Jump to content
Danyfirex

VirusTotal API 2.0 UDF

Recommended Posts

guinness

A nice idea and UDF. May I provide some suggestions?

; Firstly, Global variables should be at the top a script and not in a function.
; Secondly, how about removing Global variables and doing something like this?

Global Const $__sVirusTotal_Page = 'www.virustotal.com'

Func Example()
    Local $hVirusTotal = VT_Open() ; Pass the 'handle' to the appropriate functions.
    ConsoleWrite(VT_Url_Scan($hVirusTotal, 'someurl.com', 'API') & @CRLF)
    VT_Close($hVirusTotal) ; Pass the 'handle' from $hVirusTotal.
EndFunc   ;==>Example

Func VT_Open() ; Pass
    Local Enum $eAPI_HttpOpen, $eAPI_HttpConnect ; These could be in the Global space too.
    Local $aAPI[2] = [0, 0]
    $aAPI[$eAPI_HttpOpen] = _WinHttpOpen()
    If @error Then $aAPI[$eAPI_HttpOpen] = -1
    $aAPI[$eAPI_HttpConnect] = _WinHttpConnect($aAPI[$eAPI_HttpOpen], $__sVirusTotal_Page)
    If @error Then $aAPI[$eAPI_HttpConnect] = -1
    Return $aAPI
EndFunc   ;==>VT_Open

Func VT_Close(ByRef Const $aAPI)
    Local Enum $eAPI_HttpOpen, $eAPI_HttpConnect ; These could be in the Global space too.
    _WinHttpCloseHandle($aAPI[$eAPI_HttpOpen])
    _WinHttpCloseHandle($aAPI[$eAPI_HttpConnect])
    Return True
EndFunc   ;==>VT_Close

Func VT_Url_Scan(ByRef $aAPI, $sURL, $sAPIkey)
    Local Enum $eAPI_HttpOpen, $eAPI_HttpConnect ; These could be in the Global space too.
    If $aAPI[$eAPI_HttpConnect] = -1 Then $aAPI = VT_Open() ; Check if HttpConnect isn't -1, if it is then connect to VirusTotal.
    Return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], 'POST', '/vtapi/v2/url/scan', Default, 'url=' & $sURL & '&key=' & $sAPIkey)
EndFunc   ;==>VT_Url_Scan
  • Like 1

UDF List:

 
_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_ArrayFilter/_ArrayReduce_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 22/04/2018

Share this post


Link to post
Share on other sites
storme

Nice start!

Do you have any plans to marry it up to one of the JSON UDFs to extract the info?

Have fun!

John Morrison

Share this post


Link to post
Share on other sites
Danyfirex

Thanks mates.

 

A nice idea and UDF. May I provide some suggestions?

...

 

Thanks for your suggestions I'will update it. maybe use JSON UDF to Get response returns Error too.

 

I thought some like this for Http 

 

If @Error Return SetError(@Error,0,0)

or 

Simple return @error

obvious I need split the response to manage page returns.

regards

Share this post


Link to post
Share on other sites
ricky

Hello,

thanks, very useful, How can I connect through a proxy?

Share this post


Link to post
Share on other sites
Danyfirex

Hello,

thanks, very useful, How can I connect through a proxy?

 

change  _WinHttpOpen parameters.

_WinHttpOpen([$sUserAgent = Default [, $iAccessType = Default [, $sProxyName = Default [, $sProxyBypass = Default [, $iFlag = Default ]]]]])

regards

Share this post


Link to post
Share on other sites
ricky

Hello,

I tried, but no way. Impossible to connect,!

Share this post


Link to post
Share on other sites
Danyfirex
guinness

Awesome, you went with my design. Thanks for that.

  • Like 1

UDF List:

 
_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_ArrayFilter/_ArrayReduce_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 22/04/2018

Share this post


Link to post
Share on other sites
storme

I had a bit of a play with the UDF and I don't appear to be getting anything back from "$fScan" and subsequent checks indicate that the file wasn't uploaded.

