malicialab / avclass Goto Github PK
View Code? Open in Web Editor NEWAVClass malware labeling tool
License: MIT License
avclass's People
Contributors
Stargazers
Watchers
Forkers
enascimento chubbymaggie neoz impillar rscampos alximw threatinteltest hammadmahmoud idkwim jackbro shyant cloudtracer beejhuff pombredanne wushenwu ouguanxiaosilang primmus j4son jankins emdel kfinny brennane eclipse140790 mouatez joaogodinho crimsonglory basant-kumar milesqli abegining evilmartin richie-guo gptcod yuedeji snailxu tumblr1978 sebdraven sjzyangxu pharzyde zurich1994 xd-jiangzhe byeongal killvxk heikipikker yuknight opmusic undo-ransomware ryanbekabe evandowning initpwn liuzhichenger awalinsopan comath syuukakou cyberbits swang848 5l1v3r1 tfxidian richardriverag itayc0hen pdinduseng kevin0726 mm4rks anafsah kazuya-n wliuxingxiangyu scorpionre gavz huddy1985 imendax mbgokce platonk b0urb0n imidoriya asabellico jinblack hzj415909583 sljiaa buckxu 973771793 gmz9976 vippermanu alikiani85 skybulk surrealyz hackthecrisis21 dolcelatte alrawi yoeteyo yuanchongbit osnryo lpirch yashvarma2001 kedar2017 kaso1114 dhruvgupta9675 pynpy virscan seth-goodwin chennqqi c0rpseavclass's Issues
How to get the result in README
Hi
First of all, thank you for your wonderful work. And I want get the the result in the README like that:
aca2d12934935b070df8f50e06a20539 33 CLASS:grayware|10,CLASS:grayware:adware|9,FILE:os:windows|8,FAM:adrotator|8,CLASS:downloader|3,FAM:zlob|2
67d15459e1f85898851148511c86d88d 37 CLASS:dialer|23,FILE:os:windows|9,FAM:adultbrowser|8,CLASS:dialer:porndialer|7,CLASS:grayware|6,CLASS:grayware:tool|3,FAM:target|2
Now I try
python3 avclass2_labeler.py -vt ../../../Downloads/report/VirusShare_0a0d4874af7526ee3404f3bee8cd98ec -vt3
The JSON report gets from https://www.virustotal.com/api/v3/files/{hash} :
{"data": {"attributes": {"first_submission_date": 1580280181, "last_analysis_date": 1600950014, "last_analysis_results": {"ALYac": {"category": "malicious", "engine_name": "ALYac", "engine_update": "20200924", "engine_version": "1.1.1.5", "method": "blacklist", "result": "Trojan.HTML.Ramnit.A"}, "APEX": {"category": "type-unsupported", "engine_name": "APEX", "engine_update": "20200922", "engine_version": "6.73", "method": "blacklist", "result": "Null"}, "AVG": {"category": "malicious", "engine_name": "AVG", "engine_update": "20200924", "engine_version": "18.4.3895.0", "method": "blacklist", "result": "JS:Dropper-AQ [Trj]"}, "Acronis": {"category": "type-unsupported", "engine_name": "Acronis", "engine_update": "20200917", "engine_version": "1.1.1.78", "method": "blacklist", "result": "Null"}, "Ad-Aware": {"category": "malicious", "engine_name": "Ad-Aware", "engine_update": "20200924", "engine_version": "3.0.16.117", "method": "blacklist", "result": "Trojan.HTML.Ramnit.A"}, "AegisLab": {"category": "malicious", "engine_name": "AegisLab", "engine_update": "20200924", "engine_version": "4.2", "method": "blacklist", "result": "Trojan.VBS.Agent.b!c"}, "AhnLab-V3": {"category": "malicious", "engine_name": "AhnLab-V3", "engine_update": "20200924", "engine_version": "3.18.1.10026", "method": "blacklist", "result": "JS/Ramnit.N"}, "Alibaba": {"category": "type-unsupported", "engine_name": "Alibaba", "engine_update": "20190527", "engine_version": "0.3.0.5", "method": "blacklist", "result": "Null"}, "Antiy-AVL": {"category": "malicious", "engine_name": "Antiy-AVL", "engine_update": "20200924", "engine_version": "3.0.0.1", "method": "blacklist", "result": "Trojan[Dropper]/VBS.Agent.bp"}, "Arcabit": {"category": "malicious", "engine_name": "Arcabit", "engine_update": "20200924", "engine_version": "1.0.0.881", "method": "blacklist", "result": "Trojan.HTML.Ramnit.A"}, "Avast": {"category": "malicious", "engine_name": "Avast", "engine_update": "20200924", "engine_version": "18.4.3895.0", "method": "blacklist", "result": "JS:Dropper-AQ [Trj]"}, "Avast-Mobile": {"category": "type-unsupported", "engine_name": "Avast-Mobile", "engine_update": "20200924", "engine_version": "200924-00", "method": "blacklist", "result": "Null"}, "Avira": {"category": "malicious", "engine_name": "Avira", "engine_update": "20200924", "engine_version": "8.3.3.8", "method": "blacklist", "result": "VBS/Ramnit.abcd"}, "Baidu": {"category": "malicious", "engine_name": "Baidu", "engine_update": "20190318", "engine_version": "1.0.0.2", "method": "blacklist", "result": "HTML.Trojan.Ramnit.a"}, "BitDefender": {"category": "malicious", "engine_name": "BitDefender", "engine_update": "20200924", "engine_version": "7.2", "method": "blacklist", "result": "Trojan.HTML.Ramnit.A"}, "BitDefenderTheta": {"category": "malicious", "engine_name": "BitDefenderTheta", "engine_update": "20200918", "engine_version": "7.2.37796.0", "method": "blacklist", "result": "Gen:NN.ZexaF.34254.dmKfaS3hrPac"}, "Bkav": {"category": "malicious", "engine_name": "Bkav", "engine_update": "20200924", "engine_version": "1.3.0.9899", "method": "blacklist", "result": "W32.ScriptDropperE.Worm"}, "CAT-QuickHeal": {"category": "malicious", "engine_name": "CAT-QuickHeal", "engine_update": "20200924", "engine_version": "14.00", "method": "blacklist", "result": "VBS.Dropper.A"}, "CMC": {"category": "undetected", "engine_name": "CMC", "engine_update": "20200924", "engine_version": "2.7.2019.1", "method": "blacklist", "result": "Null"}, "ClamAV": {"category": "malicious", "engine_name": "ClamAV", "engine_update": "20200923", "engine_version": "0.102.3.0", "method": "blacklist", "result": "Legacy.Trojan.Agent-1388596"}, "Comodo": {"category": "malicious", "engine_name": "Comodo", "engine_update": "20200924", "engine_version": "32839", "method": "blacklist", "result": "Virus.VBS.Ramnit.c@4xfd1h"}, "CrowdStrike": {"category": "type-unsupported", "engine_name": "CrowdStrike", "engine_update": "20190702", "engine_version": "1.0", "method": "blacklist", "result": "Null"}, "Cybereason": {"category": "type-unsupported", "engine_name": "Cybereason", "engine_update": "20190616", "engine_version": "1.2.449", "method": "blacklist", "result": "Null"}, "Cylance": {"category": "type-unsupported", "engine_name": "Cylance", "engine_update": "20200924", "engine_version": "2.3.1.101", "method": "blacklist", "result": "Null"}, "Cynet": {"category": "malicious", "engine_name": "Cynet", "engine_update": "20200924", "engine_version": "4.0.0.24", "method": "blacklist", "result": "Malicious (score: 85)"}, "Cyren": {"category": "malicious", "engine_name": "Cyren", "engine_update": "20200924", "engine_version": "6.3.0.2", "method": "blacklist", "result": "VBS/Ramnit.B"}, "DrWeb": {"category": "malicious", "engine_name": "DrWeb", "engine_update": "20200924", "engine_version": "7.0.49.9080", "method": "blacklist", "result": "VBS.Rmnet.5"}, "ESET-NOD32": {"category": "malicious", "engine_name": "ESET-NOD32", "engine_update": "20200924", "engine_version": "22042", "method": "blacklist", "result": "Win32/Ramnit.A"}, "Elastic": {"category": "type-unsupported", "engine_name": "Elastic", "engine_update": "20200917", "engine_version": "4.0.9", "method": "blacklist", "result": "Null"}, "Emsisoft": {"category": "malicious", "engine_name": "Emsisoft", "engine_update": "20200924", "engine_version": "2018.12.0.1641", "method": "blacklist", "result": "Trojan.HTML.Ramnit.A (B)"}, "F-Secure": {"category": "malicious", "engine_name": "F-Secure", "engine_update": "20200924", "engine_version": "12.0.86.52", "method": "blacklist", "result": "Malware.VBS/Ramnit.abcd"}, "FireEye": {"category": "malicious", "engine_name": "FireEye", "engine_update": "20200924", "engine_version": "32.36.1.0", "method": "blacklist", "result": "Trojan.HTML.Ramnit.A"}, "Fortinet": {"category": "malicious", "engine_name": "Fortinet", "engine_update": "20200924", "engine_version": "6.2.142.0", "method": "blacklist", "result": "VBS/DropperAgent.BP!tr"}, "GData": {"category": "malicious", "engine_name": "GData", "engine_update": "20200924", "engine_version": "A:25.27123B:27.20282", "method": "blacklist", "result": "Script.Virus.Ramnit.C"}, "Ikarus": {"category": "malicious", "engine_name": "Ikarus", "engine_update": "20200924", "engine_version": "0.1.5.2", "method": "blacklist", "result": "Virus.VBS.Ramnit"}, "Invincea": {"category": "malicious", "engine_name": "Invincea", "engine_update": "20200924", "engine_version": "1.0.1.0", "method": "blacklist", "result": "VBS/Inor-AA"}, "Jiangmin": {"category": "malicious", "engine_name": "Jiangmin", "engine_update": "20200924", "engine_version": "16.0.100", "method": "blacklist", "result": "Trojan/Script.Gen"}, "K7AntiVirus": {"category": "malicious", "engine_name": "K7AntiVirus", "engine_update": "20200924", "engine_version": "11.141.35301", "method": "blacklist", "result": "Trojan ( 001bb56b1 )"}, "K7GW": {"category": "malicious", "engine_name": "K7GW", "engine_update": "20200924", "engine_version": "11.141.35301", "method": "blacklist", "result": "Exploit ( 04c554ce1 )"}, "Kaspersky": {"category": "malicious", "engine_name": "Kaspersky", "engine_update": "20200924", "engine_version": "15.0.1.13", "method": "blacklist", "result": "Trojan-Dropper.VBS.Agent.bp"}, "Kingsoft": {"category": "undetected", "engine_name": "Kingsoft", "engine_update": "20200924", "engine_version": "2013.8.14.323", "method": "blacklist", "result": "Null"}, "MAX": {"category": "malicious", "engine_name": "MAX", "engine_update": "20200924", "engine_version": "2019.9.16.1", "method": "blacklist", "result": "malware (ai score=83)"}, "Malwarebytes": {"category": "undetected", "engine_name": "Malwarebytes", "engine_update": "20200924", "engine_version": "3.6.4.335", "method": "blacklist", "result": "Null"}, "MaxSecure": {"category": "malicious", "engine_name": "MaxSecure", "engine_update": "20200922", "engine_version": "1.0.0.1", "method": "blacklist", "result": "Virus.SCRPT.VBS.Ramnit.A"}, "McAfee": {"category": "malicious", "engine_name": "McAfee", "engine_update": "20200924", "engine_version": "6.0.6.653", "method": "blacklist", "result": "W32/Ramnit.a!htm"}, "McAfee-GW-Edition": {"category": "malicious", "engine_name": "McAfee-GW-Edition", "engine_update": "20200924", "engine_version": "v2019.1.2+3728", "method": "blacklist", "result": "BehavesLike.HTML.Dropper.cr"}, "MicroWorld-eScan": {"category": "malicious", "engine_name": "MicroWorld-eScan", "engine_update": "20200924", "engine_version": "14.0.409.0", "method": "blacklist", "result": "Trojan.HTML.Ramnit.A"}, "Microsoft": {"category": "malicious", "engine_name": "Microsoft", "engine_update": "20200924", "engine_version": "1.1.17400.5", "method": "blacklist", "result": "Virus:VBS/Ramnit.gen!C"}, "NANO-Antivirus": {"category": "malicious", "engine_name": "NANO-Antivirus", "engine_update": "20200924", "engine_version": "1.0.134.25140", "method": "blacklist", "result": "Trojan.Script.Agent.bfcghy"}, "Paloalto": {"category": "type-unsupported", "engine_name": "Paloalto", "engine_update": "20200924", "engine_version": "1.0", "method": "blacklist", "result": "Null"}, "Panda": {"category": "malicious", "engine_name": "Panda", "engine_update": "20200924", "engine_version": "4.6.4.2", "method": "blacklist", "result": "W32/Cosmu.A"}, "Qihoo-360": {"category": "malicious", "engine_name": "Qihoo-360", "engine_update": "20200924", "engine_version": "1.0.0.1120", "method": "blacklist", "result": "virus.vbs.writebin.a"}, "Rising": {"category": "malicious", "engine_name": "Rising", "engine_update": "20200924", "engine_version": "25.0.0.26", "method": "blacklist", "result": "Virus.Ramnit/VBS!1.AE79 (CLASSIC)"}, "SUPERAntiSpyware": {"category": "undetected", "engine_name": "SUPERAntiSpyware", "engine_update": "20200918", "engine_version": "5.6.0.1032", "method": "blacklist", "result": "Null"}, "Sangfor": {"category": "malicious", "engine_name": "Sangfor", "engine_update": "20200814", "engine_version": "1.0", "method": "blacklist", "result": "Malware"}, "SentinelOne": {"category": "type-unsupported", "engine_name": "SentinelOne", "engine_update": "20200724", "engine_version": "4.4.0.0", "method": "blacklist", "result": "Null"}, "Sophos": {"category": "malicious", "engine_name": "Sophos", "engine_update": "20200924", "engine_version": "4.98.0", "method": "blacklist", "result": "VBS/Inor-AA"}, "Symantec": {"category": "malicious", "engine_name": "Symantec", "engine_update": "20200924", "engine_version": "1.12.0.0", "method": "blacklist", "result": "W32.Ramnit!html"}, "SymantecMobileInsight": {"category": "type-unsupported", "engine_name": "SymantecMobileInsight", "engine_update": "20200813", "engine_version": "2.0", "method": "blacklist", "result": "Null"}, "TACHYON": {"category": "undetected", "engine_name": "TACHYON", "engine_update": "20200924", "engine_version": "2020-09-24.02", "method": "blacklist", "result": "Null"}, "Tencent": {"category": "malicious", "engine_name": "Tencent", "engine_update": "20200924", "engine_version": "1.0.0.1", "method": "blacklist", "result": "Html.Win32.Script.1501246"}, "TotalDefense": {"category": "undetected", "engine_name": "TotalDefense", "engine_update": "20200924", "engine_version": "37.1.62.1", "method": "blacklist", "result": "Null"}, "Trapmine": {"category": "type-unsupported", "engine_name": "Trapmine", "engine_update": "20200727", "engine_version": "3.5.0.1023", "method": "blacklist", "result": "Null"}, "TrendMicro": {"category": "malicious", "engine_name": "TrendMicro", "engine_update": "20200924", "engine_version": "11.0.0.1006", "method": "blacklist", "result": "Virus.VBS.RAMNIT.SMWL"}, "TrendMicro-HouseCall": {"category": "malicious", "engine_name": "TrendMicro-HouseCall", "engine_update": "20200924", "engine_version": "10.0.0.1040", "method": "blacklist", "result": "Virus.VBS.RAMNIT.SMWL"}, "Trustlook": {"category": "type-unsupported", "engine_name": "Trustlook", "engine_update": "20200924", "engine_version": "1.0", "method": "blacklist", "result": "Null"}, "VBA32": {"category": "malicious", "engine_name": "VBA32", "engine_update": "20200924", "engine_version": "4.4.1", "method": "blacklist", "result": "Trojan.HTML.Ramnit.A"}, "VIPRE": {"category": "malicious", "engine_name": "VIPRE", "engine_update": "20200924", "engine_version": "86926", "method": "blacklist", "result": "Virus.VBS.Ramnit.a (v)"}, "ViRobot": {"category": "malicious", "engine_name": "ViRobot", "engine_update": "20200924", "engine_version": "2014.3.20.0", "method": "blacklist", "result": "VBS.Dropper.B"}, "Webroot": {"category": "type-unsupported", "engine_name": "Webroot", "engine_update": "20200924", "engine_version": "1.0.0.403", "method": "blacklist", "result": "Null"}, "Yandex": {"category": "malicious", "engine_name": "Yandex", "engine_update": "20200911", "engine_version": "5.5.2.24", "method": "blacklist", "result": "VBS.Ramnit.T"}, "Zillya": {"category": "malicious", "engine_name": "Zillya", "engine_update": "20200924", "engine_version": "2.0.0.4181", "method": "blacklist", "result": "Dropper.Ramnit.VBS.1"}, "ZoneAlarm": {"category": "malicious", "engine_name": "ZoneAlarm", "engine_update": "20200924", "engine_version": "1.0", "method": "blacklist", "result": "Trojan-Dropper.VBS.Agent.bp"}, "Zoner": {"category": "malicious", "engine_name": "Zoner", "engine_update": "20200920", "engine_version": "0.0.0.0", "method": "blacklist", "result": "Trojan.HTML.44076"}, "eGambit": {"category": "type-unsupported", "engine_name": "eGambit", "engine_update": "20200924", "engine_version": "Null", "method": "blacklist", "result": "Null"}}, "last_analysis_stats": {"confirmed-timeout": 0, "failure": 0, "harmless": 0, "malicious": 54, "suspicious": 0, "timeout": 0, "type-unsupported": 15, "undetected": 6}, "last_modification_date": 1600957556, "last_submission_date": 1600950014, "magic": "HTML document text", "md5": "0a0d4874af7526ee3404f3bee8cd98ec", "meaningful_name": "VirusShare_0a0d4874af7526ee3404f3bee8cd98ec", "names": ["VirusShare_0a0d4874af7526ee3404f3bee8cd98ec", "list_7.html"], "packers": {"Cyren": "UTF-8", "F-PROT": "UTF-8"}, "reputation": 0, "sha1": "e810538ec8dca80013694507898118414b991b6a", "sha256": "55f58443fd0b38de1da78a86ecff7f26848068f9dd2b51cfe603556a9c5aca9e", "size": 131943, "ssdeep": "1536:pjHZNAmfGMVXehMzmlEgyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09wee:pjUyfkMY+BES09JXAnyrZalI+YQ", "tags": ["html"], "times_submitted": 2, "total_votes": {"harmless": 0, "malicious": 0}, "trid": [{"file_type": "Text - UTF-8 encoded", "probability": 100.0}], "type_description": "HTML", "type_tag": "html", "unique_sources": 2}, "id": "55f58443fd0b38de1da78a86ecff7f26848068f9dd2b51cfe603556a9c5aca9e", "links": {"self": "https://www.virustotal.com/api/v3/files/55f58443fd0b38de1da78a86ecff7f26848068f9dd2b51cfe603556a9c5aca9e"}, "type": "file"}}
And I get the result like that :
JSON read0a0d4874af7526ee3404f3bee8cd98ec 75 ramnit|19,virus|9,filemodify|9,execdownload|7,downloader|7,html|6,jswebinject|4,windows|2
That's different from README and I want to know how to get the result who has labels like FAM CLASS and so on.
Thank you for your time.
MISP taxonomies
I'm looking to use avclass2 to classify malware in my MISP instance. After getting a result from avclass, I'd like to give it an appropriate tag. Just wondering if you had a recommendation for tag taxonomies that would best align with the return of avclass.
