Danyfirex

VirusTotal API 2.0 UDF

49 posts in this topic

A nice idea and UDF. May I provide some suggestions?

; Firstly, Global variables should be at the top a script and not in a function.
; Secondly, how about removing Global variables and doing something like this?

Global Const $__sVirusTotal_Page = 'www.virustotal.com'

Func Example()
    Local $hVirusTotal = VT_Open() ; Pass the 'handle' to the appropriate functions.
    ConsoleWrite(VT_Url_Scan($hVirusTotal, 'someurl.com', 'API') & @CRLF)
    VT_Close($hVirusTotal) ; Pass the 'handle' from $hVirusTotal.
EndFunc   ;==>Example

Func VT_Open() ; Pass
    Local Enum $eAPI_HttpOpen, $eAPI_HttpConnect ; These could be in the Global space too.
    Local $aAPI[2] = [0, 0]
    $aAPI[$eAPI_HttpOpen] = _WinHttpOpen()
    If @error Then $aAPI[$eAPI_HttpOpen] = -1
    $aAPI[$eAPI_HttpConnect] = _WinHttpConnect($aAPI[$eAPI_HttpOpen], $__sVirusTotal_Page)
    If @error Then $aAPI[$eAPI_HttpConnect] = -1
    Return $aAPI
EndFunc   ;==>VT_Open

Func VT_Close(ByRef Const $aAPI)
    Local Enum $eAPI_HttpOpen, $eAPI_HttpConnect ; These could be in the Global space too.
    _WinHttpCloseHandle($aAPI[$eAPI_HttpOpen])
    _WinHttpCloseHandle($aAPI[$eAPI_HttpConnect])
    Return True
EndFunc   ;==>VT_Close

Func VT_Url_Scan(ByRef $aAPI, $sURL, $sAPIkey)
    Local Enum $eAPI_HttpOpen, $eAPI_HttpConnect ; These could be in the Global space too.
    If $aAPI[$eAPI_HttpConnect] = -1 Then $aAPI = VT_Open() ; Check if HttpConnect isn't -1, if it is then connect to VirusTotal.
    Return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], 'POST', '/vtapi/v2/url/scan', Default, 'url=' & $sURL & '&key=' & $sAPIkey)
EndFunc   ;==>VT_Url_Scan
1 person likes this

_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 04/09/2015

Share this post


Link to post
Share on other sites

Nice start!

Do you have any plans to marry it up to one of the JSON UDFs to extract the info?

Have fun!

John Morrison

Share this post


Link to post
Share on other sites

Thanks mates.

 

A nice idea and UDF. May I provide some suggestions?

...

 

Thanks for your suggestions I'will update it. maybe use JSON UDF to Get response returns Error too.

 

I thought some like this for Http 

 

If @Error Return SetError(@Error,0,0)

or 

Simple return @error

obvious I need split the response to manage page returns.

regards

Share this post


Link to post
Share on other sites

Hello,

thanks, very useful, How can I connect through a proxy?

Share this post


Link to post
Share on other sites

Hello,

thanks, very useful, How can I connect through a proxy?

 

change  _WinHttpOpen parameters.

_WinHttpOpen([$sUserAgent = Default [, $iAccessType = Default [, $sProxyName = Default [, $sProxyBypass = Default [, $iFlag = Default ]]]]])

regards

Share this post


Link to post
Share on other sites

Hello,

I tried, but no way. Impossible to connect,!

Share this post


Link to post
Share on other sites

Share this post


Link to post
Share on other sites

Awesome, you went with my design. Thanks for that.

1 person likes this

_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 04/09/2015

Share this post


Link to post
Share on other sites

I had a bit of a play with the UDF and I don't appear to be getting anything back from "$fScan" and subsequent checks indicate that the file wasn't uploaded.

My Code (well actually just your example modified).