My Code (well actually just your example modified).

Local $hVirusTotal = VT_Open()
    ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    ConsoleWrite(":" & VT($hVirusTotal, $fScan, $sFileName,$sVirusTotalAPIkey) & ":" & @CRLF)
    ConsoleWrite("@error = " & @error & @cr)
    ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    ;ConsoleWrite(VT($hVirusTotal, $fRescan, hex($bHash),$sVirusTotalAPIkey) & @CRLF)
    ;1 = queued for rescanning. -1 = not present. 0 = unexpected error
    ;ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    ConsoleWrite(VT($hVirusTotal, $fReport, hex($bHash),$sVirusTotalAPIkey) & @CRLF)
    ;
    ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    VT_Close($hVirusTotal) ;

The result

 

----------------------------------------------------------------------------------
::
@error = 0
----------------------------------------------------------------------------------
{"response_code": 0, "resource": "46B3CC00ECD3D3E042DECA0072B063B3", "verbose_msg": "The requested resource is not among the finished, queued or pending scans"}
----------------------------------------------------------------------------------

 

The file exists...... Any ideas what's going on?

Thanks!

Share this post


Link to post
Share on other sites
guinness

storme, 

Probably best to actually post what data the other variables contain instead of second guessing. Thanks.


UDF List:

 
_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_ArrayFilter/_ArrayReduce_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 22/04/2018

Share this post


Link to post
Share on other sites
storme

storme, 

Probably best to actually post what data the other variables contain instead of second guessing. Thanks.

No Guessing necessary.

The code is basically a cut and paste from the example in the OP.

This is the important line
VT($hVirusTotal, $fScan, $sFileName,$sVirusTotalAPIkey)

$hVirusTotal is set in the line above

$fscan is a UDF constant

$sFileName is the full path of the file (useless to anyone else, I stated it exists...and I checked with fileexists() to make sure it was ok)

$sVirusTotalAPIkey is my Virus total API key (Private not to be published)

The API states there should be a return from the file scan ($fScan) but as you see from the results it returns nothing.

Share this post


Link to post
Share on other sites
Danyfirex

@storme I think the problem is that you'r not waiting the file scan and you trying to get the report.

When you upload some file for scanning you should wait some time to get the report file.

So

if I get this "The requested resource is not among the finished, queued or pending scans"  So I should wait. I'll try some minutes later.

regards

Edited by Danyfirex

Share this post


Link to post
Share on other sites
storme

@storme I think the problem is that you'r not waiting the file scan and you trying to get the report.

 

When you upload some file for scanning you should wait some time to get the report file.

Yep understand that, the script I'm writing will do that when I can get it to submit a file to be scanned.

However, I'm not getting anything back from the submit to indicate it's done anything. According to the API help page there should be a report sent back with various information that I'll then use to keep track of files submitted.

if I get this "The requested resource is not among the finished, queued or pending scans"  

So I should wait. I'll try some minutes later.

The message you quoted above states "or pending scans" so shouldn't my "pending scan" be in the list?

I submitted the file last night and it still isn't in the list.  If it was submitted it should be there by now.

 

It appears as if the file isn't being submitted.

Have you tried your URL on a brand new EXE file that hasn't been submitted before?

BTW everything else works fine, if I use a file/hash that is already scanned.

So back to you...

John

Share this post


Link to post
Share on other sites
Danyfirex

@storme have you tried with another file?

