1
2
3
4
5 import os
6 import json
7 import urllib
8 import urllib2
9
10 from lib.cuckoo.common.abstracts import Processing
11 from lib.cuckoo.common.exceptions import CuckooProcessingError
12 from lib.cuckoo.common.objects import File
13
14 VIRUSTOTAL_FILE_URL = "https://www.virustotal.com/vtapi/v2/file/report"
15 VIRUSTOTAL_URL_URL = "https://www.virustotal.com/vtapi/v2/url/report"
16
18 """Gets antivirus signatures from VirusTotal.com"""
19
21 """Runs VirusTotal processing
22 @return: full VirusTotal report.
23 """
24 self.key = "virustotal"
25 virustotal = []
26
27 key = self.options.get("key", None)
28 if not key:
29 raise CuckooProcessingError("VirusTotal API key not "
30 "configured, skip")
31
32 if self.task["category"] == "file":
33 if not os.path.exists(self.file_path):
34 raise CuckooProcessingError("File {0} not found, skipping it".format(self.file_path))
35
36 resource = File(self.file_path).get_md5()
37 url = VIRUSTOTAL_FILE_URL
38 elif self.task["category"] == "url":
39 resource = self.task["target"]
40 url = VIRUSTOTAL_URL_URL
41
42 data = urllib.urlencode({"resource": resource, "apikey": key})
43
44 try:
45 request = urllib2.Request(url, data)
46 response = urllib2.urlopen(request)
47 response_data = response.read()
48 except urllib2.URLError as e:
49 raise CuckooProcessingError("Unable to establish connection "
50 "to VirusTotal: {0}".format(e))
51 except urllib2.HTTPError as e:
52 raise CuckooProcessingError("Unable to perform HTTP request to "
53 "VirusTotal "
54 "(http code={0})".format(e.code))
55
56 try:
57 virustotal = json.loads(response_data)
58 except ValueError as e:
59 raise CuckooProcessingError("Unable to convert response to "
60 "JSON: {0}".format(e))
61
62 if "scans" in virustotal:
63 items = virustotal["scans"].items()
64 virustotal["scans"] = dict((engine.replace(".", "_"), signature)
65 for engine, signature in items)
66
67 return virustotal
68