Local $hVirusTotal = VT_Open()
    ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    ConsoleWrite(":" & VT($hVirusTotal, $fScan, $sFileName,$sVirusTotalAPIkey) & ":" & @CRLF)
    ConsoleWrite("@error = " & @error & @cr)
    ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    ;ConsoleWrite(VT($hVirusTotal, $fRescan, hex($bHash),$sVirusTotalAPIkey) & @CRLF)
    ;1 = queued for rescanning. -1 = not present. 0 = unexpected error
    ;ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    ConsoleWrite(VT($hVirusTotal, $fReport, hex($bHash),$sVirusTotalAPIkey) & @CRLF)
    ;
    ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    VT_Close($hVirusTotal) ;

The result

 

----------------------------------------------------------------------------------
::
@error = 0
----------------------------------------------------------------------------------
{"response_code": 0, "resource": "46B3CC00ECD3D3E042DECA0072B063B3", "verbose_msg": "The requested resource is not among the finished, queued or pending scans"}
----------------------------------------------------------------------------------

 

The file exists...... Any ideas what's going on?

Thanks!

Share this post


Link to post
Share on other sites

storme, 

Probably best to actually post what data the other variables contain instead of second guessing. Thanks.


_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 04/09/2015

Share this post


Link to post
Share on other sites

storme, 

Probably best to actually post what data the other variables contain instead of second guessing. Thanks.

No Guessing necessary.

The code is basically a cut and paste from the example in the OP.

This is the important line
VT($hVirusTotal, $fScan, $sFileName,$sVirusTotalAPIkey)

$hVirusTotal is set in the line above

$fscan is a UDF constant

$sFileName is the full path of the file (useless to anyone else, I stated it exists...and I checked with fileexists() to make sure it was ok)

$sVirusTotalAPIkey is my Virus total API key (Private not to be published)

The API states there should be a return from the file scan ($fScan) but as you see from the results it returns nothing.

Share this post


Link to post
Share on other sites

#14 ·  Posted (edited)

@storme I think the problem is that you'r not waiting the file scan and you trying to get the report.

When you upload some file for scanning you should wait some time to get the report file.

So

if I get this "The requested resource is not among the finished, queued or pending scans"  So I should wait. I'll try some minutes later.

regards

Edited by Danyfirex

Share this post


Link to post
Share on other sites

@storme I think the problem is that you'r not waiting the file scan and you trying to get the report.

 

When you upload some file for scanning you should wait some time to get the report file.

Yep understand that, the script I'm writing will do that when I can get it to submit a file to be scanned.

However, I'm not getting anything back from the submit to indicate it's done anything. According to the API help page there should be a report sent back with various information that I'll then use to keep track of files submitted.

if I get this "The requested resource is not among the finished, queued or pending scans"  

So I should wait. I'll try some minutes later.

The message you quoted above states "or pending scans" so shouldn't my "pending scan" be in the list?

I submitted the file last night and it still isn't in the list.  If it was submitted it should be there by now.

 

It appears as if the file isn't being submitted.

Have you tried your URL on a brand new EXE file that hasn't been submitted before?

BTW everything else works fine, if I use a file/hash that is already scanned.

So back to you...

John

Share this post


Link to post
Share on other sites

#16 ·  Posted (edited)

@storme have you tried with another file?

 

For me work correctly I just upload another file right now this is the response that you should to get

:{"scan_id": "c38c7912767533053ef8f1c647b4fbf9f37f5ee305ead5b3049c4346b5c4419a-1371648640", "sha1": "01fc1499d986a1593f51a40d8f4294b5b69e83d9", "resource": "c38c7912767533053ef8f1c647b4fbf9f37f5ee305ead5b3049c4346b5c4419a", "response_code": 1, "sha256": "c38c7912767533053ef8f1c647b4fbf9f37f5ee305ead5b3049c4346b5c4419a", "permalink": "https://www.virustotal.com/file/c38c7912767533053ef8f1c647b4fbf9f37f5ee305ead5b3049c4346b5c4419a/analysis/1371648640/", "md5": "e0efdfe49b64cf7c2fc191c969d2d29d", "verbose_msg": "Scan request successfully queued, come back later for the report"}:

which is the size of your file?

 

I keep thinking the problem is that you're not waiting enough(some minutes maybe  3 or 5)

 

Also

You can use a Http debugger to see what's wrong.

Edited by Danyfirex

Share this post


Link to post
Share on other sites

The file I was trying to upload/scan was an AutoIt program and my antivirus was intercepting and blocking it.