 

For me work correctly I just upload another file right now this is the response that you should to get

:{"scan_id": "c38c7912767533053ef8f1c647b4fbf9f37f5ee305ead5b3049c4346b5c4419a-1371648640", "sha1": "01fc1499d986a1593f51a40d8f4294b5b69e83d9", "resource": "c38c7912767533053ef8f1c647b4fbf9f37f5ee305ead5b3049c4346b5c4419a", "response_code": 1, "sha256": "c38c7912767533053ef8f1c647b4fbf9f37f5ee305ead5b3049c4346b5c4419a", "permalink": "https://www.virustotal.com/file/c38c7912767533053ef8f1c647b4fbf9f37f5ee305ead5b3049c4346b5c4419a/analysis/1371648640/", "md5": "e0efdfe49b64cf7c2fc191c969d2d29d", "verbose_msg": "Scan request successfully queued, come back later for the report"}:

which is the size of your file?

 

I keep thinking the problem is that you're not waiting enough(some minutes maybe  3 or 5)

 

Also

You can use a Http debugger to see what's wrong.

Edited by Danyfirex

Share this post


Link to post
Share on other sites
storme

The file I was trying to upload/scan was an AutoIt program and my antivirus was intercepting and blocking it.

So the file was not passed to VT thus no report from the "$fScan".

I finally got it to go by disabling the antivirus.

It maybe worth adding some checks to your code to see if the files exists and can be opened.

An antivirus will probably allow you to check it exists but not open it.

Don't have any time to do any major checking now, wish I had found this last night when I did have time.

John

Share this post


Link to post
Share on other sites
Danyfirex

The file I was trying to upload/scan was an AutoIt program and my antivirus was intercepting and blocking it.

So the file was not passed to VT thus no report from the "$fScan".

I finally got it to go by disabling the antivirus.

It maybe worth adding some checks to your code to see if the files exists and can be opened.

An antivirus will probably allow you to check it exists but not open it.

Don't have any time to do any major checking now, wish I had found this last night when I did have time.

John

Good.

 

Yes you're right. I'll update soon.

 

regards

Share this post


Link to post
Share on other sites
storme

It's 2am here and I have to sleep but I did a bit of checking and got some strange results.

Test Code - VirusSubmit.exe (331KB) is the program I'm working on and Bitdefender (my antivirus) doesn't like it and is blocking it.

$sFileName = "P:\Autoit\_Projects\_MyProjects\VirusSubmit\VirusSubmit.exe"

; submit to Virustotal
    _Crypt_Startup()
    Local $bHash = _Crypt_HashFile($sFileName, $CALG_MD5)
    _Crypt_Shutdown()

    ;Check if hash exists
        ; Doesn't exist
            ; Submit file

    ;Get report
        ; Not ready yet (come back later)


    ConsoleWrite("FileExists = " & FileExists($sFileName) & @cr)
    ConsoleWrite("$bHash = " & $bHash & @cr)
    local $stest =  __WinHttpFileContent("", "file", $sFileName,"--------Boundary")

    ConsoleWrite("$stest-LEN = " & StringLen($stest) & " @error = " & @error & @cr)
    ConsoleWrite("$stest = " & $stest& @cr)

    Local $hVirusTotal = VT_Open()
    ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    ConsoleWrite(":" & VT($hVirusTotal, $fScan, $sFileName,$sVirusTotalAPIkey) & ":" & @CRLF)
    ConsoleWrite("@error = " & @error & @cr)
    ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    ;ConsoleWrite(VT($hVirusTotal, $fRescan, hex($bHash),$sVirusTotalAPIkey) & @CRLF)
    ;1 = queued for rescanning. -1 = not present. 0 = unexpected error
    ;ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    ConsoleWrite(VT($hVirusTotal, $fReport, hex($bHash),$sVirusTotalAPIkey) & @CRLF)
    ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $bHash = ' & $bHash & @crlf & '>Error code: ' & @error & @crlf) ;### Debug Console
    ;
    ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    VT_Close($hVirusTotal) ;

The result

 

FileExists = 1
$bHash = -1
$stest-LEN = 117 @error = 0
$stest = Content-Disposition: form-data; name="file"; filename="VirusSubmit.exe"
Content-Type: application/octet-stream



