypt_HashFile($sFilePath, $CALG_MD5)
   _Crypt_Shutdown()
    Local $hVirusTotal = VT_Open()
    Local $APIkey='Your API key'
    ConsoleWrite(VT($hVirusTotal, $fReport, '20c83c1c5d1289f177bc222d248dab261a62529b19352d7c0f965039168c0654',$APIkey) & @CRLF)
    ConsoleWrite(VT($hVirusTotal, $fScan, $sFilePath,$APIkey) & @CRLF)
    ConsoleWrite(VT($hVirusTotal, $fRescan, hex($bHash),$APIkey) & @CRLF)
    ConsoleWrite(VT($hVirusTotal, $uReport, "http://www.virustotal.com",$APIkey) & @CRLF)
    ConsoleWrite(VT($hVirusTotal, $uScan, "http://www.google.com",$APIkey) & @CRLF)
    ConsoleWrite(VT($hVirusTotal, $Comment, hex($bHash) ,$APIkey,"Hello Word | Hola Mundo") & @CRLF)
    VT_Close($hVirusTotal) ;
EndFunc   ;==>Example

Saludos

 
 
 
 
 

VT.au3

Edited by Danyfirex
  • Like 6

 

venezuela.png Sometimes I learn, Sometimes I teach...^_^

autoit_scripter_blue_userbar.png

       AutoIt...

 

 

UDFs: VirusTotal API 2.0 UDF - libZPlay UDF - Apps: Guitar Tab Tester - VirusTotal Hash Checker

Examples: Text-to-Speech ISpVoice Interface - Get installed applications - Enable/Disable Network connection   PrintHookProc - WINTRUST - Mute Microphone Level - Get Connected NetWorks - Create NetWork Connection ShortCut

 

 

Share this post

Link to post
Share on other sites

guinness    1,447

guinness
Posted

A nice idea and UDF. May I provide some suggestions?

; Firstly, Global variables should be at the top a script and not in a function.
; Secondly, how about removing Global variables and doing something like this?

Global Const $__sVirusTotal_Page = 'www.virustotal.com'

Func Example()
    Local $hVirusTotal = VT_Open() ; Pass the 'handle' to the appropriate functions.
    ConsoleWrite(VT_Url_Scan($hVirusTotal, 'someurl.com', 'API') & @CRLF)
    VT_Close($hVirusTotal) ; Pass the 'handle' from $hVirusTotal.
EndFunc   ;==>Example

Func VT_Open() ; Pass
    Local Enum $eAPI_HttpOpen, $eAPI_HttpConnect ; These could be in the Global space too.
    Local $aAPI[2] = [0, 0]
    $aAPI[$eAPI_HttpOpen] = _WinHttpOpen()
    If @error Then $aAPI[$eAPI_HttpOpen] = -1
    $aAPI[$eAPI_HttpConnect] = _WinHttpConnect($aAPI[$eAPI_HttpOpen], $__sVirusTotal_Page)
    If @error Then $aAPI[$eAPI_HttpConnect] = -1
    Return $aAPI
EndFunc   ;==>VT_Open

Func VT_Close(ByRef Const $aAPI)
    Local Enum $eAPI_HttpOpen, $eAPI_HttpConnect ; These could be in the Global space too.
    _WinHttpCloseHandle($aAPI[$eAPI_HttpOpen])
    _WinHttpCloseHandle($aAPI[$eAPI_HttpConnect])
    Return True
EndFunc   ;==>VT_Close

Func VT_Url_Scan(ByRef $aAPI, $sURL, $sAPIkey)
    Local Enum $eAPI_HttpOpen, $eAPI_HttpConnect ; These could be in the Global space too.
    If $aAPI[$eAPI_HttpConnect] = -1 Then $aAPI = VT_Open() ; Check if HttpConnect isn't -1, if it is then connect to VirusTotal.
    Return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], 'POST', '/vtapi/v2/url/scan', Default, 'url=' & $sURL & '&key=' & $sAPIkey)
EndFunc   ;==>VT_Url_Scan
  • Like 1

UDF List:

 
_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_ArrayFilter/_ArrayReduce_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 22/04/2018

Share this post

Link to post
Share on other sites

storme    20

storme
Posted

Nice start!

Do you have any plans to marry it up to one of the JSON UDFs to extract the info?

Have fun!

John Morrison

Some of my small contributions to AutoIt Browse for Folder Dialog - Automation SysTreeView32 | FileHippo Download and/or retrieve program information | Get installedpath from uninstall key in registry | RoboCopy function John Morrison aka Storm-E

Share this post

Link to post
Share on other sites

Danyfirex    457

Danyfirex
Posted

Thanks mates.