So the file was not passed to VT thus no report from the "$fScan".

I finally got it to go by disabling the antivirus.

It maybe worth adding some checks to your code to see if the files exists and can be opened.

An antivirus will probably allow you to check it exists but not open it.

Don't have any time to do any major checking now, wish I had found this last night when I did have time.

John

Share this post


Link to post
Share on other sites

The file I was trying to upload/scan was an AutoIt program and my antivirus was intercepting and blocking it.

So the file was not passed to VT thus no report from the "$fScan".

I finally got it to go by disabling the antivirus.

It maybe worth adding some checks to your code to see if the files exists and can be opened.

An antivirus will probably allow you to check it exists but not open it.

Don't have any time to do any major checking now, wish I had found this last night when I did have time.

John

Good.

 

Yes you're right. I'll update soon.

 

regards

Share this post


Link to post
Share on other sites

It's 2am here and I have to sleep but I did a bit of checking and got some strange results.

Test Code - VirusSubmit.exe (331KB) is the program I'm working on and Bitdefender (my antivirus) doesn't like it and is blocking it.

$sFileName = "P:\Autoit\_Projects\_MyProjects\VirusSubmit\VirusSubmit.exe"

; submit to Virustotal
    _Crypt_Startup()
    Local $bHash = _Crypt_HashFile($sFileName, $CALG_MD5)
    _Crypt_Shutdown()

    ;Check if hash exists
        ; Doesn't exist
            ; Submit file

    ;Get report
        ; Not ready yet (come back later)


    ConsoleWrite("FileExists = " & FileExists($sFileName) & @cr)
    ConsoleWrite("$bHash = " & $bHash & @cr)
    local $stest =  __WinHttpFileContent("", "file", $sFileName,"--------Boundary")

    ConsoleWrite("$stest-LEN = " & StringLen($stest) & " @error = " & @error & @cr)
    ConsoleWrite("$stest = " & $stest& @cr)

    Local $hVirusTotal = VT_Open()
    ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    ConsoleWrite(":" & VT($hVirusTotal, $fScan, $sFileName,$sVirusTotalAPIkey) & ":" & @CRLF)
    ConsoleWrite("@error = " & @error & @cr)
    ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    ;ConsoleWrite(VT($hVirusTotal, $fRescan, hex($bHash),$sVirusTotalAPIkey) & @CRLF)
    ;1 = queued for rescanning. -1 = not present. 0 = unexpected error
    ;ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    ConsoleWrite(VT($hVirusTotal, $fReport, hex($bHash),$sVirusTotalAPIkey) & @CRLF)
    ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $bHash = ' & $bHash & @crlf & '>Error code: ' & @error & @crlf) ;### Debug Console
    ;
    ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    VT_Close($hVirusTotal) ;

The result

 

FileExists = 1
$bHash = -1
$stest-LEN = 117 @error = 0
$stest = Content-Disposition: form-data; name="file"; filename="VirusSubmit.exe"
Content-Type: application/octet-stream



----------------------------------------------------------------------------------
@@ Debug(104) : $stest = :Content-Disposition: form-data; name="file"; filename="VirusSubmit.exe"
Content-Type: application/octet-stream


:
>Error code: 0
@@ Debug(107) : $tURL[$Type] = /vtapi/v2/file/scan
>Error code: 0
:{"scan_id": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855-1371656634", "sha1": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "resource": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "response_code": 1, "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "permalink": "https://www.virustotal.com/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/analysis/1371656634/", "md5": "d41d8cd98f00b204e9800998ecf8427e", "verbose_msg": "Scan request successfully queued, come back later for the report"}:
@error = 0
----------------------------------------------------------------------------------
{"response_code": 0, "resource": "FFFFFFFF", "verbose_msg": "Invalid resource, check what you are submitting"}
@@ Debug(95) : $bHash = -1
>Error code: 0
----------------------------------------------------------------------------------

 

Now for the original program I couldn't get to submit and still can't when the antivirus is on.  Code is the same the only change is

$sFileName = "D:\MemoryStickDEV\AHC_technology\programs\AHC_UserInfo.exe"

result

 