----------------------------------------------------------------------------------
@@ Debug(104) : $stest = :Content-Disposition: form-data; name="file"; filename="VirusSubmit.exe"
Content-Type: application/octet-stream


:
>Error code: 0
@@ Debug(107) : $tURL[$Type] = /vtapi/v2/file/scan
>Error code: 0
:{"scan_id": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855-1371656634", "sha1": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "resource": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "response_code": 1, "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "permalink": "https://www.virustotal.com/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/analysis/1371656634/", "md5": "d41d8cd98f00b204e9800998ecf8427e", "verbose_msg": "Scan request successfully queued, come back later for the report"}:
@error = 0
----------------------------------------------------------------------------------
{"response_code": 0, "resource": "FFFFFFFF", "verbose_msg": "Invalid resource, check what you are submitting"}
@@ Debug(95) : $bHash = -1
>Error code: 0
----------------------------------------------------------------------------------

 

Now for the original program I couldn't get to submit and still can't when the antivirus is on.  Code is the same the only change is

$sFileName = "D:\MemoryStickDEV\AHC_technology\programs\AHC_UserInfo.exe"

result

 

FileExists = 1
$bHash = 0x46B3CC00ECD3D3E042DECA0072B063B3
$stest-LEN = 664091 @error = 0
$stest = Content-Disposition: form-data; name="file"; filename="AHC_UserInfo.exe"
Content-Type: application/octet-stream

MZ----------------------------------------------------------------------------------
@@ Debug(104) : $stest = :Content-Disposition: form-data; name="file"; filename="AHC_UserInfo.exe"
Content-Type: application/octet-stream