Here are the MISP taxonomies
The ones that look like they might fit.
ms-caro-malware-full
Malware Type and Platform classification based on Microsoft's implementation of the Computer Antivirus Research Organization (CARO) Naming Scheme and Malware Terminology. Based on https://www.microsoft.com/en-us/security/portal/mmpc/shared/malwarenaming.aspx, https://www.microsoft.com/security/portal/mmpc/shared/glossary.aspx, https://www.microsoft.com/security/portal/mmpc/shared/objectivecriteria.aspx, and http://www.caro.org/definitions/index.html. Malware families are extracted from Microsoft SIRs since 2008 based on https://www.microsoft.com/security/sir/archive/default.aspx and https://www.microsoft.com/en-us/security/portal/threat/threats.aspx. Note that SIRs do NOT include all Microsoft malware families.
mwdb
Malware Database (mwdb) Taxonomy - Tags used across the platform
malware_classification
Classification based on different categories. Based on https://www.sans.org/reading-room/whitepapers/incident/malware-101-viruses-32848
A question about remove suffix
Thx for you sharing! In your work, you remove suffix, but I think there are some meaningful suffix, for example, the '@mm' means massive worm spam, so is it necessary to treat some suffix as valuable token?
The version of a MISP cluster has the type INT.
I can not add the current master to MISP. The version of the MISP cluster should be an integer and not a string.
Traceback:
$ sudo -u misp /var/www/MISP-2.4.169/app/Console/cake Admin updateGalaxies
Error: SQLSTATE[01000]: Warning: 1265 Data truncated for column 'version' at row 1
#0 /var/www/MISP-2.4.169/app/Lib/cakephp/lib/Cake/Model/Datasource/DboSource.php(502): PDOStatement->execute(Array)
#1 /var/www/MISP-2.4.169/app/Lib/cakephp/lib/Cake/Model/Datasource/DboSource.php(468): DboSource->_execute('INSERT INTO `mi...', Array)
#2 /var/www/MISP-2.4.169/app/Lib/cakephp/lib/Cake/Model/Datasource/DboSource.php(1132): DboSource->execute('INSERT INTO `mi...')
#3 /var/www/MISP-2.4.169/app/Lib/cakephp/lib/Cake/Model/Model.php(1942): DboSource->create(Object(GalaxyCluster), Array, Array)
#4 /var/www/MISP-2.4.169/app/Lib/cakephp/lib/Cake/Model/Model.php(1754): Model->_doSave(Array, Array)
#5 /var/www/MISP-2.4.169/app/Model/Galaxy.php(190): Model->save(Array, Array)
#6 /var/www/MISP-2.4.169/app/Model/Galaxy.php(261): Galaxy->__createClusters(Array, Array)
#7 /var/www/MISP-2.4.169/app/Console/Command/AdminShell.php(286): Galaxy->update(false)
#8 /var/www/MISP-2.4.169/app/Lib/cakephp/lib/Cake/Console/Shell.php(459): AdminShell->updateGalaxies()
#9 /var/www/MISP-2.4.169/app/Lib/cakephp/lib/Cake/Console/ShellDispatcher.php(222): Shell->runCommand('updateGalaxies', Array)
#10 /var/www/MISP-2.4.169/app/Lib/cakephp/lib/Cake/Console/ShellDispatcher.php(66): ShellDispatcher->dispatch()
#11 /var/www/MISP-2.4.169/app/Console/cake.php(45): ShellDispatcher::run(Array)
#12 {main}avclass/avclass/data/misp/cluster/avclass.json
Line 13322 in 58ae3db
mysql> describe galaxy_clusters;
+------------------+--------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+------------------+--------------+------+-----+---------+----------------+
| id | int | NO | PRI | NULL | auto_increment |
...
| version | int | YES | MUL | 0 | |
...
AVClass2 PUP detection underestimates?
PUP detection routine (in avclass2_common.py line 473) looks at a single CLASS tag for grayware but there are often multiple grayware tags such as:
0160b834b0939dffeedf1018296dd10e077743014d9724fb5020a4658f7330d9 72 FILE:os:windows|10,CLASS:grayware:adware|10,FAM:softcnapp|9,CLASS:grayware|8,UNK:burden|5,CLASS:virus|2 1
There are CLASS:grayware:adware|10 and CLASS:grayware|8, so should the PUP detection routine sum them up, instead of only looking at them individually?
Why are the dates required in the simplified json file?
I assume the scan date and first seen date are not important. Why do you need them?
v.3 VT files are not processed
Hi, first, thank you for this awesome piece of code!
I have a bunch of v.3 VT jsons that I want to run through AVClass2. I've downloaded the module from your master branch to my ubuntu machine, however, it won't process my files and I don't know why...
When I run AVClass2 on your VT v.2 example it works fine:
/home/shay/PycharmProjects/avclass-master$ ./avclass2/avclass2_labeler.py -vt ./examples/vtv2_sample.json -p
[-] Using tagging rules in /home/shay/PycharmProjects/avclass-master/avclass2/data/default.tagging
[-] Using taxonomy in /home/shay/PycharmProjects/avclass-master/avclass2/data/default.taxonomy
[-] Using expansion tags in /home/shay/PycharmProjects/avclass-master/avclass2/data/default.expansion
[-] Processing input file ./examples/vtv2_sample.json
[-] 0 JSON read602695c8f2ad76564bddcaf47b76edff 52 FAM:zeroaccess|19,FILE:os:windows|16,BEH:server|8,CLASS:backdoor|8,FILE:packed|7 f117cc1477513cb181cc2e9fcaab39b2 39 CLASS:rogueware|15,BEH:alertuser|15,FILE:os:windows|11,FAM:winwebsec|4,CLASS:grayware|4,CLASS:grayware:tool|3,FILE:packed|3
[-] 2 JSON read
[-] Samples: 2 NoScans: 0 NoTags: 0 GroundTruth: 0
However, When I run AVClass2 on your VT v.3 example it indicates that it is not able to process it:
/home/shay/PycharmProjects/avclass-master$ ./avclass2/avclass2_labeler.py -vt ./examples/vtv3_sample.json -p
[-] Using tagging rules in /home/shay/PycharmProjects/avclass-master/avclass2/data/default.tagging
[-] Using taxonomy in /home/shay/PycharmProjects/avclass-master/avclass2/data/default.taxonomy
[-] Using expansion tags in /home/shay/PycharmProjects/avclass-master/avclass2/data/default.expansion
[-] Processing input file ./examples/vtv3_sample.json
[-] 0 JSON read Could not process: { "data": { "attributes": { "creation_date": 1584397860, "exiftool": { "Author": "Tatyana", "Characters": 1896, "CharactersWithSpaces": 2224, "CreateDate": "2020:03:16
.
.
.
"type": "file" } }
[-] 1 JSON read
[-] Samples: 1 NoScans: 1 NoTags: 1 GroundTruth: 0
Same thing happen when I use AVClass (instead of AVClass2).
What am I doing wrong?
ValueError: Expecting object: line 1 column 2 (char 1) / jsonfiles
Understanding alias
Hi
I need some help understanding aliases please... (The link to join the mailing list fails with a 'forbidden' error.)
I thought that the first two columns (t1 and t2) represent the main family and alias name respectively..
but...
I am seeing records with (for example)
t1 = razy
t2 = score
and
t1 = score
t2 = razy
I need to be able to reduce all aliases to their main/master/root family names. Is this possible (and if so how).
Thanks in advance
Labaler fails on invalid vt file
While running command:
./avclass_labeler.py -vt filename.vt.json | caton file:
{
"response_code": 0,
"resource": "647739e7c3b617c4b409cc121b9adc4579b99c658098c136f85c0a3b42275419",
"verbose_msg": "The requested resource is not among the finished, queued or pending scans"
}I got this error:
[-] Using aliases in data/default.aliases
[-] Using generic tokens in data/default.generics
[-] 0 JSON readTraceback (most recent call last):
File "./avclass_labeler.py", line 396, in <module>
main(args)
File "./avclass_labeler.py", line 86, in main
name = getattr(sample_info, hash_type)
AttributeError: 'NoneType' object has no attribute 'md5'The input file is part of a larger dataset which I am trying to batch process using avclass and it fails halfway because of these "invalid" files.
Avclass2 with -vtdir option asks for -vt
I'm trying to use avclass2 for extracting info from reports that I have offline.
While the -vtdir worked in avclass, with avclass2 it says that Argument -vt or -lb is required
Am I missing something?
Thank you in advance!
Generic_detect and Alias_detect cannot work on windows
There is no /dev/null on windows, needing NUL instead.
And when python2 and python3 are both installed, the subprocess command needs to use "py -2 xxx.py -lb ..."
Bug when using -d option
When I use the -d option to give a directory of multiple files, it gives the following error:
[-] Using tagging rules in /home/cassie/.local/lib/python3.10/site-packages/avclass/data/default.tagging
[-] Using taxonomy in /home/cassie/.local/lib/python3.10/site-packages/avclass/data/default.taxonomy
[-] Using expansion tags in /home/cassie/.local/lib/python3.10/site-packages/avclass/data/default.expansion
Traceback (most recent call last):
File "/home/cassie/.local/bin/avclass", line 8, in <module>
sys.exit(main())
File "/home/cassie/.local/lib/python3.10/site-packages/avclass/labeler.py", line 501, in main
args, ifile_l = parse_args()
File "/home/cassie/.local/lib/python3.10/site-packages/avclass/labeler.py", line 680, in parse_args
files.add(filepath)
AttributeError: 'dict' object has no attribute 'add'
It tracks down to this part (lines 672 to 683) in labeler.py
# Build list of input files
files = set(args.f) if args.f is not None else {}
if args.d:
for d in args.d:
if os.path.isdir:
for f in os.listdir(d):
filepath = os.path.join(d, f)
if os.path.isfile(filepath):
files.add(filepath)
else:
log.warning('Not a valid directory: %s' % d)
sys.exit(1)
Files should be initialized as an empty set when args.f is None, not an empty dictionary.