FileExists = 1
$bHash = 0x46B3CC00ECD3D3E042DECA0072B063B3
$stest-LEN = 664091 @error = 0
$stest = Content-Disposition: form-data; name="file"; filename="AHC_UserInfo.exe"
Content-Type: application/octet-stream

MZ----------------------------------------------------------------------------------
@@ Debug(104) : $stest = :Content-Disposition: form-data; name="file"; filename="AHC_UserInfo.exe"
Content-Type: application/octet-stream

MZ@@ Debug(107) : $tURL[$Type] = /vtapi/v2/file/scan
>Error code: 0
::
@error = 0
----------------------------------------------------------------------------------
{"scans": {"TotalDefense": {"detected": false, "version": "37.0.10473", "result": null, "update": "20130619"}, "MicroWorld-eScan": {"detected": false, "version": "12.0.250.0", "result": null, "update": "20130619"}, "nProtect": {"detected": false, "version": "2013-06-19.04", "result": null, "update": "20130619"}, "CAT-QuickHeal": {"detected": false, "version": "12.00", "result": null, "update": "20130619"}, "McAfee": {"detected": false, "version": "5.400.0.1158", "result": null, "update": "20130619"}, "Malwarebytes": {"detected": false, "version": "1.75.0.1", "result": null, "update": "20130619"}, "K7AntiVirus": {"detected": false, "version": "9.170.8884", "result": null, "update": "20130618"}, "K7GW": {"detected": false, "version": "12.7.0.12", "result": null, "update": "20130618"}, "TheHacker": {"detected": false, "version": "None", "result": null, "update": "20130619"}, "NANO-Antivirus": {"detected": false, "version": "0.24.0.52848", "result": null, "update": "20130619"}, "F-Prot": {"detected": false, "version": "4.7.1.166", "result": null, "update": "20130618"}, "Symantec": {"detected": false, "version": "20131.1.0.101", "result": null, "update": "20130619"}, "Norman": {"detected": false, "version": "7.01.04", "result": null, "update": "20130619"}, "ByteHero": {"detected": false, "version": "1.0.0.1", "result": null, "update": "20130613"}, "TrendMicro-HouseCall": {"detected": false, "version": "9.700.0.1001", "result": null, "update": "20130619"}, "Avast": {"detected": false, "version": "6.0.1289.0", "result": null, "update": "20130619"}, "eSafe": {"detected": false, "version": "7.0.17.0", "result": null, "update": "20130616"}, "ClamAV": {"detected": false, "version": "0.97.3.0", "result": null, "update": "20130619"}, "Kaspersky": {"detected": false, "version": "9.0.0.837", "result": null, "update": "20130619"}, "BitDefender": {"detected": true, "version": "7.2", "result": "Gen:Trojan.Heur.AutoIT.1", "update": "20130619"}, "Agnitum": {"detected": false, "version": "5.5.1.3", "result": null, "update": "20130618"}, "ViRobot": {"detected": false, "version": "2011.4.7.4223", "result": null, "update": "20130619"}, "Sophos": {"detected": false, "version": "4.90.0", "result": null, "update": "20130619"}, "Comodo": {"detected": false, "version": "16458", "result": null, "update": "20130619"}, "F-Secure": {"detected": true, "version": "