MZ@@ Debug(107) : $tURL[$Type] = /vtapi/v2/file/scan
>Error code: 0
::
@error = 0
----------------------------------------------------------------------------------
{"scans": {"TotalDefense": {"detected": false, "version": "37.0.10473", "result": null, "update": "20130619"}, "MicroWorld-eScan": {"detected": false, "version": "12.0.250.0", "result": null, "update": "20130619"}, "nProtect": {"detected": false, "version": "2013-06-19.04", "result": null, "update": "20130619"}, "CAT-QuickHeal": {"detected": false, "version": "12.00", "result": null, "update": "20130619"}, "McAfee": {"detected": false, "version": "5.400.0.1158", "result": null, "update": "20130619"}, "Malwarebytes": {"detected": false, "version": "1.75.0.1", "result": null, "update": "20130619"}, "K7AntiVirus": {"detected": false, "version": "9.170.8884", "result": null, "update": "20130618"}, "K7GW": {"detected": false, "version": "12.7.0.12", "result": null, "update": "20130618"}, "TheHacker": {"detected": false, "version": "None", "result": null, "update": "20130619"}, "NANO-Antivirus": {"detected": false, "version": "0.24.0.52848", "result": null, "update": "20130619"}, "F-Prot": {"detected": false, "version": "4.7.1.166", "result": null, "update": "20130618"}, "Symantec": {"detected": false, "version": "20131.1.0.101", "result": null, "update": "20130619"}, "Norman": {"detected": false, "version": "7.01.04", "result": null, "update": "20130619"}, "ByteHero": {"detected": false, "version": "1.0.0.1", "result": null, "update": "20130613"}, "TrendMicro-HouseCall": {"detected": false, "version": "9.700.0.1001", "result": null, "update": "20130619"}, "Avast": {"detected": false, "version": "6.0.1289.0", "result": null, "update": "20130619"}, "eSafe": {"detected": false, "version": "7.0.17.0", "result": null, "update": "20130616"}, "ClamAV": {"detected": false, "version": "0.97.3.0", "result": null, "update": "20130619"}, "Kaspersky": {"detected": false, "version": "9.0.0.837", "result": null, "update": "20130619"}, "BitDefender": {"detected": true, "version": "7.2", "result": "Gen:Trojan.Heur.AutoIT.1", "update": "20130619"}, "Agnitum": {"detected": false, "version": "5.5.1.3", "result": null, "update": "20130618"}, "ViRobot": {"detected": false, "version": "2011.4.7.4223", "result": null, "update": "20130619"}, "Sophos": {"detected": false, "version": "4.90.0", "result": null, "update": "20130619"}, "Comodo": {"detected": false, "version": "16458", "result": null, "update": "20130619"}, "F-Secure": {"detected": true, "version": "11.0.19100.45", "result": "Gen:Trojan.Heur.AutoIT.1", "update": "20130619"}, "DrWeb": {"detected": false, "version": "", "result": null, "update": "20130619"}, "VIPRE": {"detected": false, "version": "18856", "result": null, "update": "20130619"}, "AntiVir": {"detected": false, "version": "7.11.85.142", "result": null, "update": "20130619"}, "TrendMicro": {"detected": false, "version": "9.740.0.1012", "result": null, "update": "20130619"}, "McAfee-GW-Edition": {"detected": false, "version": "2013", "result": null, "update": "20130619"}, "Emsisoft": {"detected": true, "version": "3.0.0.581", "result": "Gen:Trojan.Heur.AutoIT.1 (B)", "update": "20130619"}, "Jiangmin": {"detected": false, "version": "16.0.100", "result": null, "update": "20130619"}, "Antiy-AVL": {"detected": false, "version": "2.0.3.7", "result": null, "update": "20130619"}, "Kingsoft": {"detected": false, "version": "2013.4.9.267", "result": null, "update": "20130506"}, "Microsoft": {"detected": false, "version": "1.9607", "result": null, "update": "20130619"}, "SUPERAntiSpyware": {"detected": true, "version": "5.6.0.1008", "result": "Trojan.Agent/Gen-Autorun", "update": "20130619"}, "GData": {"detected": true, "version": "22", "result": "Gen:Trojan.Heur.AutoIT.1", "update": "20130619"}, "Commtouch": {"detected": false, "version": "5.4.1.7", "result": null, "update": "20130618"}, "AhnLab-V3": {"detected": false, "version": "2013.06.19.06", "result": null, "update": "20130619"}, "VBA32": {"detected": false, "version": "3.12.22.2", "result": null, "update": "20130619"}, "PCTools": {"detected": false, "version": "9.0.0.2", "result": null, "update": "20130521"}, "ESET-NOD32": {"detected": false, "version": "8467", "result": null, "update": "20130619"}, "Rising": {"detected": false, "version": "24.67.02.02", "result": null, "update": "20130619"}, "Ikarus": {"detected": false, "version": "T3.1.4.3.0", "result": null, "update": "20130619"}, "Fortinet": {"detected": false, "version": "5.1.146.0", "result": null, "update": "20130619"}, "AVG": {"detected": false, "version": "10.0.0.1190", "result": null, "update": "20130619"}, "Panda": {"detected": false, "version": "10.0.3.5", "result": null, "update": "20130619"}}, "scan_id": "2f65bd6f6ea409bb4b6ccd85226e46f24c8879b5d08811a2f24d8a2281816be5-1371651653", "sha1": "56f21e22ed9fc49b9de5d3961020a87b5efe3b68", "resource": "46B3CC00ECD3D3E042DECA0072B063B3", "response_code": 1, "scan_date": "2013-06-19 14:20:53", "permalink": "https://www.virustotal.com/file/2f65bd6f6ea409bb4b6ccd85226e46f24c8879b5d08811a2f24d8a2281816be5/analysis/1371651653/", "verbose_msg": "Scan finished, scan information embedded in this object", "total": 47, "positives": 5, "sha256": "2f65bd6f6ea409bb4b6ccd85226e46f24c8879b5d08811a2f24d8a2281816be5", "md5": "46b3cc00ecd3d3e042deca0072b063b3"}
@@ Debug(91) : $bHash = 0x46B3CC00ECD3D3E042DECA0072B063B3
>Error code: 0
----------------------------------------------------------------------------------

Now as you can see there is information in VT now as I disabled the antivirus so it would transmit earlier tonight....