(When I use -f together with -d, it doesn't give the error, as files is correctly initialized as a set. )
need to correct issue with python 3 in avclass_common
av_pup = map(lambda x: x[1], bool_set).count(True)
AttributeError: 'map' object has no attribute 'count'
Labaler fails on vt file
first, the The contents of 1.vt.json is
{
"md5":"b68abd064e975e1c6d5f25e748663076",
"permalink":"https://www.virustotal.com/file/d6c47eba7f3e3bb36ab273cb251d08efcd1c42181d85ad433f8a00a7bda0ecd6/analysis/1579101960/",
"positives":66,
"resource":"b68abd064e975e1c6d5f25e748663076",
"response_code":1,
"scan_date":"2020-01-15 15:26:00",
"scan_id":"d6c47eba7f3e3bb36ab273cb251d08efcd1c42181d85ad433f8a00a7bda0ecd6-1579101960",
"scans":{
"ALYac":{
"detected":true,
"result":"Generic.DataStealer.1.1ACBA8F0",
"update":"20200115",
"version":"1.1.1.5"
},
"APEX":{
"detected":true,
"result":"Malicious",
"update":"20200113",
"version":"5.105"
},
"AVG":{
"detected":true,
"result":"Sf:Crypt-AQ [Trj]",
"update":"20200115",
"version":"18.4.3895.0"
},
"Acronis":{
"detected":true,
"result":"suspicious",
"update":"20200113",
"version":"1.1.1.58"
},
"Ad-Aware":{
"detected":true,
"result":"Generic.DataStealer.1.1ACBA8F0",
"update":"20200115",
"version":"3.0.5.370"
},
"AegisLab":{
"detected":true,
"result":"Trojan.Win32.Generic.mtwx",
"update":"20200115",
"version":"4.2"
},
"AhnLab-V3":{
"detected":true,
"result":"Trojan/Win32.Tepfer.R142848",
"update":"20200115",
"version":"3.17.0.26111"
},
"Alibaba":{
"detected":true,
"result":"TrojanPSW:Win32/Tepfer.89e78928",
"update":"20190527",
"version":"0.3.0.5"
},
"Antiy-AVL":{
"detected":true,
"result":"Trojan[PSW]/Win32.Tepfer",
"update":"20200115",
"version":"3.0.0.1"
},
"Arcabit":{
"detected":true,
"result":"Generic.DataStealer.1.1ACBA8F0",
"update":"20200115",
"version":"1.0.0.869"
},
"Avast":{
"detected":true,
"result":"Sf:Crypt-AQ [Trj]",
"update":"20200115",
"version":"18.4.3895.0"
},
"Avast-Mobile":{
"detected":false,
"result":null,
"update":"20200114",
"version":"200114-00"
},
"Avira":{
"detected":true,
"result":"TR/Kryptik.avp.8",
"update":"20200115",
"version":"8.3.3.8"
},
"Baidu":{
"detected":true,
"result":"Win32.Trojan-PSW.Fareit.a",
"update":"20190318",
"version":"1.0.0.2"
},
"BitDefender":{
"detected":true,
"result":"Generic.DataStealer.1.1ACBA8F0",
"update":"20200115",
"version":"7.2"
},
"BitDefenderTheta":{
"detected":true,
"result":"Gen:NN.ZexaF.34082.gqW@aiYxzmi",
"update":"20200113",
"version":"7.2.37796.0"
},
"Bkav":{
"detected":true,
"result":"W32.AIDetectVM.malware",
"update":"20200115",
"version":"1.3.0.9899"
},
"CAT-QuickHeal":{
"detected":true,
"result":"Trojanpws.Tepfer.20314",
"update":"20200115",
"version":"14.00"
},
"CMC":{
"detected":false,
"result":null,
"update":"20190321",
"version":"1.1.0.977"
},
"ClamAV":{
"detected":true,
"result":"Win.Trojan.Fareit-403",
"update":"20200115",
"version":"0.102.1.0"
},
"Comodo":{
"detected":true,
"result":"TrojWare.Win32.PWS.Fareit.GS@5t8zib",
"update":"20200115",
"version":"31966"
},
"CrowdStrike":{
"detected":true,
"result":"win/malicious_confidence_100% (W)",
"update":"20190702",
"version":"1.0"
},
"Cybereason":{
"detected":true,
"result":"malicious.64e975",
"update":"20190616",
"version":"1.2.449"
},
"Cylance":{
"detected":true,
"result":"Unsafe",
"update":"20200115",
"version":"2.3.1.101"
}
},
"sha1":"59ff77b7f922891fa5c66ed1a8bbb964cd336119",
"sha256":"d6c47eba7f3e3bb36ab273cb251d08efcd1c42181d85ad433f8a00a7bda0ecd6",
"total":72,
"verbose_msg":"Scan finished, information embedded"
}
second, I executed this statement
./avclass_labeler.py -vt data/1.vt.json -v > malheurReference.labels
but, I got a result
[-] Using aliases in /home/cuicui/下载/avclass-master/data/default.aliases
[-] Using generic tokens in /home/cuicui/下载/avclass-master/data/default.generics
[-] Processing input file data/1.vt.json
[-] 0 JSON readTraceback (most recent call last):
File "./avclass_labeler.py", line 457, in
main(args)
File "./avclass_labeler.py", line 117, in main
vt_rep = json.loads(line)
File "/usr/lib64/python2.7/json/init.py", line 338, in loads
return _default_decoder.decode(s)
File "/usr/lib64/python2.7/json/decoder.py", line 366, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib64/python2.7/json/decoder.py", line 382, in raw_decode
obj, end = self.scan_once(s, idx)
ValueError: Expecting object: line 1 column 2 (char 1)
Keyword normalization error?
It looks like there are some errors during the keyword normalization process. For instance, for the following samples (1, 2, 3, 4), I am expecting 8, 8, 9, 8 of "Zusy" keywords for each of them, but AVClass (with default configuration) only identified 2, 2, 3, 2 for them, and the third one is labeled as "valcaryx".
Description of some taxonomies
Hi,
Thank you for the great work!
I'm a bit unsure about some of the taxonomies, e.g., BEH:facebook, BEH:files, BEH:google, BEH:search, "FAM:1000years". Could you please tell me more about these term?
Or is there a way to systematically find the explanation for these terms?
I tried MISP taxonomy but didn't have a luck.
Thank you for your help in advance!
VT APIv3 Input
AVClass does not handle the new VT report formats. The old format was the following:
vt$ jq keys VT_reportv2.json
[
"ITW_urls",
"additional_info",
"authentihash",
"community_reputation",
"first_seen",
"harmless_votes",
"last_seen",
"malicious_votes",
"md5",
"permalink",
"positives",
"resource",
"response_code",
"scan_date",
"scan_id",
"scans", # <--- object with all the AV labels
"sha1",
"sha256",
"size",
"ssdeep",
"submission_names",
"tags",
"times_submitted",
"total",
"type",
"unique_sources",
"verbose_msg",
"vhash"
]
# old (v2) result keys
vt$ jq '.scans.K7GW|keys' VT_reportv2.json
[
"detected",
"result",
"update",
"version"
]new format is the following:
vt$ jq keys rVT_reportv3.json
[
"data"
]
vt$ jq '.data|keys' VT_reportv3.json
[
"attributes",
"id",
"links",
"type"
]
vt$ jq '.data.attributes|keys' VT_reportv3.json
[
"elf_info",
"exiftool",
"first_submission_date",
"last_analysis_date",
"last_analysis_results", # <--- object with all the AV labels
"last_analysis_stats",
"last_modification_date",
"last_submission_date",
"magic",
"md5",
"meaningful_name",
"names",
"reputation",
"sha1",
"sha256",
"size",
"ssdeep",
"tags",
"times_submitted",
"total_votes",
"trid",
"type_description",
"type_tag",
"unique_sources",
"vhash"
]
# result keys also changed in v3
vt$ jq '.data.attributes.last_analysis_results.K7GW|keys' VT_reportv3.json
[
"category",
"engine_name",
"engine_update",
"engine_version",
"method",
"result"
]Why 'Confidence' becomes a family name
Some AVLabels are like 'malicious confidence 100%', and the output family name turns out to be 'confidence', could you solve this problem?
PUP tag labeling bug
The function returns None instead of returning False, when there's no tag information. This causes the corresponding output line to not include the PUP label, instead of including 0.
Line 432 in a10aa4a
avclass2 contributions
I'm working on a fork, which I plan to make a PR, that will turn avclass2 into a python class that can be imported into other programs, while still allowing it to run from the command line as normal. I'd like to classify binaries not in bulk, but as I receive them, as part of my scripted analysis.
The question I have is that I started to add type validation, but realized that is not Python 2.7 compatible. Might even be 3.6+. Do you have a compatibility requirement for <3.6 with avclass2? Is this a PR that you would consider?
Avclass2 -p with -vt or -vtdir
Hi!
Trying to use the -p with either -vt or -vtdir and this is the output:
Traceback (most recent call last):
File "avclass2/avclass2_labeler.py", line 248, in main
tag_str = format_tag_pairs(tags, av_labels.taxonomy)
File "avclass2/avclass2_labeler.py", line 40, in format_tag_pairs
p = taxonomy.get_path(l[0][0]) if taxonomy else l[0][0]
TypeError: 'float' object cannot be interpreted as an integerHow can use custom vendor names to get result?
I saw that -av [file_name] existed in avclass2 but don't know how put custom AV vendor names into it.