 

A nice idea and UDF. May I provide some suggestions?

...

 

Thanks for your suggestions I'will update it. maybe use JSON UDF to Get response returns Error too.

 

I thought some like this for Http 

 

If @Error Return SetError(@Error,0,0)

or 

Simple return @error

obvious I need split the response to manage page returns.

regards

 

venezuela.png Sometimes I learn, Sometimes I teach...^_^

autoit_scripter_blue_userbar.png

       AutoIt...

 

 

UDFs: VirusTotal API 2.0 UDF - libZPlay UDF - Apps: Guitar Tab Tester - VirusTotal Hash Checker

Examples: Text-to-Speech ISpVoice Interface - Get installed applications - Enable/Disable Network connection   PrintHookProc - WINTRUST - Mute Microphone Level - Get Connected NetWorks - Create NetWork Connection ShortCut

 

 

Share this post

Link to post
Share on other sites

ricky    3

ricky
Posted

Hello,

thanks, very useful, How can I connect through a proxy?

Share this post

Link to post
Share on other sites

Danyfirex    457

Danyfirex
Posted

Hello,

thanks, very useful, How can I connect through a proxy?

 

change  _WinHttpOpen parameters.

_WinHttpOpen([$sUserAgent = Default [, $iAccessType = Default [, $sProxyName = Default [, $sProxyBypass = Default [, $iFlag = Default ]]]]])

regards

 

venezuela.png Sometimes I learn, Sometimes I teach...^_^

autoit_scripter_blue_userbar.png

       AutoIt...

 

 

UDFs: VirusTotal API 2.0 UDF - libZPlay UDF - Apps: Guitar Tab Tester - VirusTotal Hash Checker

Examples: Text-to-Speech ISpVoice Interface - Get installed applications - Enable/Disable Network connection   PrintHookProc - WINTRUST - Mute Microphone Level - Get Connected NetWorks - Create NetWork Connection ShortCut

 

 

Share this post

Link to post
Share on other sites

ricky    3

ricky
Posted

Hello,

I tried, but no way. Impossible to connect,!

Share this post

Link to post
Share on other sites

Danyfirex    457

Danyfirex
Posted

Update...  :ph34r:

 

venezuela.png Sometimes I learn, Sometimes I teach...^_^

autoit_scripter_blue_userbar.png

       AutoIt...

 

 

UDFs: VirusTotal API 2.0 UDF - libZPlay UDF - Apps: Guitar Tab Tester - VirusTotal Hash Checker

Examples: Text-to-Speech ISpVoice Interface - Get installed applications - Enable/Disable Network connection   PrintHookProc - WINTRUST - Mute Microphone Level - Get Connected NetWorks - Create NetWork Connection ShortCut

 

 

Share this post

Link to post
Share on other sites

guinness    1,447

guinness
Posted

Awesome, you went with my design. Thanks for that.

  • Like 1

UDF List:

 
_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_ArrayFilter/_ArrayReduce_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 22/04/2018

Share this post

Link to post
Share on other sites

storme    20

storme
Posted

I had a bit of a play with the UDF and I don't appear to be getting anything back from "$fScan" and subsequent checks indicate that the file wasn't uploaded.

My Code (well actually just your example modified).

Local $hVirusTotal = VT_Open()
    ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    ConsoleWrite(":" & VT($hVirusTotal, $fScan, $sFileName,$sVirusTotalAPIkey) & ":" & @CRLF)
    ConsoleWrite("@error = " & @error & @cr)
    ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    ;ConsoleWrite(VT($hVirusTotal, $fRescan, hex($bHash),$sVirusTotalAPIkey) & @CRLF)
    ;1 = queued for rescanning. -1 = not present. 0 = unexpected error
    ;ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    ConsoleWrite(VT($hVirusTotal, $fReport, hex($bHash),$sVirusTotalAPIkey) & @CRLF)
    ;
    ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    VT_Close($hVirusTotal) ;

The result

 

----------------------------------------------------------------------------------
::
@error = 0
----------------------------------------------------------------------------------
{"response_code": 0, "resource": "46B3CC00ECD3D3E042DECA0072B063B3", "verbose_msg": "The requested resource is not among the finished, queued or pending scans"}
----------------------------------------------------------------------------------

 

The file exists...... Any ideas what's going on?

Thanks!

Some of my small contributions to AutoIt Browse for Folder Dialog - Automation SysTreeView32 | FileHippo Download and/or retrieve program information | Get installedpath from uninstall key in registry | RoboCopy function John Morrison aka Storm-E

Share this post

Link to post
Share on other sites

guinness    1,447

guinness
Posted

storme, 

Probably best to actually post what data the other variables contain instead of second guessing. Thanks.