However you can see there was no submit for this file

 

::
@error = 0

 

Not sure how much this is going to help.  If you can think of any tests you want me to try let me know and I'll try them when I get home.

Onward and upward!

John

Share this post


Link to post
Share on other sites
jftuga

The file I was trying to upload/scan was an AutoIt program and my antivirus was intercepting and blocking it.

So the file was not passed to VT thus no report from the "$fScan".

I finally got it to go by disabling the antivirus.

It maybe worth adding some checks to your code to see if the files exists and can be opened.

An antivirus will probably allow you to check it exists but not open it.

Don't have any time to do any major checking now, wish I had found this last night when I did have time.

John

 

On a related note, does your script provide the ability to upload via HTTPS?  The reason I ask is that some UTM firewalls may block the transmission of a virus.  While some UTMs can interrogate SSL, most don't; so it would be good to have this capability if possible.

Great UDF.

-John

Edited by jftuga

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • kurtykurtyboy
      By kurtykurtyboy
      GuiFlatButton is a UDF to easily create regular buttons with different colors for background, foreground, border, hover, focus, etc..
      This started as an effort to change the background color of a button and eventually grew into a full UDF.
      If you've looked around forums for changing button background colors, you have probably noticed that each proposed workaround has its own set of issues/side-effects. The answers usually circle back to 'use ownerdrawn buttons' and 'not worth it'. Well, now it is possible for anyone to easily create ownerdrawn buttons - totally worth it!
      Some issues with other workarounds such as drawing with GDI+ or using a colored label as a 'button':
      Not 'real' buttons so you lose built-in functionality that windows gives to buttons Messy / inefficient code in the main while loop to check for mouse position Slow to respond to click, paint, etc... Having to deal with GUIRegisterMsg messages Not straight-forward to implement GuiFlatButton is not a workaround; it is a technique to respond to Windows' built-in owner-drawn button events.
      With minimal effort, we can now create true simple colored buttons.
      The idea is to create an owner-drawn button using GUICtrlCreateButton then subclass the GUI and controls to handle the button-specific events to paint it however we want.
      This UDF magically does all of this for us! No need to worry about event handling or main while loop logic.
       
      How to use
      It couldn't be any easier! Simply create a new button using the familiar syntax. This creates an ownerdrawn button with default colors.
      $mybutton1 = GuiFlatButton_Create("Button 1", 78, 20, 120, 40) If you want to change the background and text colors:
      GuiFlatButton_SetBkColor(-1, 0x5555FF) GuiFlatButton_SetColor(-1, 0xFFFFFF) Advanced Usage
      Set background/text/border all at once
      GuiFlatButton_SetColors(-1, 0x0000FF, 0xFFFFFF, 0x9999FF) Set ALL colors for ALL button states! (normal, focus, hover, selected)
      Local $aColorsEx = [0x0000FF, 0xFFFFFF, -2, 0x4444FF, 0xFFFFFF, 0xAAAAFF, 0x6666FF, 0xFFFFFF, 0xCCCCFF, 0x0000EE, 0xFFFFFF, 0x7777EE] GuiFlatButton_SetColorsEx(-1, $aColorsEx) Set default colors to apply to any future buttons
      ;set colors GuiFlatButton_SetDefaultColors(0x0000FF, 0xFFFFFF, 0x9999FF) ;create buttons $mybutton1 = GuiFlatButton_Create("Button 1", 12, 20, 120, 40) $mybutton2 = GuiFlatButton_Create("Button 2", 143, 20, 120, 40) Set ALL color defaults
      ;set colors Local $aColorsEx = [0x0000FF, 0xFFFFFF, -2, 0x4444FF, 0xFFFFFF, 0xAAAAFF, 0x6666FF, 0xFFFFFF, 0xCCCCFF, 0x0000EE, 0xFFFFFF, 0x7777EE] GuiFlatButton_SetDefaultColorsEx($aColorsEx) ;create buttons $mybutton1 = GuiFlatButton_Create("Button 1", 12, 20, 120, 40) $mybutton2 = GuiFlatButton_Create("Button 2", 143, 20, 120, 40)  
      Available Functions
       