11.0.19100.45", "result": "Gen:Trojan.Heur.AutoIT.1", "update": "20130619"}, "DrWeb": {"detected": false, "version": "", "result": null, "update": "20130619"}, "VIPRE": {"detected": false, "version": "18856", "result": null, "update": "20130619"}, "AntiVir": {"detected": false, "version": "7.11.85.142", "result": null, "update": "20130619"}, "TrendMicro": {"detected": false, "version": "9.740.0.1012", "result": null, "update": "20130619"}, "McAfee-GW-Edition": {"detected": false, "version": "2013", "result": null, "update": "20130619"}, "Emsisoft": {"detected": true, "version": "3.0.0.581", "result": "Gen:Trojan.Heur.AutoIT.1 (B)", "update": "20130619"}, "Jiangmin": {"detected": false, "version": "16.0.100", "result": null, "update": "20130619"}, "Antiy-AVL": {"detected": false, "version": "2.0.3.7", "result": null, "update": "20130619"}, "Kingsoft": {"detected": false, "version": "2013.4.9.267", "result": null, "update": "20130506"}, "Microsoft": {"detected": false, "version": "1.9607", "result": null, "update": "20130619"}, "SUPERAntiSpyware": {"detected": true, "version": "5.6.0.1008", "result": "Trojan.Agent/Gen-Autorun", "update": "20130619"}, "GData": {"detected": true, "version": "22", "result": "Gen:Trojan.Heur.AutoIT.1", "update": "20130619"}, "Commtouch": {"detected": false, "version": "5.4.1.7", "result": null, "update": "20130618"}, "AhnLab-V3": {"detected": false, "version": "2013.06.19.06", "result": null, "update": "20130619"}, "VBA32": {"detected": false, "version": "3.12.22.2", "result": null, "update": "20130619"}, "PCTools": {"detected": false, "version": "9.0.0.2", "result": null, "update": "20130521"}, "ESET-NOD32": {"detected": false, "version": "8467", "result": null, "update": "20130619"}, "Rising": {"detected": false, "version": "24.67.02.02", "result": null, "update": "20130619"}, "Ikarus": {"detected": false, "version": "T3.1.4.3.0", "result": null, "update": "20130619"}, "Fortinet": {"detected": false, "version": "5.1.146.0", "result": null, "update": "20130619"}, "AVG": {"detected": false, "version": "10.0.0.1190", "result": null, "update": "20130619"}, "Panda": {"detected": false, "version": "10.0.3.5", "result": null, "update": "20130619"}}, "scan_id": "2f65bd6f6ea409bb4b6ccd85226e46f24c8879b5d08811a2f24d8a2281816be5-1371651653", "sha1": "56f21e22ed9fc49b9de5d3961020a87b5efe3b68", "resource": "46B3CC00ECD3D3E042DECA0072B063B3", "response_code": 1, "scan_date": "2013-06-19 14:20:53", "permalink": "https://www.virustotal.com/file/2f65bd6f6ea409bb4b6ccd85226e46f24c8879b5d08811a2f24d8a2281816be5/analysis/1371651653/", "verbose_msg": "Scan finished, scan information embedded in this object", "total": 47, "positives": 5, "sha256": "2f65bd6f6ea409bb4b6ccd85226e46f24c8879b5d08811a2f24d8a2281816be5", "md5": "46b3cc00ecd3d3e042deca0072b063b3"}
@@ Debug(91) : $bHash = 0x46B3CC00ECD3D3E042DECA0072B063B3
>Error code: 0
----------------------------------------------------------------------------------