UDF List:

 
_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_ArrayFilter/_ArrayReduce_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 22/04/2018

Share this post

Link to post
Share on other sites

storme    20

storme
Posted

storme, 

Probably best to actually post what data the other variables contain instead of second guessing. Thanks.

No Guessing necessary.

The code is basically a cut and paste from the example in the OP.

This is the important line
VT($hVirusTotal, $fScan, $sFileName,$sVirusTotalAPIkey)

$hVirusTotal is set in the line above

$fscan is a UDF constant

$sFileName is the full path of the file (useless to anyone else, I stated it exists...and I checked with fileexists() to make sure it was ok)

$sVirusTotalAPIkey is my Virus total API key (Private not to be published)

The API states there should be a return from the file scan ($fScan) but as you see from the results it returns nothing.

Some of my small contributions to AutoIt Browse for Folder Dialog - Automation SysTreeView32 | FileHippo Download and/or retrieve program information | Get installedpath from uninstall key in registry | RoboCopy function John Morrison aka Storm-E

Share this post

Link to post
Share on other sites

Danyfirex    457

Danyfirex
Posted (edited)

@storme I think the problem is that you'r not waiting the file scan and you trying to get the report.

When you upload some file for scanning you should wait some time to get the report file.

So

if I get this "The requested resource is not among the finished, queued or pending scans"  So I should wait. I'll try some minutes later.

regards

Edited by Danyfirex

 

venezuela.png Sometimes I learn, Sometimes I teach...^_^

autoit_scripter_blue_userbar.png

       AutoIt...

 

 

UDFs: VirusTotal API 2.0 UDF - libZPlay UDF - Apps: Guitar Tab Tester - VirusTotal Hash Checker

Examples: Text-to-Speech ISpVoice Interface - Get installed applications - Enable/Disable Network connection   PrintHookProc - WINTRUST - Mute Microphone Level - Get Connected NetWorks - Create NetWork Connection ShortCut

 

 

Share this post

Link to post
Share on other sites

storme    20

storme
Posted

@storme I think the problem is that you'r not waiting the file scan and you trying to get the report.

 

When you upload some file for scanning you should wait some time to get the report file.

Yep understand that, the script I'm writing will do that when I can get it to submit a file to be scanned.

However, I'm not getting anything back from the submit to indicate it's done anything. According to the API help page there should be a report sent back with various information that I'll then use to keep track of files submitted.

if I get this "The requested resource is not among the finished, queued or pending scans"  

So I should wait. I'll try some minutes later.

The message you quoted above states "or pending scans" so shouldn't my "pending scan" be in the list?

I submitted the file last night and it still isn't in the list.  If it was submitted it should be there by now.

 

It appears as if the file isn't being submitted.

Have you tried your URL on a brand new EXE file that hasn't been submitted before?

BTW everything else works fine, if I use a file/hash that is already scanned.

So back to you...

John

Some of my small contributions to AutoIt Browse for Folder Dialog - Automation SysTreeView32 | FileHippo Download and/or retrieve program information | Get installedpath from uninstall key in registry | RoboCopy function John Morrison aka Storm-E

Share this post

Link to post
Share on other sites

Danyfirex    457

Danyfirex
Posted (edited)

@storme have you tried with another file?

 

For me work correctly I just upload another file right now this is the response that you should to get

:{"scan_id": "c38c7912767533053ef8f1c647b4fbf9f37f5ee305ead5b3049c4346b5c4419a-1371648640", "sha1": "01fc1499d986a1593f51a40d8f4294b5b69e83d9", "resource": "c38c7912767533053ef8f1c647b4fbf9f37f5ee305ead5b3049c4346b5c4419a", "response_code": 1, "sha256": "c38c7912767533053ef8f1c647b4fbf9f37f5ee305ead5b3049c4346b5c4419a", "permalink": "https://www.virustotal.com/file/c38c7912767533053ef8f1c647b4fbf9f37f5ee305ead5b3049c4346b5c4419a/analysis/1371648640/", "md5": "e0efdfe49b64cf7c2fc191c969d2d29d", "verbose_msg": "Scan request successfully queued, come back later for the report"}:

which is the size of your file?

 

I keep thinking the problem is that you're not waiting enough(some minutes maybe  3 or 5)

 

Also

You can use a Http debugger to see what's wrong.

Edited by Danyfirex

 

venezuela.png Sometimes I learn, Sometimes I teach...^_^

autoit_scripter_blue_userbar.png

       AutoIt...