VirusTotal V3 error
Hello, I'm running this command "./avclass2_labeler.py -lb ../examples/data.json -p -vt3 > output.txt" on data.json and i'm getting the following error:
This is my data.json file
{"data":{"attributes":{"type_description":"Android","tlsh":"T1088523DBF97B981EC8465C3625A35391BA034B85CA01F464980CE8483D79E711EAFDEF","vhash":"036e31b11b9b92846dfe876413a45fd0","trid":[{"file_type":"Android Package","probability":43.5},{"file_type":"Opera Widget","probability":15.8},{"file_type":"Java Archive","probability":15.2},{"file_type":"Sweet Home 3D design (generic)","probability":11.8},{"file_type":"Mozilla Archive Format (gen)","probability":7.9}],"names":["8664DA1EE934E88DAB6200DBF38C1B0579DC89593901B618C95194AC552E5EC0.apk","8664DA1EE934E88DAB6200DBF38C1B0579DC89593901B618C95194AC552E5EC0"],"last_modification_date":1627551090,"type_tag":"android","times_submitted":2,"total_votes":{"harmless":0,"malicious":0},"size":1741465,"popular_threat_classification":{"suggested_threat_label":"trojan.ramnit","popular_threat_category":[{"count":15,"value":"trojan"},{"count":10,"value":"dropper"},{"count":4,"value":"virus"}],"popular_threat_name":[{"count":9,"value":"ramnit"}]},"last_submission_date":1501996548,"last_analysis_results":{"Bkav":{"category":"undetected","engine_name":"Bkav","engine_version":"1.3.0.9899","result":null,"method":"blacklist","engine_update":"20210726"},"Lionic":{"category":"malicious","engine_name":"Lionic","engine_version":"4.2","result":"Trojan.AndroidOS.Agent.C!c","method":"blacklist","engine_update":"20210729"},"Elastic":{"category":"type-unsupported","engine_name":"Elastic","engine_version":"4.0.25","result":null,"method":"blacklist","engine_update":"20210710"},"MicroWorld-eScan":{"category":"undetected","engine_name":"MicroWorld-eScan","engine_version":"14.0.409.0","result":null,"method":"blacklist","engine_update":"20210729"},"FireEye":{"category":"malicious","engine_name":"FireEye","engine_version":"32.44.1.0","result":"Trojan.Dropper.VBS.Q","method":"blacklist","engine_update":"20210729"},"CAT-QuickHeal":{"category":"malicious","engine_name":"CAT-QuickHeal","engine_version":"14.00","result":"VBS.Dropper.A","method":"blacklist","engine_update":"20210728"},"ALYac":{"category":"undetected","engine_name":"ALYac","engine_version":"1.1.3.1","result":null,"method":"blacklist","engine_update":"20210729"},"Malwarebytes":{"category":"undetected","engine_name":"Malwarebytes","engine_version":"4.2.2.27","result":null,"method":"blacklist","engine_update":"20210729"},"VIPRE":{"category":"undetected","engine_name":"VIPRE","engine_version":"94346","result":null,"method":"blacklist","engine_update":"20210729"},"Sangfor":{"category":"malicious","engine_name":"Sangfor","engine_version":"2.9.0.0","result":"Trojan.Generic-VBS.Save.fdbb88f4","method":"blacklist","engine_update":"20210625"},"Trustlook":{"category":"malicious","engine_name":"Trustlook","engine_version":"1.0","result":"Android.Malware.General","method":"blacklist","engine_update":"20210729"},"Alibaba":{"category":"malicious","engine_name":"Alibaba","engine_version":"0.3.0.5","result":"TrojanDropper:VBS/Ramnit.6704e61f","method":"blacklist","engine_update":"20190527"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_version":"11.198.37837","result":"Trojan ( 004b921d1 )","method":"blacklist","engine_update":"20210729"},"K7AntiVirus":{"category":"undetected","engine_name":"K7AntiVirus","engine_version":"11.198.37840","result":null,"method":"blacklist","engine_update":"20210729"},"Arcabit":{"category":"undetected","engine_name":"Arcabit","engine_version":"1.0.0.886","result":null,"method":"blacklist","engine_update":"20210729"},"Baidu":{"category":"malicious","engine_name":"Baidu","engine_version":"1.0.0.2","result":"Multi.Threats.InArchive","method":"blacklist","engine_update":"20190318"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_version":"6.3.0.2","result":"VBS/Ramnit.B","method":"blacklist","engine_update":"20210729"},"SymantecMobileInsight":{"category":"malicious","engine_name":"SymantecMobileInsight","engine_version":"2.0","result":"AppRisk:Generisk","method":"blacklist","engine_update":"20210126"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_version":"1.15.0.0","result":"Trojan.Gen","method":"blacklist","engine_update":"20210729"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_version":"23704","result":"Win32/Ramnit.A","method":"blacklist","engine_update":"20210729"},"APEX":{"category":"type-unsupported","engine_name":"APEX","engine_version":"6.191","result":null,"method":"blacklist","engine_update":"20210728"},"TrendMicro-HouseCall":{"category":"undetected","engine_name":"TrendMicro-HouseCall","engine_version":"10.0.0.1040","result":null,"method":"blacklist","engine_update":"20210729"},"Avast":{"category":"malicious","engine_name":"Avast","engine_version":"21.1.5827.0","result":"JS:Dropper-AQ [Trj]","method":"blacklist","engine_update":"20210729"},"ClamAV":{"category":"malicious","engine_name":"ClamAV","engine_version":"0.103.3.0","result":"Win.Trojan.Agent-36393","method":"blacklist","engine_update":"20210728"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_version":"21.0.1.45","result":"Trojan-Dropper.VBS.Agent.bp","method":"blacklist","engine_update":"20210729"},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_version":"7.2","result":"Trojan.Dropper.VBS.Q","method":"blacklist","engine_update":"20210729"},"NANO-Antivirus":{"category":"malicious","engine_name":"NANO-Antivirus","engine_version":"1.0.146.25311","result":"Trojan.Html.Agent.dxibai","method":"blacklist","engine_update":"20210729"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_version":"5.6.0.1032","result":null,"method":"blacklist","engine_update":"20210724"},"Tencent":{"category":"malicious","engine_name":"Tencent","engine_version":"1.0.0.1","result":"Win32.Virus.Ramnit.Suxg","method":"blacklist","engine_update":"20210729"},"Ad-Aware":{"category":"undetected","engine_name":"Ad-Aware","engine_version":"3.0.21.179","result":null,"method":"blacklist","engine_update":"20210729"},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_version":"2021-07-29.02","result":null,"method":"blacklist","engine_update":"20210729"},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_version":"1.3.0.0","result":"VBS/Inor-AA","method":"blacklist","engine_update":"20210729"},"Comodo":{"category":"malicious","engine_name":"Comodo","engine_version":"33753","result":"Virus.VBS.Ramnit.c@4xfd1h","method":"blacklist","engine_update":"20210728"},"F-Secure":{"category":"undetected","engine_name":"F-Secure","engine_version":"12.0.86.52","result":null,"method":"blacklist","engine_update":"20210729"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_version":"7.0.49.9080","result":"VBS.Rmnet.2","method":"blacklist","engine_update":"20210729"},"Zillya":{"category":"undetected","engine_name":"Zillya","engine_version":"2.0.0.4416","result":null,"method":"blacklist","engine_update":"20210728"},"TrendMicro":{"category":"undetected","engine_name":"TrendMicro","engine_version":"11.0.0.1006","result":null,"method":"blacklist","engine_update":"20210729"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_version":"v2019.1.2+3728","result":"W32/Ramnit.a!htm.f","method":"blacklist","engine_update":"20210729"},"SentinelOne":{"category":"type-unsupported","engine_name":"SentinelOne","engine_version":"5.2.0.9","result":null,"method":"blacklist","engine_update":"20210703"},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_version":"3.5.0.1023","result":null,"method":"blacklist","engine_update":"20200727"},"CMC":{"category":"undetected","engine_name":"CMC","engine_version":"2.10.2019.1","result":null,"method":"blacklist","engine_update":"20210624"},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_version":"2018.12.0.1641","result":"Trojan.Dropper.VBS.Q (B)","method":"blacklist","engine_update":"20210729"},"Paloalto":{"category":"type-unsupported","engine_name":"Paloalto","engine_version":"1.0","result":null,"method":"blacklist","engine_update":"20210729"},"Avast-Mobile":{"category":"undetected","engine_name":"Avast-Mobile","engine_version":"210728-02","result":null,"method":"blacklist","engine_update":"20210728"},"Jiangmin":{"category":"malicious","engine_name":"Jiangmin","engine_version":"16.0.100","result":"Trojan/Script.Gen","method":"blacklist","engine_update":"20210728"},"Webroot":{"category":"type-unsupported","engine_name":"Webroot","engine_version":"1.0.0.403","result":null,"method":"blacklist","engine_update":"20210729"},"Avira":{"category":"malicious","engine_name":"Avira","engine_version":"8.3.3.12","result":"VBS/Drop.EB","method":"blacklist","engine_update":"20210729"},"eGambit":{"category":"type-unsupported","engine_name":"eGambit","engine_version":null,"result":null,"method":"blacklist","engine_update":"20210729"},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_version":"3.0.0.1","result":"Trojan/Generic.ASBOL.37D4","method":"blacklist","engine_update":"20210729"},"Kingsoft":{"category":"malicious","engine_name":"Kingsoft","engine_version":"2017.9.26.565","result":"Android.Troj.infecthtml.vk.