      Simple Example

      #include <GUIConstantsEx.au3> #include <MsgBoxConstants.au3> #include "GuiFlatButton.au3" Example() ;GUI with one button Func Example() Local $hGUI, $mybutton1 $hGUI = GUICreate("GuiFlatButton Ex0", 275, 120) GUISetBkColor(0x333333) $idLabel = GUICtrlCreateLabel("Click the button", 10, 100, 150, 30) GUICtrlSetColor(-1, 0xFFFFFF) ;create new button then set the background and foreground colors $mybutton1 = GuiFlatButton_Create("Button 1", 78, 20, 120, 40) GuiFlatButton_SetBkColor(-1, 0x5555FF) GuiFlatButton_SetColor(-1, 0xFFFFFF) GUISetState(@SW_SHOW, $hGUI) Local $i = 0 Local $iMsg While 1 $iMsg = GUIGetMsg() Switch $iMsg Case $GUI_EVENT_CLOSE ExitLoop Case $mybutton1 $i += 1 GUICtrlSetData($idLabel, $i) ConsoleWrite($i & @CRLF) EndSwitch Sleep(10) WEnd GUIDelete() EndFunc ;==>Example
      Menu/Toolbar Example

      #include <GUIConstantsEx.au3> #include <MsgBoxConstants.au3> #include "GuiFlatButton.au3" Example() ;Example GUI with toolbar Func Example() Local $hGUI, $idLabel, $aButtons, $iTbSize $hGUI = GUICreate("GuiFlatButton Ex2", 300, 200) GUISetBkColor(0x444444) $idLabel = GUICtrlCreateLabel("Click a button", 10, 180, 150, 30) GUICtrlSetColor(-1, 0xFFFFFF) $aButtons = createToolbar() $iTbSize = UBound($aButtons) GUISetState(@SW_SHOW, $hGUI) Local $i = 0 Local $iMsg While 1 $iMsg = GUIGetMsg() Switch $iMsg Case $GUI_EVENT_CLOSE ExitLoop Case $aButtons[0] To $aButtons[$iTbSize - 1] ConsoleWrite("1") GUICtrlSetData($idLabel, GuiFlatButton_Read($iMsg)) EndSwitch Sleep(10) WEnd GUIDelete() EndFunc ;==>Example Func createToolbar() Local $aButtons[6] Local $bkColor = 0x777777 Local $textColor = 0xFFFFFF Local $borderColor = 0x999999 Local $aBtnClrs[12] = [0x777777, 0xFFFFFF, $GUI_BKCOLOR_TRANSPARENT, 0x888888, 0xFFFFFF, $GUI_BKCOLOR_TRANSPARENT, 0x999999, 0xFFFFFF, $GUI_BKCOLOR_TRANSPARENT, 0x666666, 0xFFFFFF, $GUI_BKCOLOR_TRANSPARENT] For $i = 0 To UBound($aButtons) - 1 $aButtons[$i] = GuiFlatButton_Create("B" & $i, $i * 50, 0, 50, 17) GuiFlatButton_SetColorsEx($aButtons[$i], $aBtnClrs) Next Return $aButtons EndFunc ;==>createToolbar
      I'm sure there are some use-cases I've forgotten, so feedback is welcome!

      Update 2019-02-09
      Added 2 new functions to set the button colors globally for all future buttons.
      GuiFlatButton_SetDefaultColors 
      GuiFlatButton_SetDefaultColorsEx
      Download the UDF and several examples: GuiFlatButton.zip

      Credits to:
      Melba23 (UDF template)
      LarsJ (general subclassing code)
      4ggr35510n (TrackMouseEvent example)
      binhnx (disable dragging with $WS_EX_CONTROLPARENT)
      GUIRegisterMsg in AutoIt Help (owner-draw button example)
    • Melque_Lima
      By Melque_Lima
      A little help here please !?
      I'm trying to parse a file but the function is not working well! i think there is some thind doing wrong at FileRead()
      Obs: username,password and API link below is fictitious
      ConsoleWrite(">POST METHOD UPLOADING LOCAL IMAGE<" & @CRLF) _PostMethodTest() Func _PostMethodTest() Local Const $sAPIKey = '8f1e0a750088957' Local $sBoundary = "--------Boundary" Local $sHeaders = "Content-Type: multipart/form-data; boundary=" & $sBoundary & @CRLF Local $sData = '' Local $sFileName="image.jpg" Local $sFilePath="C:\Users\DELL\Desktop\" & $sFileName Local $hFile=FileOpen($sFilePath,16);16=$FO_BINARY Local $sFileData=FileRead($hFile) FileClose($hFile) $sData &= "--" & $sBoundary & @CRLF $sData &= 'Content-Disposition: form-data; name="myImage"; filename="' & $sFileName & '"' & @CRLF $sData &= 'Content-Type: application/upload' & @CRLF & @CRLF $sData &= BinaryToString($sFileData,0) & @CRLF $sData &= "--" & $sBoundary & @CRLF $sData &= 'Content-Disposition: form-data; name="username"' & @CRLF & @CRLF $sData &="myuserName" & @CRLF $sData &= "--" & $sBoundary & @CRLF $sData &= 'Content-Disposition: form-data; name="password"' & @CRLF & @CRLF $sData &="MyPassword" & @CRLF $sData &=$sBoundary & "--" ConsoleWrite($sData) Local $oHTTP = ObjCreate("winhttp.winhttprequest.5.1") $oHTTP.Open("POST", "http://myapi", False) $oHTTP.SetRequestHeader("Content-Type", "multipart/form-data; " & "boundary=" & $sBoundary) $oHTTP.SetRequestHeader("apikey", $sAPIKey) $oHTTP.Send(StringToBinary($sData,1)) Local $sReceived = $oHTTP.ResponseText ConsoleWrite($sReceived & @CRLF) EndFunc ;==>_PostMethodTest  

    • MFrancisca
      By MFrancisca
      Hello! 
      I've been checking the logging UDFs in the wiki, mostly Log4a and Loga and I wanted to ask which one would you recommend for a script that will be executed remotely through PSExec. My main question is where the logs are located in that situation and if I can change that location to a custom one., because I need to retrieve them at the end of execution.
      So in a rough description the process is
      Open PSExec
      Send compiled AutoIT script to remote machine
      Execute script
      Copy logs from the remote to the local machine.
       
      Any opinions? 
    • caramen
      By caramen
      I watched _OL_ItemSend&_OL_ItemFind&_OL_ItemCreate in OutlookEx UDF but hmmm
       
      Since it use the test environnement i cant get the orders of the mail creation
       
      Can someone make me win some time of reading all exemples script and lead me how to do one ?
      That whould be lovely.
      Gnight
    • Tersion
      By Tersion
      Here the this wiki page with list of available UDFs for data compression. For my tasks I only need ZIP support, so I started looking at pure AutoIt UDFs without any 3rd party dlls. And found out that most of available realizations uses standard ("native method") Windows dll - "zipfldr.dll". So for now I chose ZIP UDF by wraithdu. I've tested it on Windows 7 (x64) and it seem works fine. But here the comment from another topic where user says that Windows 10 discontinued support of "zipfldr.dll". Now I confused. I don't have around any Windows 10 machine to tested it. So maybe someone could confirm or deny that? Or maybe would better to switch to UDF with 7zip dll?
      I need an advice...
×