 

 

UDFs: VirusTotal API 2.0 UDF - libZPlay UDF - Apps: Guitar Tab Tester - VirusTotal Hash Checker

Examples: Text-to-Speech ISpVoice Interface - Get installed applications - Enable/Disable Network connection   PrintHookProc - WINTRUST - Mute Microphone Level - Get Connected NetWorks - Create NetWork Connection ShortCut

 

 

Share this post

Link to post
Share on other sites

storme    20

storme
Posted

The file I was trying to upload/scan was an AutoIt program and my antivirus was intercepting and blocking it.

So the file was not passed to VT thus no report from the "$fScan".

I finally got it to go by disabling the antivirus.

It maybe worth adding some checks to your code to see if the files exists and can be opened.

An antivirus will probably allow you to check it exists but not open it.

Don't have any time to do any major checking now, wish I had found this last night when I did have time.

John

Some of my small contributions to AutoIt Browse for Folder Dialog - Automation SysTreeView32 | FileHippo Download and/or retrieve program information | Get installedpath from uninstall key in registry | RoboCopy function John Morrison aka Storm-E

Share this post

Link to post
Share on other sites

Danyfirex    457

Danyfirex
Posted

The file I was trying to upload/scan was an AutoIt program and my antivirus was intercepting and blocking it.

So the file was not passed to VT thus no report from the "$fScan".

I finally got it to go by disabling the antivirus.

It maybe worth adding some checks to your code to see if the files exists and can be opened.

An antivirus will probably allow you to check it exists but not open it.

Don't have any time to do any major checking now, wish I had found this last night when I did have time.

John

Good.

 

Yes you're right. I'll update soon.

 

regards

 

venezuela.png Sometimes I learn, Sometimes I teach...^_^

autoit_scripter_blue_userbar.png

       AutoIt...

 

 

UDFs: VirusTotal API 2.0 UDF - libZPlay UDF - Apps: Guitar Tab Tester - VirusTotal Hash Checker

Examples: Text-to-Speech ISpVoice Interface - Get installed applications - Enable/Disable Network connection   PrintHookProc - WINTRUST - Mute Microphone Level - Get Connected NetWorks - Create NetWork Connection ShortCut

 

 

Share this post

Link to post
Share on other sites

storme    20

storme
Posted

It's 2am here and I have to sleep but I did a bit of checking and got some strange results.

Test Code - VirusSubmit.exe (331KB) is the program I'm working on and Bitdefender (my antivirus) doesn't like it and is blocking it.

$sFileName = "P:\Autoit\_Projects\_MyProjects\VirusSubmit\VirusSubmit.exe"

; submit to Virustotal
    _Crypt_Startup()
    Local $bHash = _Crypt_HashFile($sFileName, $CALG_MD5)
    _Crypt_Shutdown()

    ;Check if hash exists
        ; Doesn't exist
            ; Submit file

    ;Get report
        ; Not ready yet (come back later)


    ConsoleWrite("FileExists = " & FileExists($sFileName) & @cr)
    ConsoleWrite("$bHash = " & $bHash & @cr)
    local $stest =  __WinHttpFileContent("", "file", $sFileName,"--------Boundary")

    ConsoleWrite("$stest-LEN = " & StringLen($stest) & " @error = " & @error & @cr)
    ConsoleWrite("$stest = " & $stest& @cr)

    Local $hVirusTotal = VT_Open()
    ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    ConsoleWrite(":" & VT($hVirusTotal, $fScan, $sFileName,$sVirusTotalAPIkey) & ":" & @CRLF)
    ConsoleWrite("@error = " & @error & @cr)
    ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    ;ConsoleWrite(VT($hVirusTotal, $fRescan, hex($bHash),$sVirusTotalAPIkey) & @CRLF)
    ;1 = queued for rescanning. -1 = not present. 0 = unexpected error
    ;ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    ConsoleWrite(VT($hVirusTotal, $fReport, hex($bHash),$sVirusTotalAPIkey) & @CRLF)
    ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $bHash = ' & $bHash & @crlf & '>Error code: ' & @error & @crlf) ;### Debug Console
    ;
    ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    VT_Close($hVirusTotal) ;

The result

 

FileExists = 1
$bHash = -1
$stest-LEN = 117 @error = 0
$stest = Content-Disposition: form-data; name="file"; filename="VirusSubmit.exe"
Content-Type: application/octet-stream



----------------------------------------------------------------------------------
@@ Debug(104) : $stest = :Content-Disposition: form-data; name="file"; filename="VirusSubmit.exe"
Content-Type: application/octet-stream