Now as you can see there is information in VT now as I disabled the antivirus so it would transmit earlier tonight....

However you can see there was no submit for this file

 

::
@error = 0

 

Not sure how much this is going to help.  If you can think of any tests you want me to try let me know and I'll try them when I get home.

Onward and upward!

John

Share this post


Link to post
Share on other sites

#20 ·  Posted (edited)

The file I was trying to upload/scan was an AutoIt program and my antivirus was intercepting and blocking it.

So the file was not passed to VT thus no report from the "$fScan".

I finally got it to go by disabling the antivirus.

It maybe worth adding some checks to your code to see if the files exists and can be opened.

An antivirus will probably allow you to check it exists but not open it.

Don't have any time to do any major checking now, wish I had found this last night when I did have time.

John

 

On a related note, does your script provide the ability to upload via HTTPS?  The reason I ask is that some UTM firewalls may block the transmission of a virus.  While some UTMs can interrogate SSL, most don't; so it would be good to have this capability if possible.

Great UDF.

-John

Edited by jftuga

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Similar Content

    • Ascer
      By Ascer
      1. Description.
      oAuth 2.0 is security system implemented by Google a few years ago. You are able to connect into your Google accounts and manage documents. In this UDF i show you how to pass first authorization process., this allow you to automate most of functions using API interface. 2. Requirements.
      Google account. oAuth.au3 Download 3. Possibilities
      ;============================================================================================================ ; Date: 2018-02-10, 14:21 ; ; Description: UDF for authorize your app with oAuth 2.0 Google. ; ; Function(s): ; oAuth2GetAuthorizationCode() -> Get Code for "grant". ; oAuth2GetAccessToken() -> Get "access_token" and "refresh_token" first time. ; oAuth2RefreshAccessToken() -> Get current "access_token" using "refresh_token". ; ; Author(s): Ascer ;============================================================================================================ 4. Enable your Google API.
          4.1. Video Tutorial not mine!
       YouTube     4.2 Screenshots from authorization process (Polish language) 
      Go to https://console.developers.google.com/apis/dashboard and accept current rules.  

       
      Next create an new project  

       
      Enter name of you new project and click Create  

       
      Google will working now, please wait until finish. Next go to enable your API interface, we make if for Google  

       
      Take "Gmail" in search input and after click in found result.  

       
      Click Enable interface, Google will working now.  

       
      Create your login credentials  

       
      Select Windows Interface (combobox), User credentials (radio) and click button what is need bla bla  

       
      Type name of a new client id for oAuth 2.0 and click Create a new Client ID.  

       
      Next configure screen aplication, type some name and click Next. Google will working now.  

       
      Last step on this website is download source with your credentials in *Json format.  

       
      Now you received a file named client_id.json, it's how it look in Sublime Text:  

       
      5. Coding.
      Now we need to call a some function to get access code.  
      #include <oAuth.au3> Local $sClientId = "167204758184-vpeues0uk6b0g4jrnv0ipq5fapoig2v8.apps.googleusercontent.com" Local $sRedirectUri = "http://localhost" oAuth2GetAuthorizationCode($sClientId, $sRedirectUri)  
      Function will execute default browser for ask you to permission.  

       
      Next Google ask you to permission for access to your personal details by application Autoit   

       
      Now you can thing is something wrong but all is ok, you need to copy all after  code= . It your access code.  