(kcloud)","method":"blacklist","engine_update":"20210729"},"Gridinsoft":{"category":"undetected","engine_name":"Gridinsoft","engine_version":"1.0.49.142","result":null,"method":"blacklist","engine_update":"20210729"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_version":"1.1.18400.4","result":"Virus:VBS/Ramnit.gen!C","method":"blacklist","engine_update":"20210729"},"ViRobot":{"category":"malicious","engine_name":"ViRobot","engine_version":"2014.3.20.0","result":"VBS.Dropper.B","method":"blacklist","engine_update":"20210729"},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_version":"1.0","result":"HEUR:Trojan.Win32.Generic","method":"blacklist","engine_update":"20210729"},"GData":{"category":"malicious","engine_name":"GData","engine_version":"A:25.30424B:27.23892","result":"Trojan.Dropper.VBS.Q (3x)","method":"blacklist","engine_update":"20210729"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_version":"4.0.0.27","result":"Malicious (score: 99)","method":"blacklist","engine_update":"20210729"},"BitDefenderFalx":{"category":"undetected","engine_name":"BitDefenderFalx","engine_version":"2.0.936","result":null,"method":"blacklist","engine_update":"20210610"},"AhnLab-V3":{"category":"undetected","engine_name":"AhnLab-V3","engine_version":"3.20.4.10148","result":null,"method":"blacklist","engine_update":"20210729"},"Acronis":{"category":"type-unsupported","engine_name":"Acronis","engine_version":"1.1.1.82","result":null,"method":"blacklist","engine_update":"20210512"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_version":"6.0.6.653","result":"Artemis!C04C716E8B81","method":"blacklist","engine_update":"20210729"},"MAX":{"category":"malicious","engine_name":"MAX","engine_version":"2019.9.16.1","result":"malware (ai score=81)","method":"blacklist","engine_update":"20210729"},"VBA32":{"category":"undetected","engine_name":"VBA32","engine_version":"5.0.0","result":null,"method":"blacklist","engine_update":"20210728"},"Cylance":{"category":"type-unsupported","engine_name":"Cylance","engine_version":"2.3.1.101","result":null,"method":"blacklist","engine_update":"20210729"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_version":"0.0.0.0","result":null,"method":"blacklist","engine_update":"20210728"},"Rising":{"category":"malicious","engine_name":"Rising","engine_version":"25.0.0.26","result":"Script.VBS.Ramnit.a (CLASSIC)","method":"blacklist","engine_update":"20210729"},"Yandex":{"category":"malicious","engine_name":"Yandex","engine_version":"5.5.2.24","result":"VBS.Ramnit.T","method":"blacklist","engine_update":"20210729"},"Ikarus":{"category":"undetected","engine_name":"Ikarus","engine_version":"0.1.5.2","result":null,"method":"blacklist","engine_update":"20210728"},"MaxSecure":{"category":"undetected","engine_name":"MaxSecure","engine_version":"1.0.0.1","result":null,"method":"blacklist","engine_update":"20210729"},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_version":"6.2.142.0","result":"VBS/DropperAgent.BP!tr","method":"blacklist","engine_update":"20210729"},"BitDefenderTheta":{"category":"malicious","engine_name":"BitDefenderTheta","engine_version":"7.2.37796.0","result":"AI:FileInfector.C2A5779617","method":"blacklist","engine_update":"20210721"},"AVG":{"category":"malicious","engine_name":"AVG","engine_version":"21.1.5827.0","result":"JS:Dropper-AQ [Trj]","method":"blacklist","engine_update":"20210729"},"Cybereason":{"category":"type-unsupported","engine_name":"Cybereason","engine_version":"1.2.449","result":null,"method":"blacklist","engine_update":"20210330"},"Panda":{"category":"malicious","engine_name":"Panda","engine_version":"4.6.4.2","result":"W32/Cosmu.A","method":"blacklist","engine_update":"20210728"},"CrowdStrike":{"category":"type-unsupported","engine_name":"CrowdStrike","engine_version":"1.0","result":null,"method":"blacklist","engine_update":"20210203"},"Qihoo-360":{"category":"undetected","engine_name":"Qihoo-360","engine_version":"1.0.0.1300","result":null,"method":"blacklist","engine_update":"20210729"}},"sha256":"8664da1ee934e88dab6200dbf38c1b0579dc89593901b618c95194ac552e5ec0","type_extension":"apk","tags":["apk","android"],"last_analysis_date":1627543726,"unique_sources":2,"first_submission_date":1404450622,"sha1":"41dc248fd8284b22a348a320c37115c2cf295de5","ssdeep":"24576:DRJSKAocqSzX8Vexl83nyjLQ/V3ZE8q617V9fqw7Pg+HbNV4MSMR:dJSKbxwMq8iPQN+X639Sw1bNViMR","bundle_info":{"highest_datetime":"2014-03-21 16:21:48","lowest_datetime":"2014-03-21 16:21:28","num_children":194,"extensions":{"xml":2,"dex":1,"MF":1,"htm":1,"RSA":1,"jpg":3,"js":72,"gif":11,"png":44,"ttf":1,"SF":1,"css":8},"file_types":{"XML":2,"DEX":1,"unknown":86,"JavaScript":2,"JPG":2,"GIF":11,"HTML":45,"PNG":45},"type":"APK","uncompressed_size":4729547},"md5":"c04c716e8b81791d8f2a9975209748f2","androguard":{"Activities":["com.telerik.eChildStudy.TelerikCallbackActivity"],"AndroidVersionCode":"2","main_activity":"com.telerik.eChildStudy.TelerikCallbackActivity","certificate":{"Subject":{"DN":"C:United States, email:[email protected], CN:sudeep telang","C":"United States","email":"[email protected]","CN":"sudeep telang"},"validto":"2033-10-23 04:00:00","serialnumber":"54742cfd64f74511","thumbprint":"86ab61fbeb668ec592517f7ead163644cb75ca03","validfrom":"2014-03-21 14:01:59","Issuer":{"DN":"C:United States, email:[email protected], CN:sudeep telang","C":"United States","email":"[email protected]","CN":"sudeep telang"}},"VTAndroidInfo":1.41,"Package":"com.telerik.eChildStudy","intent_filters":{"Activities":{"com.telerik.eChildStudy.TelerikCallbackActivity":{"action":["android.intent.action.MAIN"],"category":["android.intent.category.LAUNCHER"]}}},"AndroidApplication":1,"StringsInformation":["https://git-wip-us.apache.org/repos/asf?p=incubator-cordova-android.git;a=blob;f=framework/res/xml/plugins.xml","http://cdv_exec/"],"permission_details":{"android.permission.ACCESS_FINE_LOCATION":{"short_description":"fine (GPS) location","full_description":"Access fine location sources, such as the Global Positioning System on the phone, where available. Malicious applications can use this to determine where you are and may consume additional battery power.","permission_type":"dangerous"},"android.permission.ACCOUNT_MANAGER":{"short_description":"act as the Account Manager Service","full_description":"Allows an application to make calls to Account Authenticators","permission_type":"signature"},"android.permission.READ_CONTACTS":{"short_description":"read contact data","full_description":"Allows an application to read all of the contact (address) data stored on your phone. Malicious applications can use this to send your data to other people.","permission_type":"dangerous"},"android.permission.VIBRATE":{"short_description":"control vibrator","full_description":"Allows the application to control the vibrator.","permission_type":"normal"},"android.permission.ACCESS_LOCATION_EXTRA_COMMANDS":{"short_description":"access extra location provider commands","full_description":"Access extra location provider commands. Malicious applications could use this to interfere with the operation of the GPS or other location sources.","permission_type":"normal"},"android.permission.CAMERA":{"short_description":"take pictures and videos","full_description":"Allows application to take pictures and videos with the camera. This allows the application to collect images that the camera is seeing at any time.","permission_type":"dangerous"},"android.permission.ACCESS_COARSE_LOCATION":{"short_description":"coarse (network-based) location","full_description":"Access coarse location sources, such as the mobile network database, to determine an approximate phone location, where available. Malicious applications can use this to determine approximately where you are.","permission_type":"dangerous"},"android.permission.BROADCAST_STICKY":{"short_description":"send sticky broadcast","full_description":"Allows an application to send sticky broadcasts, which remain after the broadcast ends. Malicious applications can make the phone slow or unstable by causing it to use too much memory.","permission_type":"normal"},"android.permission.RECEIVE_SMS":{"short_description":"receive SMS","full_description":"Allows application to receive and process SMS messages. Malicious applications may monitor your messages or delete them without showing them to you.","permission_type":"dangerous"},"android.permission.READ_PHONE_STATE":{"short_description":"read phone state and identity","full_description":"Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and so on.","permission_type":"dangerous"},"android.permission.ACCESS_NETWORK_STATE":{"short_description":"view network status","full_description":"Allows an application to view the status of all networks.","permission_type":"normal"},"android.permission.RECORD_AUDIO":{"short_description":"record audio","full_description":"Allows application to access the audio record path.","permission_type":"dangerous"},"android.permission.MODIFY_AUDIO_SETTINGS":{"short_description":"change your audio settings","full_description":"Allows application to modify global audio settings, such as volume and routing.","permission_type":"normal"},"android.permission.INTERNET":{"short_description":"full Internet access","full_description":"Allows an application to create network sockets.","permission_type":"dangerous"},"android.permission.MANAGE_ACCOUNTS":{"short_description":"manage the accounts list","full_description":"Allows an application to perform operations like adding and removing accounts and deleting their password.","permission_type":"dangerous"},"android.permission.WRITE_EXTERNAL_STORAGE":{"short_description":"modify/delete SD card contents","full_description":"Allows an application to write to the SD card.","permission_type":"dangerous"},"android.permission.RECORD_VIDEO":{"short_description":"Unknown permission from android reference","full_description":"Unknown permission from android reference","permission_type":"normal"},"android.permission.GET_ACCOUNTS":{"short_description":"discover known accounts","full_description":"Allows an application to access the list of accounts known by the phone.","permission_type":"normal"},"android.permission.WRITE_CONTACTS":{"short_description":"write contact data","full_description":"Allows an application to modify the contact (address) data stored on your phone. Malicious applications can use this to erase or modify your contact data.","permission_type":"dangerous"}},"AndroidApplicationError":false,"AndroidVersionName":"1.1","RiskIndicator":{"APK":{"DEX":1},"PERM":{"PRIVACY":10,"NORMAL":4,"DANGEROUS":1,"INTERNET":1,"SMS":1,"SIGNATURE":1,"GPS":3}},"MinSdkVersion":"8","AndroguardVersion":"3.0-dev","AndroidApplicationInfo":"APK"},"magic":"Zip archive data, at least v2.0 to extract","last_analysis_stats":{"harmless":0,"type-unsupported":11,"suspicious":0,"confirmed-timeout":0,"timeout":0,"failure":0,"malicious":40,"undetected":24},"meaningful_name":"8664DA1EE934E88DAB6200DBF38C1B0579DC89593901B618C95194AC552E5EC0.apk","reputation":0},"type":"file","id":"8664da1ee934e88dab6200dbf38c1b0579dc89593901b618c95194ac552e5ec0","links":{"self":"https://www.virustotal.com/api/v3/files/8664da1ee934e88dab6200dbf38c1b0579dc89593901b618c95194ac552e5ec0"}}}
Thank you in advance! I would really like to know how to fix this problem as I've tried also with VirusTotal V2 format and it didn't work..
Division-by-zero error on `output_stats` function (file `labeler.py`)
The output_stats function in line 482, file labeler.py, provokes a division-by-zero error when calculating stats from a JSON report with 0 malicious tags (variable num_maltagged):
frac = float(count) / float(num_maltagged) * 100
It can be simply fixed, for instance:
frac = 0
if num_maltagged > 0:
frac = float(count) / float(num_maltagged) * 100
VirusTotal v3 output incompatibility
Greetings.