:
>Error code: 0
@@ Debug(107) : $tURL[$Type] = /vtapi/v2/file/scan
>Error code: 0
:{"scan_id": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855-1371656634", "sha1": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "resource": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "response_code": 1, "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "permalink": "https://www.virustotal.com/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/analysis/1371656634/", "md5": "d41d8cd98f00b204e9800998ecf8427e", "verbose_msg": "Scan request successfully queued, come back later for the report"}:
@error = 0
----------------------------------------------------------------------------------
{"response_code": 0, "resource": "FFFFFFFF", "verbose_msg": "Invalid resource, check what you are submitting"}
@@ Debug(95) : $bHash = -1
>Error code: 0
----------------------------------------------------------------------------------

 

Now for the original program I couldn't get to submit and still can't when the antivirus is on.  Code is the same the only change is

$sFileName = "D:\MemoryStickDEV\AHC_technology\programs\AHC_UserInfo.exe"

result

 

FileExists = 1
$bHash = 0x46B3CC00ECD3D3E042DECA0072B063B3
$stest-LEN = 664091 @error = 0
$stest = Content-Disposition: form-data; name="file"; filename="AHC_UserInfo.exe"
Content-Type: application/octet-stream

MZ----------------------------------------------------------------------------------
@@ Debug(104) : $stest = :Content-Disposition: form-data; name="file"; filename="AHC_UserInfo.exe"
Content-Type: application/octet-stream

MZ@@ Debug(107) : $tURL[$Type] = /vtapi/v2/file/scan
>Error code: 0
::
@error = 0
----------------------------------------------------------------------------------
{"scans": {"TotalDefense": {"detected": false, "version": "37.0.10473", "result": null, "update": "20130619"}, "MicroWorld-eScan": {"detected": false, "version": "12.0.250.0", "result": null, "update": "20130619"}, "nProtect": {"detected": false, "version": "2013-06-19.04", "result": null, "update": "20130619"}, "CAT-QuickHeal": {"detected": false, "version": "12.00", "result": null, "update": "20130619"}, "McAfee": {"detected": false, "version": "5.400.0.1158", "result": null, "update": "20130619"}, "Malwarebytes": {"detected": false, "version": "1.75.0.1", "result": null, "update": "20130619"}, "K7AntiVirus": {"detected": false, "version": "9.170.8884", "result": null, "update": "20130618"}, "K7GW": {"detected": false, "version": "12.7.0.12", "result": null, "update": "20130618"}, "TheHacker": {"detected": false, "version": "None", "result": null, "update": "20130619"}, "NANO-Antivirus": {"detected": false, "version": "0.24.0.52848", "result": null, "update": "20130619"}, "F-Prot": {"detected": false, "version": "4.7.1.166", "result": null, "update": "20130618"}, "Symantec": {"detected": false, "version": "20131.1.0.101", "result": null, "update": "20130619"}, "Norman": {"detected": false, "version": "7.01.04", "result": null, "update": "20130619"}, "ByteHero": {"detected": false, "version": "1.0.0.1", "result": null, "update": "20130613"}, "TrendMicro-HouseCall": {"detected": false, "version": "9.700.0.1001", "result": null, "update": "20130619"}, "Avast": {"detected": false, "version": "6.0.1289.0", "result": null, "update": "20130619"}, "eSafe": {"detected": false, "version": "7.0.17.0", "result": null, "update": "20130616"}, "ClamAV": {"detected": false, "version": "0.97.3.0", "result": null, "update": "20130619"}, "Kaspersky": {"detected": false, "version