       
      Let's now ask Google about our Access Token and Refresh Token  
      #include <oAuth.au3> Local $sClientId = "167204758184-vpeues0uk6b0g4jrnv0ipq5fapoig2v8.apps.googleusercontent.com" Local $sClientSecret = "cWalvFr3WxiE6cjUkdmKEPo8" Local $sAuthorizationCode = "4/AAAPXJOZ-Tz0s6mrx7JbV6nthXSfcxaszFh_aH0azVqHkSHkfiwE8uamcabn4eMbEWg1eAuUw7AU0PQ0XeWUFRo#" Local $sRedirectUri = "http://localhost" Local $aRet = oAuth2GetAccessToken($sClientId, $sClientSecret, $sAuthorizationCode, $sRedirectUri) If Ubound($aRet) <> 4 then ConsoleWrite("+++ Something wrong with reading ResponseText." & @CRLF) Exit EndIf ConsoleWrite("Successfully received data from Google." & @CRLF) ConsoleWrite("access_token: " & $aRet[0] & @CRLF) ConsoleWrite("expires_in: " & $aRet[1] & @CRLF) ConsoleWrite("refresh_token: " & $aRet[2] & @CRLF) ConsoleWrite("token_type: " & $aRet[3] & @CRLF)  
      Important! When you received error 400 and output says: Invalid grant it means that your previous generated access_code lost validity and you need to generate new calling previus code. When everything is fine you should received a 4 informations about your: access_token, expires_in, refresh_token and token_type. Access_Token time is a little short so you need to know fuction possible to refresh it (tell Google that he should generate a new Token for you)  
      #include <oAuth.au3> Local $sRefreshToken = "1/ba8JpW7TjQH3-UI1BvPaXhSf-oTQ4BmZAbBfhcKgKfY" Local $sClientId = "167204758184-vpeues0uk6b0g4jrnv0ipq5fapoig2v8.apps.googleusercontent.com" Local $sClientSecret = "cWalvFr3WxiE6cjUkdmKEPo8" Local $sRedirectUri = "http://localhost" Local $aRet = oAuth2RefreshAccessToken($sRefreshToken, $sClientId, $sClientSecret) If Ubound($aRet) <> 3 then ConsoleWrite("+++ Something wrong with reading ResponseText." & @CRLF) Exit EndIf ConsoleWrite("Successfully received data from Google." & @CRLF) ConsoleWrite("access_token: " & $aRet[0] & @CRLF) ConsoleWrite("expires_in: " & $aRet[1] & @CRLF) ConsoleWrite("token_type: " & $aRet[2] & @CRLF)  
      6. Finish words
      If you followed all this above steps im sure that you received all informations required for coding your Google API (Gmail, Dropbox, YouTube, Calender etc. See next thread: [UDF] Gmail API - Email automation with AutoIt!
    • Ascer
      By Ascer
      1. Description.
      Automate communication with Gmail API using oAuth 2.0 security. 2. Requirements.
      Google Gmail account. Finished Authorization process. Look here 3. Possibilities.
      ;======================================================================================================================== ; Date: 2018-02-12, 11:46 ; ; Bug Fixs: 2018-02-17, 7:31 -> Fixed problems with adding items to array and minor bugs. ; ; Description: UDF for using Gmail API interface. This UDF requires oAuth.au3 and Gmail account. ; ; Function(s): ; gmailUsersGetProfile() -> Information about your account. ; gmailUsersLabelsList() -> Get all available labels ids. ex. "INBOX", "UNREAD" ; gmailUsersLabelsGet() -> Get information about specific label id. ; gmailUsersMessagesBatchDelete() -> Delete many messages emails by id. ; gmailUsersMessagesBatchModify() -> Set status for many messages ex. "INBOX", "UNREAD" ; gmailUsersMessagesDelete() -> Totaly delete email from ur account. ; gmailUsersMessagesGet() -> Get all information about specific email. ; gmailUsersMessagesList() -> Get list of last ~100 emails. ; gmailUsersMessagesModify() -> Modify single message. ; gmailUsersMessagesTrash() -> Put email in trash. ; gmailUsersMessagesUntrash() -> Restore email from trash. ; gmailUsersMessagesSend() -> Send email to single or group recipients. ; gmailUsersMessagesAttachmentsGet() -> Download attachment by id. ; ; Author(s): Ascer ;======================================================================================================================== 4. Downloads.
      oAuth.au3 Gmail API.au3 5. Examples.
      Sending emails
    • islandspapand
      By islandspapand
      Hi All
      i am currently trying to add a function to my project that can send SMS, i have gone with Twilio for the sms service that use a REST API.
      I have never worked with an API before, and could use some help.
      I can get my function working with using cURL.exe and copy past command from the website with the following code. And thats great unfortunately i am have issue with character like æøå when sending a SMS appears like a box or ?. this does not happen if i do it from the website so it looks like a Unicode issue in curl.exe.
      I have done some searching on the forum and understand that i should be able to implement this curl command with the WinHTTP UDF from @trancexx so i don't need a third part exe and it might fix my charater issue.
      Unfortunately i really don't understand how i am to change curl commands to the WinHTTP and i was hoping some good maybe give me an example i could learn from.
      Thanks in advanced
      i have removed the AuthToken number from the script.
      _SendSMS("00000000","SomeOne","SMS body info") Func _SendSMS($SendTo,$SendFrom,$Msgtxt) $AccountSID = "ACbb765b3180d5938229eff8b8f63ed1bc" $AuthToken = "Auth Token number" $Data = '"https://api.twilio.com/2010-04-01/Accounts/'&$AccountSID&'/Messages.json"'& _ '-X POST \ --data-urlencode "To=+45'&$SendTo&'" \ --data-urlencode "From='&$SendFrom&'" \ --data-urlencode "Body='&$Msgtxt&'" \ -u '&$AccountSID&':'&$AuthToken&'' ShellExecute(@ScriptDir&"\curl.exe","-k "&$Data) ;~ curl 'https://api.twilio.com/2010-04-01/Accounts/ACbb765b3180d5938229eff8b8f63ed1bc/Messages.json' -X POST \ ;~ --data-urlencode 'To=+4500000000' \ ;~ --data-urlencode 'From=Reception' \ ;~ --data-urlencode 'Body=Test Body' \ ;~ -u ACbb765b3180d5938229eff8b8f63ed1bc:[AuthToken] EndFunc