While submitting a file containing multiple json's I received the following error:
$ python avclass2_labeler.py -vt data.jsonl -p -vt3 > out.txt [-] Using tagging rules in /home/user/avclass/avclass2/data/default.tagging [-] Using taxonomy in /home/user/avclass/avclass2/data/default.taxonomy [-] Using expansion tags in /home/user/avclass/avclass2/data/default.expansion [-] Processing input file chris.jsonl [-] 0 JSON readTraceback (most recent call last): File "avclass2_labeler.py", line 489, in <module> main(args) File "avclass2_labeler.py", line 149, in main sample_info = get_sample_info(vt_rep) File "/home/user/avclass/avclass2/lib/avclass2_common.py", line 454, in get_sample_info_vt_v3 scans = vt_rep['attributes']['last_analysis_results'] TypeError: list indices must be integers, not str
I used both Python 3.8.5 and 2.7.18, just in case. I suppose it has to do with the json data. They are all formatted like this and I can't really spot a difference from your sample v3 json:
{"data": [{"attributes": {"type_description": "Win32 EXE", "bytehero_info": "Trojan.Win32.Heur.Gen", "tlsh": "T16753027373B4FFB6DF71E478B4660897BE430510A6905B9B425C6B0AB4E09E42770D32", "vhash": "06402d0d7bz2!z", "trid": [{"file_type": "Win32 Executable (generic)", "probability": 52.9}, {"file_type": "Generic Win/DOS Executable", "probability": 23.5}, {"file_type": "DOS Executable Generic", "probability": 23.5}], "crowdsourced_yara_results": [{"rule_name": "win_alina_pos_auto", "description": "autogenerated rule brought to you by yara-signator", "author": "Felix Bilstein - yara-signator at cocacoding dot com", "ruleset_id": "0085158f09", "ruleset_name": "win.alina_pos_auto", "match_in_subfile": true, "source": "https://malpedia.caad.fkie.fraunhofer.de/"}], "creation_date": 558322502, "names": ["upx_W32_Alina_3_4_B_fsg.exe", "upx_W32_Alina_3_4_B_unpacked.exe"], "last_modification_date": 1619787163, "type_tag": "peexe", "times_submitted": 2, "total_votes": {"harmless": 0, "malicious": 0}, "size": 64409, "popular_threat_classification": {"suggested_threat_label": "trojan.mint/zard", "popular_threat_category": [["trojan", 19]], "popular_threat_name": [["mint", 5], ["zard", 5], ["poscardstealer", 3]]}, "authentihash": "75ee3fb1cb21a10ece4f9b5a9ce12a71c652eb41016d72394dfac58f5dd61373", "last_submission_date": 1619779790, "meaningful_name": "upx_W32_Alina_3_4_B_fsg.exe", "sandbox_verdicts": {"C2AE": {"category": "malicious", "confidence": 70, "sandbox_name": "C2AE", "malware_classification": ["STEALER"], "malware_names": ["AlinaStealer"]}}, "sha256": "bc3df8753583d38f479b6151a106b9acaecf83f209ca01774acbcd4132da1572", "type_extension": "exe", "tags": ["peexe", "fsg"], "last_analysis_date": 1619779790, "unique_sources": 2, "first_submission_date": 1605398863, "sha1": "932db98d066a47a02b4dba14e70fb2eca9d19195", "ssdeep": "1536:nIBrRlBvL2xS+j6gJiLi+zYVldHfucVpMMJao:nIBBvL2xSuNsLNcVldHTVDIo", "packers": {"PEiD": "FSG v2.0 -> bart/xt", "Cyren": "FSG"}, "md5": "22065d825f6445127e6e5aeaa2253521", "pe_info": {"timestamp": 558322502, "entry_point": 340, "machine_type": 332, "imphash": "87bed5a7cba00c7e1f4015f1bdae2183", "sections": [{"name": "", "chi2": -1.0, "virtual_address": 4096, "flags": "rw", "raw_size": 0, "entropy": 0.0, "virtual_size": 409600, "md5": "d41d8cd98f00b204e9800998ecf8427e"}, {"name": "", "chi2": 9074.31, "virtual_address": 413696, "flags": "rw", "raw_size": 63897, "entropy": 7.91, "virtual_size": 65536, "md5": "5b0f4e4301311891db2e4ed19dab1204"}], "import_list": [{"library_name": "KERNEL32.dll", "imported_functions": ["LoadLibraryA", "GetProcAddress"]}]}, "magic": "MS-DOS executable, PE for MS Windows (GUI) Intel 80386 32-bit", "last_analysis_stats": {"harmless": 0, "type-unsupported": 5, "suspicious": 0, "confirmed-timeout": 0, "timeout": 10, "failure": 0, "malicious": 46, "undetected": 14}, "last_analysis_results": {"Bkav": {"category": "malicious", "engine_name": "Bkav", "engine_version": "1.3.0.9899", "result": "W32.AIDetect.malware1", "method": "blacklist", "engine_update": "20210429"}, "Elastic": {"category": "malicious", "engine_name": "Elastic", "engine_version": "4.0.21", "result": "malicious (high confidence)", "method": "blacklist", "engine_update": "20210420"}, "MicroWorld-eScan": {"category": "malicious", "engine_name": "MicroWorld-eScan", "engine_version": "14.0.409.0", "result": "Gen:Heur.Mint.Zard.1", "method": "blacklist", "engine_update": "20210430"}, "FireEye": {"category": "malicious", "engine_name": "FireEye", "engine_version": "32.44.1.0", "result": "Generic.mg.22065d825f644512", "method": "blacklist", "engine_update": "20210430"}, "CAT-QuickHeal": {"category": "undetected", "engine_name": "CAT-QuickHeal", "engine_version": "14.00", "result": null, "method": "blacklist", "engine_update": "20210430"}, "McAfee": {"category": "timeout", "engine_name": "McAfee", "engine_version": "6.0.6.653", "result": null, "method": "blacklist", "engine_update": "20210430"}, "ALYac": {"category": "malicious", "engine_name": "ALYac", "engine_version": "1.1.3.1", "result": "Gen:Heur.Mint.Zard.1", "method": "blacklist", "engine_update": "20210430"}, "Malwarebytes": {"category": "malicious", "engine_name": "Malwarebytes", "engine_version": "4.2.2.27", "result": "RiskWare.Tool.CK", "method": "blacklist", "engine_update": "20210430"}, "Zillya": {"category": "malicious", "engine_name": "Zillya", "engine_version": "2.0.0.4354", "result": "Trojan.POSCardStealer.Win32.119", "method": "blacklist", "engine_update": "20210430"}, "SUPERAntiSpyware": {"category": "undetected", "engine_name": "SUPERAntiSpyware", "engine_version": "5.6.0.1032", "result": null, "method": "blacklist", "engine_update": "20210430"}, "Sangfor": {"category": "timeout", "engine_name": "Sangfor", "engine_version": "2.9.0.0", "result": null, "method": "blacklist", "engine_update": "20210416"}, "K7AntiVirus": {"category": "malicious", "engine_name": "K7AntiVirus", "engine_version": "11.180.37048", "result": "Trojan ( 00544ddf1 )", "method": "blacklist", "engine_update": "20210430"}, "Alibaba": {"category": "malicious", "engine_name": "Alibaba", "engine_version": "0.3.0.5", "result": "TrojanSpy:Win32/Alinaos.d24c2769", "method": "blacklist", "engine_update": "20190527"}, "K7GW": {"category": "malicious", "engine_name": "K7GW", "engine_version": "11.180.37048", "result": "Trojan ( 00544ddf1 )", "method": "blacklist", "engine_update": "20210430"}, "Cybereason": {"category": "malicious", "engine_name": "Cybereason", "engine_version": "1.2.449", "result": "malicious.25f644", "method": "blacklist", "engine_update": "20210330"}, "BitDefenderTheta": {"category": "malicious", "engine_name": "BitDefenderTheta", "engine_version": "7.2.37796.0", "result": "AI:Packer.F218F1801E", "method": "blacklist", "engine_update": "20210429"}, "Cyren": {"category": "malicious", "engine_name": "Cyren", "engine_version": "6.3.0.2", "result": "W32/Heuristic-162!Eldorado", "method": "blacklist", "engine_update": "20210430"}, "SymantecMobileInsight": {"category": "type-unsupported", "engine_name": "SymantecMobileInsight", "engine_version": "2.0", "result": null, "method": "blacklist", "engine_update": "20210126"}, "Symantec": {"category": "malicious", "engine_name": "Symantec", "engine_version": "1.14.0.0", "result": "Trojan.Gen.MBT", "method": "blacklist", "engine_update": "20210430"}, "ESET-NOD32": {"category": "malicious", "engine_name": "ESET-NOD32", "engine_version": "23218", "result": "a variant of Win32/Spy.POSCardStealer.D", "method": "blacklist", "engine_update": "20210430"}, "Baidu": {"category": "timeout", "engine_name": "Baidu", "engine_version": "1.0.0.2", "result": null, "method": "blacklist", "engine_update": "20190318"}, "APEX": {"category": "malicious", "engine_name": "APEX", "engine_version": "6.158", "result": "Malicious", "method": "blacklist", "engine_update": "20210428"}, "Paloalto": {"category": "malicious", "engine_name": "Paloalto", "engine_version": "1.0", "result": "generic.ml", "method": "blacklist", "engine_update": "20210430"}, "ClamAV": {"category": "malicious", "engine_name": "ClamAV", "engine_version": "0.103.2.0", "result": "Win.Trojan.Alina-4", "method": "blacklist", "engine_update": "20210429"}, "Kaspersky": {"category": "malicious", "engine_name": "Kaspersky", "engine_version": "21.0.1.45", "result": "UDS:Trojan.Win32.Generic", "method": "blacklist", "engine_update": "20210430"}, "BitDefender": {"category": "malicious", "engine_name": "BitDefender", "engine_version": "7.2", "result": "Gen:Heur.Mint.Zard.1", "method": "blacklist", "engine_update": "20210430"}, "NANO-Antivirus": {"category": "malicious", "engine_name": "NANO-Antivirus", "engine_version": "1.0.146.25279", "result": "Trojan.Win32.Banker1.ebnywb", "method": "blacklist", "engine_update": "20210430"}, "AegisLab": {"category": "undetected", "engine_name": "AegisLab", "engine_version": "4.2", "result": null, "method": "blacklist", "engine_update": "20210430"}, "Avast": {"category": "timeout", "engine_name": "Avast", "engine_version": "21.1.5827.0", "result": null, "method": "blacklist", "engine_update": "20210430"}, "Tencent": {"category": "malicious", "engine_name": "Tencent", "engine_version": "1.0.0.1", "result": "Win32.Trojan.Generic.Hmre", "method": "blacklist", "engine_update": "20210430"}, "Ad-Aware": {"category": "malicious", "engine_name": "Ad-Aware", "engine_version": "3.0.21.179", "result": "Gen:Heur.Mint.Zard.1", "method": "blacklist", "engine_update": "20210430"}, "Trustlook": {"category": "type-unsupported", "engine_name": "Trustlook", "engine_version": "1.0", "result": null, "method": "blacklist", "engine_update": "20210430"}, "Emsisoft": {"category": "timeout", "engine_name": "Emsisoft", "engine_version": "2018.12.0.1641", "result": null, "method": "blacklist", "engine_update": "20210430"}, "Comodo": {"category": "malicious", "engine_name": "Comodo", "engine_version": "33484", "result": "TrojWare.Win32.Patched.KSU@5t5qg6", "method": "blacklist", "engine_update": "20210429"}, "F-Secure": {"category": "malicious", "engine_name": "F-Secure", "engine_version": "12.0.86.52", "result": "Trojan.TR/Downloader.Gen", "method": "blacklist", "engine_update": "20210331"}, "DrWeb": {"category": "malicious", "engine_name": "DrWeb", "engine_version": "7.0.49.9080", "result": "Trojan.PWS.Banker1.8391", "method": "blacklist", "engine_update": "20210430"}, "VIPRE": {"category": "malicious", "engine_name": "VIPRE", "engine_version": "92204", "result": "Trojan.Win32.Generic!BT", "method": "blacklist", "engine_update": "20210430"}, "TrendMicro": {"category": "timeout", "engine_name": "TrendMicro", "engine_version": "11.0.0.1006", "result": null, "method": "blacklist", "engine_update": "20210330"}, "McAfee-GW-Edition": {"category": "malicious", "engine_name": "McAfee-GW-Edition", "engine_version": "v2019.1.2+3728", "result": "BehavesLike.Win32.Generic.kc", "method": "blacklist", "engine_update": "20210429"}, "Trapmine": {"category": "type-unsupported", "engine_name": "Trapmine", "engine_version": "3.5.0.1023", "result": null, "method": "blacklist", "engine_update": "20200727"}, "CMC": {"category": "undetected", "engine_name": "CMC", "engine_version": "2.10.2019.1", "result": null, "method": "blacklist", "engine_update": "20210327"}, "Sophos": {"category": "malicious", "engine_name": "Sophos", "engine_version": "1.0.2.0", "result": "ML/PE-A + Troj/Trackr-Gen", "method": "blacklist", "engine_update": "20210430"}, "SentinelOne": {"category": "malicious", "engine_name": "SentinelOne", "engine_version": "5.0.0.20", "result": "Static AI - Malicious PE", "method": "blacklist", "engine_update": "20210215"}, "Avast-Mobile": {"category": "type-unsupported", "engine_name": "Avast-Mobile", "engine_version": "210430-04", "result": null, "method": "blacklist", "engine_update": "20210430"}, "Jiangmin": {"category": "malicious", "engine_name": "Jiangmin", "engine_version": "16.0.100", "result": "Trojan/Generic.asqjf", "method": "blacklist", "engine_update": "20210429"}, "Webroot": {"category": "undetected", "engine_name": "Webroot", "engine_version": "1.0.0.403", "result": null, "method": "blacklist", "engine_update": "20210430"}, "Avira": {"category": "malicious", "engine_name": "Avira", "engine_version": "8.3.3.12", "result": "TR/Downloader.Gen", "method": "blacklist", "engine_update": "20210430"}, "MAX": {"category": "malicious", "engine_name": "MAX", "engine_version": "2019.9.16.1", "result": "malware (ai score=100)", "method": "blacklist", "engine_update": "20210430"}, "Antiy-AVL": {"category": "malicious", "engine_name": "Antiy-AVL", "engine_version": "3.0.0.1", "result": "Trojan/Win32.AGeneric", "method": "blacklist", "engine_update": "20210430"}, "Kingsoft": {"category": "undetected", "engine_name": "Kingsoft", "engine_version": "2017.9.26.565", "result": null, "method": "blacklist", "engine_update": "20210430"}, "Microsoft": {"category": "timeout", "engine_name": "Microsoft", "engine_version": "1.1.18100.5", "result": null, "method": "blacklist", "engine_update": "20210430"}, "Gridinsoft": {"category": "malicious", "engine_name": "Gridinsoft", "engine_version": "1.0.39.131", "result": "Malware.Win32.Pack.516!se", "method": "blacklist", "engine_update": "20210430"}, "Arcabit": {"category": "undetected", "engine_name": "Arcabit", "engine_version": "1.0.0.886", "result": null, "method": "blacklist", "engine_update": "20210430"}, "ViRobot": {"category": "undetected", "engine_name": "ViRobot", "engine_version": "2014.3.20.0", "result": null, "method": "blacklist", "engine_update": "20210430"}, "ZoneAlarm": {"category": "malicious", "engine_name": "ZoneAlarm", "engine_version": "1.0", "result": "HEUR:Trojan.Win32.Generic", "method": "blacklist", "engine_update": "20210430"}, "GData": {"category": "malicious", "engine_name": "GData", "engine_version": "A:25.29483B:27.22838", "result": "Gen:Heur.Mint.Zard.1", "method": "blacklist", "engine_update": "20210430"}, "Cynet": {"category": "malicious", "engine_name": "Cynet", "engine_version": "4.0.0.27", "result": "Malicious (score: 100)", "method": "blacklist", "engine_update": "20210430"}, "BitDefenderFalx": {"category": "type-unsupported", "engine_name": "BitDefenderFalx", "engine_version": "2.0.936", "result": null, "method": "blacklist", "engine_update": "20200916"}, "AhnLab-V3": {"category": "undetected", "engine_name": "AhnLab-V3", "engine_version": "3.20.0.10177", "result": null, "method": "blacklist", "engine_update": "20210430"}, "Acronis": {"category": "malicious", "engine_name": "Acronis", "engine_version": "1.1.1.81", "result": "suspicious", "method": "blacklist", "engine_update": "20210211"}, "VBA32": {"category": "malicious", "engine_name": "VBA32", "engine_version": "5.0.0", "result": "TrojanPSW.Banker", "method": "blacklist", "engine_update": "20210430"}, "TACHYON": {"category": "undetected", "engine_name": "TACHYON", "engine_version": "2021-04-30.02", "result": null, "method": "blacklist", "engine_update": "20210430"}, "Cylance": {"category": "timeout", "engine_name": "Cylance", "engine_version": "2.3.1.101", "result": null, "method": "blacklist", "engine_update": "20210430"}, "Zoner": {"category": "undetected", "engine_name": "Zoner", "engine_version": "0.0.0.0", "result": null, "method": "blacklist", "engine_update": "20210429"}, "TrendMicro-HouseCall": {"category": "malicious", "engine_name": "TrendMicro-HouseCall", "engine_version": "10.0.0.1040", "result": "Mal_Bits", "method": "blacklist", "engine_update": "20210430"}, "Rising": {"category": "malicious", "engine_name": "Rising", "engine_version": "25.0.0.26", "result": "Stealer.AlinaPOS!1.C5B3 (CLOUD)", "method": "blacklist", "engine_update": "20210430"}, "Yandex": {"category": "malicious", "engine_name": "Yandex", "engine_version": "5.5.2.24", "result": "Trojan.GenAsa!qXHBe5f1nPw", "method": "blacklist", "engine_update": "20210430"}, "Ikarus": {"category": "malicious", "engine_name": "Ikarus", "engine_version": "0.1.5.2", "result": "Trojan.Win32.Spy", "method": "blacklist", "engine_update": "20210430"}, "eGambit": {"category": "undetected", "engine_name": "eGambit", "engine_version": null, "result": null, "method": "blacklist", "engine_update": "20210430"}, "Fortinet": {"category": "malicious", "engine_name": "Fortinet", "engine_version": "6.2.142.0", "result": "W32/Spy.POSCARDSTEALER.D!tr", "method": "blacklist", "engine_update": "20210430"}, "MaxSecure": {"category": "timeout", "engine_name": "MaxSecure", "engine_version": "1.0.0.1", "result": null, "method": "blacklist", "engine_update": "20210430"}, "AVG": {"category": "timeout", "engine_name": "AVG", "engine_version": "21.1.5827.0", "result": null, "method": "blacklist", "engine_update": "20210430"}, "Panda": {"category": "undetected", "engine_name": "Panda", "engine_version": "4.6.4.2", "result": null, "method": "blacklist", "engine_update": "20210429"}, "CrowdStrike": {"category": "malicious", "engine_name": "CrowdStrike", "engine_version": "1.0", "result": "win/malicious_confidence_100% (W)", "method": "blacklist", "engine_update": "20210203"}, "Qihoo-360": {"category": "undetected", "engine_name": "Qihoo-360", "engine_version": "1.0.0.1120", "result": null, "method": "blacklist", "engine_update": "20210430"}}, "reputation": 0}, "type": "file", "id": "bc3df8753583d38f479b6151a106b9acaecf83f209ca01774acbcd4132da1572", "links": {"self": "https://www.virustotal.com/api/v3/files/bc3df8753583d38f479b6151a106b9acaecf83f209ca01774acbcd4132da1572"}}], "links": {"self": "https://www.virustotal.com/api/v3/search?query=bc3df8753583d38f479b6151a106b9acaecf83f209ca01774acbcd4132da1572"}}
Had to find a short one :D
Thanks in advance!
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.