": "9.0.0.837", "result": null, "update": "20130619"}, "BitDefender": {"detected": true, "version": "7.2", "result": "Gen:Trojan.Heur.AutoIT.1", "update": "20130619"}, "Agnitum": {"detected": false, "version": "5.5.1.3", "result": null, "update": "20130618"}, "ViRobot": {"detected": false, "version": "2011.4.7.4223", "result": null, "update": "20130619"}, "Sophos": {"detected": false, "version": "4.90.0", "result": null, "update": "20130619"}, "Comodo": {"detected": false, "version": "16458", "result": null, "update": "20130619"}, "F-Secure": {"detected": true, "version": "11.0.19100.45", "result": "Gen:Trojan.Heur.AutoIT.1", "update": "20130619"}, "DrWeb": {"detected": false, "version": "", "result": null, "update": "20130619"}, "VIPRE": {"detected": false, "version": "18856", "result": null, "update": "20130619"}, "AntiVir": {"detected": false, "version": "7.11.85.142", "result": null, "update": "20130619"}, "TrendMicro": {"detected": false, "version": "9.740.0.1012", "result": null, "update": "20130619"}, "McAfee-GW-Edition": {"detected": false, "version": "2013", "result": null, "update": "20130619"}, "Emsisoft": {"detected": true, "version": "3.0.0.581", "result": "Gen:Trojan.Heur.AutoIT.1 (B)", "update": "20130619"}, "Jiangmin": {"detected": false, "version": "16.0.100", "result": null, "update": "20130619"}, "Antiy-AVL": {"detected": false, "version": "2.0.3.7", "result": null, "update": "20130619"}, "Kingsoft": {"detected": false, "version": "2013.4.9.267", "result": null, "update": "20130506"}, "Microsoft": {"detected": false, "version": "1.9607", "result": null, "update": "20130619"}, "SUPERAntiSpyware": {"detected": true, "version": "5.6.0.1008", "result": "Trojan.Agent/Gen-Autorun", "update": "20130619"}, "GData": {"detected": true, "version": "22", "result": "Gen:Trojan.Heur.AutoIT.1", "update": "20130619"}, "Commtouch": {"detected": false, "version": "5.4.1.7", "result": null, "update": "20130618"}, "AhnLab-V3": {"detected": false, "version": "2013.06.19.06", "result": null, "update": "20130619"}, "VBA32": {"detected": false, "version": "3.12.22.2", "result": null, "update": "20130619"}, "PCTools": {"detected": false, "version": "9.0.0.2", "result": null, "update": "20130521"}, "ESET-NOD32": {"detected": false, "version": "8467", "result": null, "update": "20130619"}, "Rising": {"detected": false, "version": "24.67.02.02", "result": null, "update": "20130619"}, "Ikarus": {"detected": false, "version": "T3.1.4.3.0", "result": null, "update": "20130619"}, "Fortinet": {"detected": false, "version": "5.1.146.0", "result": null, "update": "20130619"}, "AVG": {"detected": false, "version": "10.0.0.1190", "result": null, "update": "20130619"}, "Panda": {"detected": false, "version": "10.0.3.5", "result": null, "update": "20130619"}}, "scan_id": "2f65bd6f6ea409bb4b6ccd85226e46f24c8879b5d08811a2f24d8a2281816be5-1371651653", "sha1": "56f21e22ed9fc49b9de5d3961020a87b5efe3b68", "resource": "46B3CC00ECD3D3E042DECA0072B063B3", "response_code": 1, "scan_date": "2013-06-19 14:20:53", "permalink": "https://www.virustotal.com/file/2f65bd6f6ea409bb4b6ccd85226e46f24c8879b5d08811a2f24d8a2281816be5/analysis/1371651653/", "verbose_msg": "Scan finished, scan information embedded in this object", "total": 47, "positives": 5, "sha256": "2f65bd6f6ea409bb4b6ccd85226e46f24c8879b5d08811a2f24d8a2281816be5", "md5": "46b3cc00ecd3d3e042deca0072b063b3"}
@@ Debug(91) : $bHash = 0x46B3CC00ECD3D3E042DECA0072B063B3
>Error code: 0
----------------------------------------------------------------------------------

Now as you can see there is information in VT now as I disabled the antivirus so it would transmit earlier tonight....

However you can see there was no submit for this file

 

::
@error = 0

 

Not sure how much this is going to help.  If you can think of any tests you want me to try let me know and I'll try them when I get home.

Onward and upward!

John

Some of my small contributions to AutoIt Browse for Folder Dialog - Automation SysTreeView32 | FileHippo Download and/or retrieve program information | Get installedpath from uninstall key in registry | RoboCopy function John Morrison aka Storm-E

Share this post

Link to post
Share on other sites

jftuga    0

jftuga
Posted (edited)

The file I was trying to upload/scan was an AutoIt program and my antivirus was intercepting and blocking it.

So the file was not passed to VT thus no report from the "$fScan".

I finally got it to go by disabling the antivirus.

It maybe worth adding some checks to your code to see if the files exists and can be opened.

An antivirus will probably allow you to check it exists but not open it.

Don't have any time to do any major checking now, wish I had found this last night when I did have time.

John

 

On a related note, does your script provide the ability to upload via HTTPS?  The reason I ask is that some UTM firewalls may block the transmission of a virus.  While some UTMs can interrogate SSL, most don't; so it would be good to have this capability if possible.

Great UDF.

-John

Edited by jftuga
Admin_Popup, show computer info or launch shellRemote Manager, facilitates connecting to RDP / VNCProc_Watch, reprioritize cpu intensive processesUDF: _ini_to_dict, transforms ini file entries into variablesUDF: monitor_resolutions, returns resolutions of multiple monitorsReport Computer Problem, for your IT help deskProfile Fixer, fixes a 'missing' AD user profile

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go To Topic Listing AutoIt Example Scripts

  • Similar Content

    • kcvinu
      How to change control font which created with control related UDFs like GuiButton.au3 ? - [SOLVED]
      By kcvinu
      Hi all,
      I am playing with _GUICtrlButton_Create function. How can i change this button's (or the entire form's) font ?. The in-built GUICtrlSetFont function is not working even when i convert the control handle to control ID with _WinAPI_GetDlgCtrlID ( ) function.  Do i need to use CreateFont api finction and send WM_SETFONT message ? Or is there any other easy and safe ways to do this ?. Thanks in advance.
      Note : This window is created by CreateWindowEx function, not by GUICreate function. 
    • Iznogoud
      Help or Hire a Freelancer - Creating an AutoIT script wich can create a helpdesk ticket trough API
      By Iznogoud
      Hi,
      I was wondering if someone can help me to create an AutoIT script which can create a ticket in a TopDesk environment.
      The API is wel documented, but i have not enough knowlegde at this moment to get this up from the ground. If someone could help me or if i could hire / pay someone to help me with this, that would be great.
      Information about the API can be found here: https://developers.topdesk.com/
      Is there a place where i maybe can hire AutoIT professionals to help me with this?
      On freelancer.com is an option, but there are alot of people responding which doesn't know a thing about AutoIT.
    • Ascer
      WinHttp Request using TLS 1.1 / 1.2
      By Ascer
      Hello
      Opertation Sys: Win7 x64
      Problem: Connecting to webs using TLS 1.1 +
      Description: WinHttp.WinHttpRequest.5.1 using TLS 1.0 by default, i need higher version to connect into some webs.
      Dim $oHttp = ObjCreate("WinHTTP.WinHTTPRequest.5.1") $oHttp.open ("GET", "https://howsmyssl.com/a/check", False) $oHttp.Option(9) = 128 ; 128 - TLS 1.0, 512 - TLS 1.1, 2048 - TLS 1.2, 2056 - TLS 1.1 & TLS 1.2 $oHttp.Send ConsoleWrite($oHttp.responseText & @CRLF) ; at end of the respond you can check your TLS version. Mine is: {"tls_version":"TLS 1.0","rating":"Bad"} Error: $oHttp.Option works only with parameter 128 (TLS 1.0) other values make error {Bad parameter}
      Additional: I've done this tutorial about enabling TLS in registry: <link>
      Thanks for support.
      Ascer
    • Ascer
      [UDF] Google oAuth 2.0 with AutoIt.
      By Ascer
      1. Description.
      oAuth 2.0 is security system implemented by Google a few years ago. You are able to connect into your Google accounts and manage documents. In this UDF i show you how to pass first authorization process., this allow you to automate most of functions using API interface. 2. Requirements.
      Google account. oAuth.au3 Download 3. Possibilities
      ;============================================================================================================ ; Date: 2018-02-10, 14:21 ; ; Description: UDF for authorize your app with oAuth 2.0 Google. ; ; Function(s): ; oAuth2GetAuthorizationCode() -> Get Code for "grant". ; oAuth2GetAccessToken() -> Get "access_token" and "refresh_token" first time. ; oAuth2RefreshAccessToken() -> Get current "access_token" using "refresh_token". ; ; Author(s): Ascer ;============================================================================================================ 4. Enable your Google API.
          4.1. Video Tutorial not mine!
       YouTube     4.2 Screenshots from authorization process (Polish language) 
      Go to https://console.developers.google.com/apis/dashboard and accept current rules.  

       
      Next create an new project  

       
      Enter name of you new project and click Create  

       
      Google will working now, please wait until finish. Next go to enable your API interface, we make if for Google  

       
      Take "Gmail" in search input and after click in found result.  

       
      Click Enable interface, Google will working now.  

       
      Create your login credentials  

       
      Select Windows Interface (combobox), User credentials (radio) and click button what is need bla bla  

       
      Type name of a new client id for oAuth 2.0 and click Create a new Client ID.  

       
      Next configure screen aplication, type some name and click Next. Google will working now.  

       
      Last step on this website is download source with your credentials in *Json format.  

       
      Now you received a file named client_id.json, it's how it look in Sublime Text:  

       
      5. Coding.
      Now we need to call a some function to get access code.  
      #include <oAuth.au3> Local $sClientId = "167204758184-vpeues0uk6b0g4jrnv0ipq5fapoig2v8.apps.googleusercontent.com" Local $sRedirectUri = "http://localhost" oAuth2GetAuthorizationCode($sClientId, $sRedirectUri)  
      Function will execute default browser for ask you to permission.  

       
      Next Google ask you to permission for access to your personal details by application Autoit   

       
      Now you can thing is something wrong but all is ok, you need to copy all after  code= . It your access code.  

       
      Let's now ask Google about our Access Token and Refresh Token  
      #include <oAuth.au3> Local $sClientId = "167204758184-vpeues0uk6b0g4jrnv0ipq5fapoig2v8.apps.googleusercontent.com" Local $sClientSecret = "cWalvFr3WxiE6cjUkdmKEPo8" Local $sAuthorizationCode = "4/AAAPXJOZ-Tz0s6mrx7JbV6nthXSfcxaszFh_aH0azVqHkSHkfiwE8uamcabn4eMbEWg1eAuUw7AU0PQ0XeWUFRo#" Local $sRedirectUri = "http://localhost" Local $aRet = oAuth2GetAccessToken($sClientId, $sClientSecret, $sAuthorizationCode, $sRedirectUri) If Ubound($aRet) <> 4 then ConsoleWrite("+++ Something wrong with reading ResponseText." & @CRLF) Exit EndIf ConsoleWrite("Successfully received data from Google." & @CRLF) ConsoleWrite("access_token: " & $aRet[0] & @CRLF) ConsoleWrite("expires_in: " & $aRet[1] & @CRLF) ConsoleWrite("refresh_token: " & $aRet[2] & @CRLF) ConsoleWrite("token_type: " & $aRet[3] & @CRLF)  
      Important! When you received error 400 and output says: Invalid grant it means that your previous generated access_code lost validity and you need to generate new calling previus code. When everything is fine you should received a 4 informations about your: access_token, expires_in, refresh_token and token_type. Access_Token time is a little short so you need to know fuction possible to refresh it (tell Google that he should generate a new Token for you)  
      #include <oAuth.au3> Local $sRefreshToken = "1/ba8JpW7TjQH3-UI1BvPaXhSf-oTQ4BmZAbBfhcKgKfY" Local $sClientId = "167204758184-vpeues0uk6b0g4jrnv0ipq5fapoig2v8.apps.googleusercontent.com" Local $sClientSecret = "cWalvFr3WxiE6cjUkdmKEPo8" Local $sRedirectUri = "http://localhost" Local $aRet = oAuth2RefreshAccessToken($sRefreshToken, $sClientId, $sClientSecret) If Ubound($aRet) <> 3 then ConsoleWrite("+++ Something wrong with reading ResponseText." & @CRLF) Exit EndIf ConsoleWrite("Successfully received data from Google." & @CRLF) ConsoleWrite("access_token: " & $aRet[0] & @CRLF) ConsoleWrite("expires_in: " & $aRet[1] & @CRLF) ConsoleWrite("token_type: " & $aRet[2] & @CRLF)  
      6. Finish words
      If you followed all this above steps im sure that you received all informations required for coding your Google API (Gmail, Dropbox, YouTube, Calender etc. See next thread: [UDF] Gmail API - Email automation with AutoIt!
    • Ascer
      [UDF] Gmail API - Emails automation with AutoIt!
      By Ascer
      1. Description.
      Automate communication with Gmail API using oAuth 2.0 security. 2. Requirements.
      Google Gmail account. Finished Authorization process. Look here 3. Possibilities.
      ;======================================================================================================================== ; Date: 2018-02-12, 11:46 ; ; Bug Fixs: 2018-02-17, 7:31 -> Fixed problems with adding items to array and minor bugs. ; ; Description: UDF for using Gmail API interface. This UDF requires oAuth.au3 and Gmail account. ; ; Function(s): ; gmailUsersGetProfile() -> Information about your account. ; gmailUsersLabelsList() -> Get all available labels ids. ex. "INBOX", "UNREAD" ; gmailUsersLabelsGet() -> Get information about specific label id. ; gmailUsersMessagesBatchDelete() -> Delete many messages emails by id. ; gmailUsersMessagesBatchModify() -> Set status for many messages ex. "INBOX", "UNREAD" ; gmailUsersMessagesDelete() -> Totaly delete email from ur account. ; gmailUsersMessagesGet() -> Get all information about specific email. ; gmailUsersMessagesList() -> Get list of last ~100 emails. ; gmailUsersMessagesModify() -> Modify single message. ; gmailUsersMessagesTrash() -> Put email in trash. ; gmailUsersMessagesUntrash() -> Restore email from trash. ; gmailUsersMessagesSend() -> Send email to single or group recipients. ; gmailUsersMessagesAttachmentsGet() -> Download attachment by id. ; ; Author(s): Ascer ;======================================================================================================================== 4. Downloads.
      oAuth.au3 Gmail API.au3 5. Examples.
      Sending emails
×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept