MalwareDB 0.42

.gitattributes

@@ -0,0 +1,22 @@
+# Auto detect text files and perform LF normalization
+* text=auto
+
+# Custom for Visual Studio
+*.cs     diff=csharp
+*.sln    merge=union
+*.csproj merge=union
+*.vbproj merge=union
+*.fsproj merge=union
+*.dbproj merge=union
+
+# Standard to msysgit
+*.doc	 diff=astextplain
+*.DOC	 diff=astextplain
+*.docx diff=astextplain
+*.DOCX diff=astextplain
+*.dot  diff=astextplain
+*.DOT  diff=astextplain
+*.pdf  diff=astextplain
+*.PDF	 diff=astextplain
+*.rtf	 diff=astextplain
+*.RTF	 diff=astextplain

.gitignore

@@ -0,0 +1,215 @@
+#################
+## Eclipse
+#################
+
+*.pydevproject
+.project
+.metadata
+bin/
+tmp/
+*.tmp
+*.bak
+*.swp
+*~.nib
+local.properties
+.classpath
+.settings/
+.loadpath
+
+# External tool builders
+.externalToolBuilders/
+
+# Locally stored "Eclipse launch configurations"
+*.launch
+
+# CDT-specific
+.cproject
+
+# PDT-specific
+.buildpath
+
+
+#################
+## Visual Studio
+#################
+
+## Ignore Visual Studio temporary files, build results, and
+## files generated by popular Visual Studio add-ons.
+
+# User-specific files
+*.suo
+*.user
+*.sln.docstates
+
+# Build results
+
+[Dd]ebug/
+[Rr]elease/
+x64/
+build/
+[Bb]in/
+[Oo]bj/
+
+# MSTest test Results
+[Tt]est[Rr]esult*/
+[Bb]uild[Ll]og.*
+
+*_i.c
+*_p.c
+*.ilk
+*.meta
+*.obj
+*.pch
+*.pdb
+*.pgc
+*.pgd
+*.rsp
+*.sbr
+*.tlb
+*.tli
+*.tlh
+*.tmp
+*.tmp_proj
+*.log
+*.vspscc
+*.vssscc
+.builds
+*.pidb
+*.log
+*.scc
+
+# Visual C++ cache files
+ipch/
+*.aps
+*.ncb
+*.opensdf
+*.sdf
+*.cachefile
+
+# Visual Studio profiler
+*.psess
+*.vsp
+*.vspx
+
+# Guidance Automation Toolkit
+*.gpState
+
+# ReSharper is a .NET coding add-in
+_ReSharper*/
+*.[Rr]e[Ss]harper
+
+# TeamCity is a build add-in
+_TeamCity*
+
+# DotCover is a Code Coverage Tool
+*.dotCover
+
+# NCrunch
+*.ncrunch*
+.*crunch*.local.xml
+
+# Installshield output folder
+[Ee]xpress/
+
+# DocProject is a documentation generator add-in
+DocProject/buildhelp/
+DocProject/Help/*.HxT
+DocProject/Help/*.HxC
+DocProject/Help/*.hhc
+DocProject/Help/*.hhk
+DocProject/Help/*.hhp
+DocProject/Help/Html2
+DocProject/Help/html
+
+# Click-Once directory
+publish/
+
+# Publish Web Output
+*.Publish.xml
+*.pubxml
+
+# NuGet Packages Directory
+## TODO: If you have NuGet Package Restore enabled, uncomment the next line
+#packages/
+
+# Windows Azure Build Output
+csx
+*.build.csdef
+
+# Windows Store app package directory
+AppPackages/
+
+# Others
+sql/
+*.Cache
+ClientBin/
+[Ss]tyle[Cc]op.*
+~$*
+*~
+*.dbmdl
+*.[Pp]ublish.xml
+*.pfx
+*.publishsettings
+
+# RIA/Silverlight projects
+Generated_Code/
+
+# Backup & report files from converting an old project file to a newer
+# Visual Studio version. Backup files are not needed, because we have git ;-)
+_UpgradeReport_Files/
+Backup*/
+UpgradeLog*.XML
+UpgradeLog*.htm
+
+# SQL Server files
+App_Data/*.mdf
+App_Data/*.ldf
+
+#############
+## Windows detritus
+#############
+
+# Windows image file caches
+Thumbs.db
+ehthumbs.db
+
+# Folder config file
+Desktop.ini
+
+# Recycle Bin used on file shares
+$RECYCLE.BIN/
+
+# Mac crap
+.DS_Store
+
+
+#############
+## Python
+#############
+
+*.py[co]
+
+# Packages
+*.egg
+*.egg-info
+dist/
+build/
+eggs/
+parts/
+var/
+sdist/
+develop-eggs/
+.installed.cfg
+
+# Installer logs
+pip-log.txt
+
+# Unit test / coverage reports
+.coverage
+.tox
+
+#Translations
+*.mo
+
+#Mr Developer
+.mr.developer.cfg

Binaries/Trojan.Win32.Bechiro.BCD/VirusTotalIdentification.txt

@@ -1,13 +0,0 @@
-Antivirus  Result  Update  
-Antiy-AVL  Downloader/Win32.Morstar  20140114  
-Comodo  Application.Win32.Bechiro.BCD  20140114  
-ESET-NOD32  a variant of Win32/FirseriaInstaller.C  20140114  
-Ikarus  not-a-virus:Downloader.Win32.Morstar  20140114  
-Kaspersky  not-a-virus:Downloader.Win32.Morstar.o  20140114  
-Kingsoft  Win32.Troj.Generic.a.(kcloud)  20130829  
-Malwarebytes  PUP.Optional.BundleInstaller.A  20140114  
-Panda  Adware/MultiToolbar  20140114  
-Rising  PE:PUF.FirseriaInstaller@CV!1.9C54  20140114  
-Sophos  Solimba Installer  20140114  
-VBA32  Downloader.Morstar  20140114  
-VIPRE  DownloadMR (fs)  20140114  

PackFiles.sh

@@ -1,21 +0,0 @@
-#!/bin/bash
- 
-bold=`tput bold`
-normal=`tput sgr0`
-green_plus='\e[00;32m[+]\e[00m'
-
-if [ $# -ne 1 ] ; then
-        echo "No directory choosen."
-        echo "Using `pwd`"
-        current_dir=`pwd` 
-fi
-
-find $pwd -maxdepth 1 -type d | while read folder; do
-	mkdir -p "Compressed/$folder"
-	zip -r --password infected "Compressed/$folder/$folder.zip" "$folder" > /dev/null
-	sha256sum "Compressed/$folder/$folder.zip" > "Compressed/$folder/$folder.sha256"
-	md5sum "Compressed/$folder/$folder.zip" > "Compressed/$folder/$folder.md5"
-	echo "infected" > "Compressed/$folder/$folder.pass"
-	echo -e "$green_plus   $folder compressed. "
-	echo -e "$green_plus   Remember that you still need to create index.log :) "
-done

README.md

@@ -55,7 +55,7 @@ Each directory is composed of 5 files:
 The main index.csv is the DB which you will look in to find malwares indexed on your drive. We use the , charachter as the delimiter to our CSVs. 
 The structure is al follows:
 
-	uid,location,type,name,version,author,language,date,platform,architecture
+	uid,location,type,name,version,author,language,date
 
 - UID 	-	Determined base on the indexing process. Does not really have any purpose yet. 
 - Location 	The location on the drive of the malware you have searched for. This and the UID field are automatically built on run by Rebuild_CSV.sh.
@@ -65,8 +65,6 @@ The structure is al follows:
 - Author	-	... I'm not that into documentation...
 - Language -	VB/C/ASM/C++/Java or binaries (bin)
 - Date	-	See 'Author' section. 
-- Platform	-	Platform can be win32,win64,android,ios.
-- Architecture	-	Can be x86,x64,arm and so on. 
 
 
 ## Structure of index.log:
@@ -83,14 +81,12 @@ Bugs and Reports
 The repository holding all files is currently 
 	https://github.com/ytisf/theZoo
 
-Stuff which are in the making:
 Stuff which are in the making:
 - [X] Fix EULA for proper disclaimer.
 - [X] More precise searching and indexing including platform and more.
 - [ ] We have about 400 more malwares to map and add
-- [ ] Git update of platform and new malware. 
-- [X] Separate DB version from application version. 
-- [ ] Fix display of search.
+- [X] Git update of platform and new malware.
+- [X] Fix display of search.
 - [X] Enable support for platform and architecture in indexing.
 
 If you have any suggestions or malware that you have indexed as in the documentations please send it to us to yuvaln210 [at] your most popular mail server so we can add it for every one's enjoyment. 

Rebuild_CSV.sh

@@ -1,41 +0,0 @@
-#!/bin/bash
-
-bold=`tput bold`
-normal=`tput sgr0`
-green_plus='\e[00;32m[+]\e[00m'
-red_min='\e[01;31m[-]\e[00m'
-
-# This file rebuilds the index.csv file based on the local index.log file in each folder.
-
-# Backup previous 
-mv conf/index.csv conf/Index.Backup.csv
-
-# finds all index.log files:
-
-find `pwd` -name 'index.log' > /tmp/indexrebuild.tmp
-touch conf/index.csv
-i=1
-cat /tmp/indexrebuild.tmp | while read file ; do
-	let string="$i"
-	string="$string,`echo "$file"`,`cat "$file"`,"
-	echo -e "$green_plus $i was added successfully"
-	echo "$string" >> conf/index.csv
-	let i=i+1
-done
-
-linesofdb=`wc -l < conf/index.csv`
-
-if [ $linesofdb = 0 ]; then
-	echo ""
-	echo -e "$red_min   No index files were detected!"
-	echo ""
-	exit 0
-fi
-if [ $linesofdb > 0 ]; then
-	echo ""
-	echo -e "$green_plus   Rebuilt index with $linesofdb malwares. Be safe."
-	echo "       Go and have some fun :)"
-	echo ""
-	exit 1
-fi
-

Source/Original/nBot 0.32 - May 2008/nBot 0.32 - May 2008.md5

@@ -1 +0,0 @@
-026548cd05f37fc70c901fe767be3e3f  Compressed/./NBot - July 2008/./NBot - July 2008.zip

Source/Original/nBot 0.32 - May 2008/nBot 0.32 - May 2008.sha256

@@ -1 +0,0 @@
-f1375f24795bd1dd76d002fef32f85685d21d113165eff6db86f01126235ce95  Compressed/./NBot - July 2008/./NBot - July 2008.zip

conf/index.csv

@@ -1,31 +1,35 @@
-1,Source/Original/Dokan - Dec 2008/index.log,__,Dokan,unknown,unknown,c,12/2008,x86,win32
-2,Source/Original/NBot - July 2008/index.log,botnet,NBot,unknown,unknown,cpp,07/2008,x86,win32
-3,Source/Original/ShadowBot v3 - March 2007/index.log,botnet,ShadowBot,3,unknown,cpp,03/2007,x86,win32
-4,Source/Original/rBot 0.3.3 - May 2004/index.log,botnet,rBot,0.3.3,unknown,cpp,05/2004,x86,win32
-5,Source/Original/ZeuS 2.0.8.9 - Feb 2013/index.log,botnet,ZeuS,2.0.8.9,unknown,c,02/2013,x86,win32
-6,Source/Original/X0R-USB - Virus Version - Jan 2009/index.log,virus,X0R-USB-Virus,unknown,unknown,c,01/2009,x86,win32
-7,Source/Original/LoexBot1.3 - Sep 2008/index.log,botnet,LoexBot,1.3,unknown,cpp,09/2008,x86,win32
-8,Source/Original/ZunkerBot 1.4.5 - Sep 2007/index.log,botnet,ZunkerBot,1.4.5,unknown,php,09/2007,x86,win32
-9,Source/Original/DopeBot v0.22 UnCrippled- Feb 2007/index.log,botnet,DopeBot-UnCrippled,0.22,unknown,cpp,02/2007,x86,win32
-10,Source/Original/vbBot - Jan 2007/index.log,botnet,vbBot,unknown,unknown,vb,01/2007,x86,win32
-11,Source/Original/xTBot 0.0.2 - 2 Feb 2002/index.log,botnet,xTBot,0.0.2,unknown,cpp,02/2002,x86,win32
-12,Source/Original/VBS.Win32.Vabian - Unknown/index.log,VBS-Worm,VBS.Win32.Vabian,unknown,unknown,vb,unknown,x86,win32
-13,Source/Original/DopeBot v0.22 Crippled- Feb 2007/index.log,botnet,DopeBot-Crippled,0.22,unknown,cpp,02/2007,x86,win32
-14,Source/Original/Win32.MiniPig - Nov 2006/index.log,Worm,Win32.MiniPig,unknown,unknown,c,11/2006,x86,win32
-15,Source/Original/HellBot v3.0 - 10 June 2005/index.log,botnet,Hellbot,3.0,unknown,cpp,06/2005,x86,win32
-16,Source/Original/Win32.ogw0rm - Nov 2008/index.log,Worm,Win32.ogwOrm,unknown,unknown,cpp,11/2008,x86,win32
-17,Source/Original/DopeBot.B - Dec 2004/index.log,botnet,DopeBot.B,unknown,unknown,cpp,12/2004,x86,win32
-18,Source/Original/LiquidBot - May 2005/index.log,botnet,LiquidBot,unknown,unknown,cpp,05/2005,x86,win32
-19,Source/Original/SpazBot 2.12 - June 2007/index.log,botnet,SpazBot,2.12,unknown,vb,06/2007,x86,win32
-20,Source/Original/DBot v3.1 - March 2007/index.log,botnet,DBot,3.1,unknown,c,03/2007,x86,win32
-21,Source/Original/CyberBot v2.2 - October 2006/index.log,botnet,CyberBot,2.2,unknown,cpp,10/2006,x86,win32
-22,Source/Original/DopeBot.A - Dec 2004/index.log,botnet,DopeBot.A,unknown,unknown,cpp,12/2004,x86,win32
-23,Source/Original/MyDoom.A - Jan 2004/index.log,__,MyDoom.A,unknown,unknown,c,01/2004,x86,win32
-24,Source/Original/ShadowBot - Sep 2008/index.log,botnet,ShadowBot,unknown,unknown,cpp,09/2008,x86,win32
-25,Binaries/CryptoLocker Ransomware 20th Nov 2013/index.log,ransomeware,CryptoLocker,Unknown,Unknown,bin,20/12/2013,x86,win32
-26,Binaries/CryptoLocker Ransomware 10th Sep 2013/index.log,ransomeware,CryptoLocker,Unknown,Unknown,bin,10/12/2013,x86,win32
-27,Binaries/IllusionBot - May 2007/index.log,botnet,Illusion Bot,Unknown,Unknown,bin,00/05/2007,x86,win32
-28,Source/Original/nBot 0.32 - May 2008/index.log,botnet,nBot,0.32,Unknown,c,00/05/2008,x86,win32
-29,Binaries/Trojan.Dropper.Gen/index.log,trojan,Dropper,Unknown,Unknown,bin,00/01/2014,x86,win32
-30,Binaries/Trojan.NSIS.Win32/index.log,trojan,NSIS,Unknown,Unknown,bin,00/01/2014,x86,win32
-31,Binaries/Trojan.Win32.Bechiro.BCD/index.log,trojan,Bechiro,BCD,Unknown,bin,00/01/2014,x86,win32
+1,Source/Original/Dokan_Dec2008/Dokan_Dec2008,botnet,Dokan,unknown,unknown,c,00/12/2008,x86,win32
+3,Source/Original/ShadowBotv3_March2007/ShadowBotv3_March2007,botnet,ShadowBot,3,unknown,cpp,03/2007,x86,win32
+4,Source/Original/rBot0.3.3_May2004/rBot0.3.3_May2004,botnet,rBot,0.3.3,unknown,cpp,00/05/2004,x86,win32
+5,Source/Original/ZeuS2.0.8.9_Feb2013/ZeuS2.0.8.9_Feb2013,botnet,ZeuS,2.0.8.9,unknown,c,02/2013,x86,win32
+6,Source/Original/X0R-USB_Jan2009/X0R-USB_Jan2009,virus,X0R-USB-Virus,unknown,unknown,c,00/01/2009,x86,win32
+7,Source/Original/LoexBot1.3_Sep2008/LoexBot1.3_Sep2008,botnet,LoexBot,1.3,unknown,cpp,00/09/2008,x86,win32
+8,Source/Original/ZunkerBot1.4.5_Sep2007/ZunkerBot1.4.5_Sep2007,botnet,ZunkerBot,1.4.5,unknown,php,09/2007,x86,win32
+9,Source/Original/DopeBotv0.22_UnCrippled_Feb2007/DopeBotv0.22_UnCrippled_Feb2007,botnet,DopeBot-UnCrippled,0.22,unknown,cpp,00/02/2007,x86,win32
+10,Source/Original/vbBot_Jan2007/vbBot_Jan2007,botnet,vbBot,unknown,unknown,vb,01/2007,x86,win32
+11,Source/Original/xTBot0.0.2_2Feb2002/xTBot0.0.2_2Feb2002,botnet,xTBot,0.0.2,unknown,cpp,02/2002,x86,win32
+12,Source/Original/VBS.Win32.Vabian/VBS.Win32.Vabian,VBS-Worm,VBS.Win32.Vabian,botnet,unknown,vb,unknown,x86,win32
+13,Source/Original/DopeBotv0.22_CrippledFeb2007/DopeBotv0.22_CrippledFeb2007,botnet,DopeBot-Crippled,0.22,unknown,cpp,00/02/2007,x86,win32
+14,Source/Original/Win32.MiniPig_Nov2006/Win32.MiniPig_Nov2006,Worm,Win32.MiniPig,virus,unknown,c,00/11/2006,x86,win32
+15,Source/Original/HellBotv3.0_10June2005/HellBotv3.0_10June2005,botnet,Hellbot,3.0,unknown,cpp,00/06/2005,x86,win32
+16,Source/Original/Win32.ogw0rm_Nov2008/Win32.ogw0rm_Nov2008,Worm,Win32.ogwOrm,unknown,unknown,cpp,00/11/2008,x86,win32
+17,Source/Original/DopeBot.B_Dec2004/DopeBot.B_Dec2004,botnet,DopeBot.B,unknown,unknown,cpp,00/12/2004,x86,win32
+18,Source/Original/LiquidBot_May2005/LiquidBot_May2005,botnet,LiquidBot,unknown,unknown,cpp,00/05/2005,x86,win32
+19,Source/Original/SpazBot2.12_June2007/SpazBot2.12_June2007,botnet,SpazBot,2.12,unknown,vb,00/06/2007,x86,win32
+20,Source/Original/DBotv3.1_March2007/DBotv3.1_March2007,botnet,DBot,3.1,unknown,c,00/03/2007,x86,win32
+21,Source/Original/CyberBotv2.2_October2006/CyberBotv2.2_October2006,botnet,CyberBot,2.2,unknown,cpp,00/10/2006,x86,win32
+22,Source/Original/DopeBot.A_Dec2004/DopeBot.A_Dec2004,botnet,DopeBot.A,unknown,unknown,cpp,00/12/2004,x86,win32
+23,Source/Original/MyDoom.A_Jan2004/MyDoom.A_Jan2004,virus,MyDoom.A,unknown,unknown,c,00/01/2004,x86,win32
+24,Source/Original/ShadowBot_Sep2008/ShadowBot_Sep2008,botnet,ShadowBot,unknown,unknown,cpp,00/09/2008,x86,win32
+25,Binaries/CryptoLocker20Nov2013/CryptoLocker20Nov2013,ransomeware,CryptoLocker,Unknown,Unknown,bin,20/12/2013,x86,win32
+26,Binaries/CryptoLocker_10Sep2013/CryptoLocker_10Sep2013,ransomeware,CryptoLocker,Unknown,Unknown,bin,10/12/2013,x86,win32
+27,Binaries/IllusionBot_May2007/IllusionBot_May2007,botnet,Illusion Bot,Unknown,Unknown,bin,00/05/2007,x86,win32
+28,Source/Original/NBot_July2008/NBot_July2008,botnet,nBot,0.32,Unknown,c,00/05/2008,x86,win32
+29,Binaries/Trojan.Dropper.Gen/Trojan.Dropper.Gen,trojan,Dropper,Unknown,Unknown,bin,00/01/2014,x86,win32
+30,Binaries/Trojan.NSIS.Win32/Trojan.NSIS.Win32,trojan,NSIS,Unknown,Unknown,bin,00/01/2014,x86,win32
+31,Binaries/Trojan.Win32.Bechiro.BCD/Trojan.Win32.Bechiro.BCD,trojan,Bechiro,BCD,Unknown,bin,00/01/2014,x86,win32
+32,Binaries/AndroRat_6Dec2013/AndroRat_6Dec2013,botnet,AndroRat,Dec2013,Unknown,java,06/12/2013,x86,win32
+33,Binaries/CryptoLocker_22Jan2014/CryptoLocker_22Jan2014,ransomeware,CryptoLocker,Jan2014,Unknown,bin,22/01/2014,x86,win32
+34,Binaries/njRAT-v0.6.4/njRAT-v0.6.4,botnet,njRAT,0.6.4,Unknown,bin,00/09/2013,x86,win32
+35,Binaries/ZeusBankingVersion_26Nov2013/ZeusBankingVersion_26Nov2013,botnet,Zeus - zBot,Nov2013,Unknown,bin,23/11/2013,x86,win32
+36,Source/Original/NullBot_Dec2006/NullBot_Dec2006,botnet,NullBot,Dec2006,Unknown,cpp,00/12/2006,x86,win32

imports/__init__.py

@@ -0,0 +1 @@
+__author__ = 'tisf'

imports/eula_handler.py

@@ -0,0 +1,60 @@
+#!/usr/bin/env python
+
+    #Malware DB - the most awesome free malware database on the air
+    #Copyright (C) 2014, Yuval Nativ, Lahad Ludar, 5Fingers
+
+    #This program is free software: you can redistribute it and/or modify
+    #it under the terms of the GNU General Public License as published by
+    #the Free Software Foundation, either version 3 of the License, or
+    #(at your option) any later version.
+
+    #This program is distributed in the hope that it will be useful,
+    #but WITHOUT ANY WARRANTY; without even the implied warranty of
+    #MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    #GNU General Public License for more details.
+
+    #You should have received a copy of the GNU General Public License
+    #along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import sys
+from imports import globals
+
+
+class EULA:
+
+    def __init__(self, langs = None, oneRun=True):
+        #self.oneRun = oneRun
+        self.check_eula_file()
+        #self.prompt_eula()
+
+    def check_eula_file(self):
+        try:
+            with open(globals.vars.eula_file):
+                return 1
+        except IOError:
+            return 0
+
+    def prompt_eula(self):
+        globals.init()
+        #os.system('clear')
+        print globals.bcolors.RED
+        print '_____________________________________________________________________________'
+        print '|                 ATTENTION!!! ATTENTION!!! ATTENTION!!!                    |'
+        print '|                       ' + globals.vars.appname + ' v' + globals.vars.version + '                               |'
+        print '|___________________________________________________________________________|'
+        print '|This program contain live and dangerous malware files                      |'
+        print '|This program is intended to be used only for malware analysis and research |'
+        print '|and by agreeing the EULA you agree to only use it for legal purposes and   |'
+        print '|studying malware.                                                          |'
+        print '|You understand that these file are dangerous and should only be run on VMs |'
+        print '|you can control and know how to handle. Running them on a live system will |'
+        print '|infect you machines will live and dangerous malwares!.                     |'
+        print '|___________________________________________________________________________|'
+        print globals.bcolors.WHITE
+        eula_answer = raw_input('Type YES in captial letters to accept this EULA.\n >')
+        if eula_answer == 'YES':
+            new = open(globals.vars.eula_file, 'a')
+            new.write(eula_answer)
+        else:
+            print 'You need to accept the EULA.\nExiting the program.'
+            sys.exit(1)

imports/globals.py

@@ -0,0 +1,95 @@
+#!/usr/bin/env python
+
+    #Malware DB - the most awesome free malware database on the air
+    #Copyright (C) 2014, Yuval Nativ, Lahad Ludar, 5Fingers
+
+    #This program is free software: you can redistribute it and/or modify
+    #it under the terms of the GNU General Public License as published by
+    #the Free Software Foundation, either version 3 of the License, or
+    #(at your option) any later version.
+
+    #This program is distributed in the hope that it will be useful,
+    #but WITHOUT ANY WARRANTY; without even the implied warranty of
+    #MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    #GNU General Public License for more details.
+
+    #You should have received a copy of the GNU General Public License
+    #along with this program.  If not, see <http://www.gnu.org/licenses/>.
+import sys
+
+class init:
+    def init(self):
+        # Global Variables
+        version = "0.4.2 Arthur"
+        appname = "Malware DB"
+        authors = "Yuval Nativ, Lahad Ludar, 5fingers"
+        licensev = "GPL v3.0"
+        fulllicense = appname + " Copyright (C) 2014 " + authors + "\n"
+        fulllicense += "This program comes with ABSOLUTELY NO WARRANTY; for details type '" + sys.argv[0] +" -w'.\n"
+        fulllicense += "This is free software, and you are welcome to redistribute it."
+
+        useage = '\nUsage: ' + sys.argv[0] +  ' -s search_query -t trojan -p vb\n\n'
+        useage += 'The search engine can search by regular search or using specified arguments:\n\nOPTIONS:\n   -h  --help\t\tShow this message\n   -t  --type\t\tMalware type, can be virus/trojan/botnet/spyware/ransomeware.\n   -p  --language\tProgramming language, can be c/cpp/vb/asm/bin/java.\n   -u  --update\t\tUpdate malware index. Rebuilds main CSV file. \n   -s  --search\t\tSearch query for name or anything. \n   -v  --version\tPrint the version information.\n   -w\t\t\tPrint GNU license.\n'
+
+        column_for_pl = 6
+        column_for_type = 2
+        column_for_location = 1
+        colomn_for_time = 7
+        column_for_version = 4
+        column_for_name = 3
+        column_for_uid = 0
+        column_for_arch = 8
+        column_for_plat = 9
+        conf_folder = 'conf'
+        eula_file = conf_folder + '/eula_run.conf'
+        maldb_ver_file = conf_folder + '/db.ver'
+        main_csv_file = conf_folder + '/index.csv'
+        giturl = 'https://raw.github.com/ytisf/theZoo/master/'
+        addrs = ['reverce_tcp/', 'crazy_mal/', 'mal/', 'show malwares']
+
+class bcolors:
+    PURPLE = '\033[95m'
+    BLUE = '\033[94m'
+    GREEN = '\033[92m'
+    YELLOW = '\033[93m'
+    RED = '\033[91m'
+    WHITE = '\033[0m'
+
+class vars:
+    version = "0.4.2 Arthur"
+    appname = "Malware DB"
+    authors = "Yuval Nativ, Lahad Ludar, 5fingers"
+    licensev = "GPL v3.0"
+    fulllicense = appname + " Copyright (C) 2014 " + authors + "\n"
+    fulllicense += "This program comes with ABSOLUTELY NO WARRANTY; for details type '" + sys.argv[0] +" -w'.\n"
+    fulllicense += "This is free software, and you are welcome to redistribute it."
+
+    useage = '\nUsage: ' + sys.argv[0] +  ' -s search_query -t trojan -p vb\n\n'
+    useage += 'The search engine can search by regular search or using specified arguments:\n\nOPTIONS:\n   -h  --help\t\tShow this message\n   -t  --type\t\tMalware type, can be virus/trojan/botnet/spyware/ransomeware.\n   -p  --language\tProgramming language, can be c/cpp/vb/asm/bin/java.\n   -u  --update\t\tUpdate malware index. Rebuilds main CSV file. \n   -s  --search\t\tSearch query for name or anything. \n   -v  --version\tPrint the version information.\n   -w\t\t\tPrint GNU license.\n'
+
+    column_for_pl = 6
+    column_for_type = 2
+    column_for_location = 1
+    colomn_for_time = 7
+    column_for_version = 4
+    column_for_name = 3
+    column_for_uid = 0
+    column_for_arch = 8
+    column_for_plat = 9
+
+    conf_folder = 'conf'
+    eula_file = conf_folder + '/eula_run.conf'
+    maldb_ver_file = conf_folder + '/db.ver'
+    main_csv_file = conf_folder + '/index.csv'
+    giturl = 'https://raw.github.com/ytisf/theZoo/master/'
+
+    maldb_banner = "    	    __  ___      __                               ____  ____\n"
+    maldb_banner += "      	   /  |/  /___ _/ /      ______ _________        / __ \/ __ )\n"
+    maldb_banner += "    	  / /|_/ / __ `/ / | /| / / __ `/ ___/ _ \______/ / / / __ |\n"
+    maldb_banner += "    	 / /  / / /_/ / /| |/ |/ / /_/ / /  /  __/_____/ /_/ / /_/ /\n"
+    maldb_banner += "    	/_/  /_/\__,_/_/ |__/|__/\__,_/_/   \___/     /_____/_____/\n"
+    maldb_banner += "                                version: " + version + "\n"
+    maldb_banner += "                                built by: " + authors + "\n\n"
+
+    addrs = ['reverce_tcp/', 'crazy_mal/', 'mal/', 'show malwares']
+    addrs = ['list', 'search', 'get', 'exit']

imports/manysearches.py

@@ -0,0 +1,31 @@
+from imports import globals
+
+
+class MuchSearch(object):
+    def __init__(self):
+        self.array = []
+
+    def sort(self, array, column, value):
+        i=0
+        m=[]
+        for each in array:
+            if array[i][column] == value:
+                m.append(each)
+            i = i + 1
+        return m
+
+    def PrintPayloads(self, m):
+        print "\nPayloads Found:"
+        array = m
+        i = 0
+        print "ID\tType\t\tLang\tArch\tPlat\tName"
+        print '---\t-----\t\t-----\t----\t-----\t----------------'
+        for element in array:
+            answer = array[i][globals.vars.column_for_uid]
+            answer += '\t%s' % ('{0: <12}'.format(array[i][globals.vars.column_for_type]))
+            answer += '\t%s' % ('{0: <12}'.format(array[i][globals.vars.column_for_pl]))
+            answer += array[i][globals.vars.column_for_arch] + '\t'
+            answer += array[i][globals.vars.column_for_plat] + '\t'
+            answer += '\t%s' % ('{0: <12}'.format(array[i][globals.vars.column_for_name]))
+            print answer
+            i=i+1

imports/muchmuchstrings.py

@@ -0,0 +1,42 @@
+#!/usr/bin/env python
+
+    #Malware DB - the most awesome free malware database on the air
+    #Copyright (C) 2014, Yuval Nativ, Lahad Ludar, 5Fingers
+
+    #This program is free software: you can redistribute it and/or modify
+    #it under the terms of the GNU General Public License as published by
+    #the Free Software Foundation, either version 3 of the License, or
+    #(at your option) any later version.
+
+    #This program is distributed in the hope that it will be useful,
+    #but WITHOUT ANY WARRANTY; without even the implied warranty of
+    #MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    #GNU General Public License for more details.
+
+    #You should have received a copy of the GNU General Public License
+    #along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+from imports import globals
+
+
+class banners:
+
+    def print_license(self):
+        print ""
+        print globals.vars.fulllicense
+        print ""
+
+    def versionbanner(self):
+        print ""
+        print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
+        print "\t\t    " + globals.vars.appname + ' v' + globals.vars.version
+        print "Built by:\t\t" + globals.vars.authors
+        print "Is licensed under:\t" + globals.vars.licensev
+        print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
+        print globals.vars.fulllicense
+        print globals.vars.useage
+
+    def print_available_payloads(self, array):
+        answer = array[globals.vars.column_for_uid] + "\t" + array[globals.vars.column_for_name]+ "\t" + array[globals.vars.column_for_version] + "\t\t"
+        answer += array[globals.vars.column_for_location] + "\t\t" + array[globals.vars.colomn_for_time]
+        print answer

imports/terminal_handler.py

@@ -0,0 +1,162 @@
+import csv
+import sys
+import re
+
+import globals
+from imports import manysearches
+from imports.updatehandler import Updater
+
+
+class Controller:
+    def __init__(self):
+        self.modules = None
+        self.currentmodule = ''
+        self.commands = [   ("search", "searching for malwares using given parameter with 'set'."),
+                            ("list all", "lists all available modules"),
+                            ("set", "sets options for the search"),
+                            ("get", "downloads the malware"),
+                            ("update-db", "updates the databse"),
+                            ("back", "removes currently chosen malware"),
+                            ("help", "displays this help..."),
+                            ("exit", "exits...")]
+
+        self.searchmeth = [ ("arch","which architecture etc; x86, x64, arm7 so on..."),
+                            ("plat","platform: win32, win64, mac, android so on..."),
+                            ("lang","c, cpp, vbs, bin so on..."),
+                            ("","")]
+
+        self.modules = self.GetPayloads()
+
+        print 'im at init'
+        self.plat = ''
+        self.arch = ''
+        self.lang = ''
+        self.type = ''
+
+
+    def GetPayloads(self):
+        m = []
+        csvReader = csv.reader(open(globals.vars.main_csv_file, 'rb'), delimiter=',')
+        for row in csvReader:
+            m.append(row)
+        return m
+
+    def MainMenu(self):
+        if len(self.currentmodule) > 0:
+            g = int(self.currentmodule) - 1
+            just_print = self.modules[int(g)][int(globals.vars.column_for_name)]
+            cmd = raw_input(
+                globals.bcolors.GREEN + 'mdb ' + globals.bcolors.RED + str(just_print) + globals.bcolors.GREEN + '#> ' + globals.bcolors.WHITE).strip()
+        else:
+            cmd = raw_input(globals.bcolors.GREEN + 'mdb ' + globals.bcolors.GREEN + '#> ' + globals.bcolors.WHITE).strip()
+
+        try:
+            while cmd == "":
+                #print 'no cmd'
+                self.MainMenu()
+
+            if cmd == 'help':
+                print " Available commands:\n"
+                for (cmd, desc) in self.commands:
+                    print "\t%s\t%s" % ('{0: <12}'.format(cmd), desc)
+                print ''
+                self.MainMenu()
+
+            if cmd == 'search':
+                ar = self.modules
+                manySearch = manysearches.MuchSearch()
+
+                # function to sort by arch
+                if len(self.arch) > 0:
+                    ar = manySearch.sort(ar, globals.vars.column_for_arch, self.arch)
+                # function to sort by plat
+                if len(self.plat) > 0:
+                    ar = manySearch.sort(ar, globals.vars.column_for_plat, self.plat)
+                # function to sort by lang
+                if len(self.lang) > 0:
+                    ar = manySearch.sort(ar, globals.vars.column_for_pl, self.lang)
+                if len(self.type) > 0:
+                    ar = manySearch.sort(ar, globals.vars.column_for_type, self.type)
+                printController = manysearches.MuchSearch()
+                printController.PrintPayloads(ar)
+                self.MainMenu()
+
+            if re.match('^set', cmd):
+                cmd = re.split('\s+', cmd)
+                print cmd[1] + ' => ' + cmd[2]
+                if cmd[1] == 'arch':
+                    self.arch = cmd[2]
+                if cmd[1] == 'plat':
+                    self.plat = cmd[2]
+                if cmd[1] == 'lang':
+                    self.lang = cmd[2]
+                if cmd[1] == 'type':
+                    self.type = cmd[2]
+                cmd = ''
+                self.MainMenu()
+
+            if cmd == 'show':
+                if len(self.currentmodule) == 0:
+                    print "No modules have been chosen. Use 'use' command."
+                if len(self.currentmodule) > 0:
+                    print 'Currently selected Module: ' + self.currentmodule
+                print '\tarch => ' + str(self.arch)
+                print '\tplat => ' + str(self.plat)
+                print '\tlang => ' + str(self.lang)
+                print '\ttype => ' + str(self.type)
+                print ''
+                self.MainMenu()
+
+            if cmd == 'exit':
+                sys.exit(1)
+
+            if cmd == 'update-db':
+                updateHandler = Updater()
+                updateHandler.get_maldb_ver()
+                self.MainMenu()
+
+            if cmd == 'get':
+                updateHandler = Updater()
+                try:
+                    updateHandler.get_malware(self.currentmodule, self.modules)
+                    self.MainMenu()
+                except:
+                    print globals.bcolors.RED + '[-]' + globals.bcolors.WHITE + 'Error getting malware.'
+                    self.MainMenu()
+
+            if re.match('^use', cmd):
+                cmd = re.split('\s+', cmd)
+                self.currentmodule = cmd[1]
+                cmd = ''
+                self.MainMenu()
+
+            if cmd == 'back':
+                print 'im at back - WTF?'
+                self.arch = ''
+                self.plat = ''
+                self.lang = ''
+                self.type = ''
+                self.currentmodule = ''
+                self.MainMenu()
+
+            if cmd == 'list all':
+                print "\nAvailable Payloads:"
+                array = self.modules
+                i = 0
+                print "ID\tName\tType"
+                print '-----------------'
+                for element in array:
+                    answer = array[i][globals.vars.column_for_uid]
+                    answer += '\t%s' % ('{0: <12}'.format(array[i][globals.vars.column_for_name]))
+                    answer += '\t%s' % ('{0: <12}'.format(array[i][globals.vars.column_for_type]))
+                    print answer
+                    i=i+1
+                self.MainMenu()
+
+            if cmd == 'quit':
+                print ":("
+                sys.exit(1)
+
+        except KeyboardInterrupt:
+            print ("i'll just go now...")
+            sys.exit()

imports/updatehandler.py

@@ -0,0 +1,115 @@
+#!/usr/bin/env python
+
+    #Malware DB - the most awesome free malware database on the air
+    #Copyright (C) 2014, Yuval Nativ, Lahad Ludar, 5Fingers
+
+    #This program is free software: you can redistribute it and/or modify
+    #it under the terms of the GNU General Public License as published by
+    #the Free Software Foundation, either version 3 of the License, or
+    #(at your option) any later version.
+
+    #This program is distributed in the hope that it will be useful,
+    #but WITHOUT ANY WARRANTY; without even the implied warranty of
+    #MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    #GNU General Public License for more details.
+
+    #You should have received a copy of the GNU General Public License
+    #along with this program.  If not, see <http://www.gnu.org/licenses/>.
+import sys
+import urllib2
+from imports import globals
+
+
+class Updater:
+
+    def get_maldb_ver(self):
+        try:
+            with file(globals.vars.maldb_ver_file) as f:
+                return f.read()
+        except IOError:
+            print("No malware DB version file found.\nPlease try to git clone the repository again.\n")
+            return 0
+
+    def update_db(self):
+        try:
+            with file(globals.vars.maldb_ver_file) as f:
+                f = f.read()
+        except IOError:
+            print("No malware DB version file found.\nPlease try to git clone the repository again.\n")
+            return 0
+
+        curr_maldb_ver = f
+        response = urllib2.urlopen(globals.vars.giturl+ globals.vars.maldb_ver_file)
+        new_maldb_ver = response.read()
+        if new_maldb_ver == curr_maldb_ver:
+            print globals.bcolors.GREEN + '[+]' + globals.bcolors.WHITE + " No need for an update.\n" + globals.bcolors.GREEN + '[+]' + globals.bcolors.WHITE + " You are at " + new_maldb_ver + " which is the latest version."
+            sys.exit(1)
+        # Write the new DB version into the file
+        f = open(globals.vars.maldb_ver_file, 'w')
+        f.write(new_maldb_ver)
+        f.close()
+
+        # Get the new CSV and update it
+        csvurl = globals.vars.giturl + globals.vars.main_csv_file
+        u = urllib2.urlopen(csvurl)
+        f = open(globals.vars.main_csv_file, 'wb')
+        meta = u.info()
+        file_size = int(meta.getheaders("Content-Length")[0])
+        print "Downloading: %s Bytes: %s" % (globals.vars.main_csv_file, file_size)
+        file_size_dl = 0
+        block_sz = 8192
+        while True:
+            buffer = u.read(block_sz)
+            if not buffer:
+                break
+            file_size_dl += len(buffer)
+            f.write(buffer)
+            status = r"%10d  [%3.2f%%]" % (file_size_dl, file_size_dl * 100. / file_size)
+            status = status + chr(8)*(len(status)+1)
+        print status,
+        f.close()
+
+    def get_malware(self, id, allmal):
+        #get mal location
+        loc = allmal[id][globals.vars.column_for_location]
+        #concat with location
+        ziploc = globals.vars.giturl + '/' + loc + '.zip'
+        passloc = globals.vars.giturl + '/' + loc + '.pass'
+        #get from git
+        u = urllib2.urlopen(ziploc)
+        f = open(id+'zip', 'wb')
+        meta = u.info()
+        file_size = int(meta.getheaders("Content-Length")[0])
+        print "Downloading: %s Bytes: %s" % (loc, file_size)
+        file_size_dl = 0
+        block_sz = 8192
+        while True:
+            buffer = u.read(block_sz)
+            if not buffer:
+                break
+            file_size_dl += len(buffer)
+            f.write(buffer)
+            status = r"%10d  [%3.2f%%]" % (file_size_dl, file_size_dl * 100. / file_size)
+            status = status + chr(8)*(len(status)+1)
+        print status,
+        f.close()
+
+        #get pass from git
+        u = urllib2.urlopen(passloc)
+        f = open(id+'pass', 'wb')
+        meta = u.info()
+        file_size = int(meta.getheaders("Content-Length")[0])
+        print "Downloading: %s Bytes: %s" % (loc, file_size)
+        file_size_dl = 0
+        block_sz = 8192
+        while True:
+            buffer = u.read(block_sz)
+            if not buffer:
+                break
+            file_size_dl += len(buffer)
+            f.write(buffer)
+            status = r"%10d  [%3.2f%%]" % (file_size_dl, file_size_dl * 100. / file_size)
+            status = status + chr(8)*(len(status)+1)
+        print status,
+        f.close()
+        #alert ready

malware-db.py

@@ -1,246 +1,112 @@
 #!/usr/bin/env python
 
-#Malware DB - the most awesome free malware database on the air
-#Copyright (C) 2014, Yuval Nativ, Lahad Ludar, 5fingers
+    #Malware DB - the most awesome free malware database on the air
+    #Copyright (C) 2014, Yuval Nativ, Lahad Ludar, 5Fingers
 
-#This program is free software: you can redistribute it and/or modify
-#it under the terms of the GNU General Public License as published by
-#the Free Software Foundation, either version 3 of the License, or
-#(at your option) any later version.
+    #This program is free software: you can redistribute it and/or modify
+    #it under the terms of the GNU General Public License as published by
+    #the Free Software Foundation, either version 3 of the License, or
+    #(at your option) any later version.
 
-#This program is distributed in the hope that it will be useful,
-#but WITHOUT ANY WARRANTY; without even the implied warranty of
-#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#GNU General Public License for more details.
+    #This program is distributed in the hope that it will be useful,
+    #but WITHOUT ANY WARRANTY; without even the implied warranty of
+    #MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    #GNU General Public License for more details.
 
-#You should have received a copy of the GNU General Public License
-#along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    #You should have received a copy of the GNU General Public License
+    #along with this program.  If not, see <http://www.gnu.org/licenses/>.
+from imports import muchmuchstrings
 
-__version__ = "0.2 Beta"
+__version__ = "0.4.2 Arthur"
 __appname__ = "Malware DB"
-__authors__ = ["Yuval Nativ", "Lahad Ludar", "5fingers"]
+__authors__ = ["Yuval Nativ","Lahad Ludar","5Fingers"]
 __licensev__ = "GPL v3.0"
-__maintainer__ = "Yuval Nativ"
+__maintainer = "Yuval Nativ"
 __status__ = "Development"
 
 import sys
 import getopt
-import subprocess
 import csv
-import urllib2
-# import git
-#import os
-#import inspect
+import os
+from imports.updatehandler import Updater
+from imports.eula_handler import EULA
+from imports.globals import vars
+from imports.terminal_handler import Controller
 
 
 def main():
 
-    # Set general variables.
-    version = __version__
-    appname = __appname__
-    licensev = __licensev__
-    authors = "Yuval Nativ, Lahad Ludar, 5fingers"
-    fulllicense = appname + " Copyright (C) 2014 " + authors + "\n"
-    fulllicense += "This program comes with ABSOLUTELY NO WARRANTY; for details type '" + sys.argv[0] + " -w'.\n"
-    fulllicense += "This is free software, and you are welcome to redistribute it."
+    # Much much imports :)
+    updateHandler = Updater
+    eulaHandler = EULA()
+    bannerHandler = muchmuchstrings.banners()
+    terminalHandler = Controller()
 
-    useage = '\nUsage: ' + sys.argv[0] + ' -s search_query -t trojan -p vb\n\n'
-    useage += 'The search engine can search by regular search or using specified arguments:\n\n'
-    useage += 'OPTIONS:\n'
-    useage += '   -h  --help\t\tShow this message\n'
-    useage += '   -t  --type\t\tMalware type, can be virus/trojan/botnet/spyware/ransomeware.\n'
-    useage += '   -p  --language\tProgramming language, can be c/cpp/vb/asm/bin/java.\n'
-    useage += '   -l  --platform\tPlatform of malware. Can be win32/win64/arm.\n'
-    useage += '   -a  --arch\t\tArchitecture of malware. Can be x86/x64/android/ios.\n'
-    useage += '   -u  --update\t\tUpdate malware index. Rebuilds main CSV file. \n'
-    useage += '   -s  --search\t\tSearch query for name or anything. \n'
-    useage += '   -v  --version\tPrint the version information.\n'                      # needs to print db version
-    useage += '   -w  \t\t\tPrints license information. \n'
 
-    # Basic configurations for later use
-    column_for_uid = 0
-    column_for_location = 1
-    column_for_type = 2
-    column_for_name = 3
-    column_for_version = 4
-    column_for_pl = 6
-    colomn_for_time = 7
-    column_for_arch = 8
-    column_for_plat = 9
-
-    conf_folder = 'conf'
-    eula_file = conf_folder + '/eula_run.conf'
-    maldb_ver_file = conf_folder + '/db.ver'
-    main_csv_file = conf_folder + '/index.csv'
-    giturl = 'https://raw.github.com/ytisf/theZoo/master/'
-
-    # Zeroing everything
-    type_of_mal = ""
-    pl = ""
-    search = ""
-    new = ""
-    update = 0
-    m = [];
-    a = 0
-    eula_answer = 'no'
-    f = ""
-    get_malware = 0
-    malware_index = 0
-    arch = ''
-    plat = ''
-
-    # Function to print license of malware-db
-    def print_license():
-        print ""
-        print fulllicense
-        print ""
-
-    # Check if EULA file has been created
-    def check_eula_file():
-        try:
-            with open(eula_file):
-                return 1
-        except IOError:
-            return 0
-
-    def get_maldb_ver():
-        try:
-            with file(maldb_ver_file) as f:
-                return f.read()
-        except IOError:
-            print("No malware DB version file found.\nPlease try to git clone the repository again.\n")
-            return 0
-
-    # Download an updated version of the CSV from the git file.
-    def update_db():
-        curr_maldb_ver = get_maldb_ver()
-        response = urllib2.urlopen(giturl + maldb_ver_file)
-        new_maldb_ver = response.read()
-        if new_maldb_ver == curr_maldb_ver:
-            print "No need for an update.\nYou are at " + new_maldb_ver + " which is the latest version."
-            sys.exit(1)
-
-        # Write the new DB version into the file
-        f = open(maldb_ver_file, 'w')
-        f.write(new_maldb_ver)
-        f.close()
-
-        # Get the new CSV and update it
-        csvurl = giturl + main_csv_file
-        u = urllib2.urlopen(csvurl)
-        f = open(main_csv_file, 'wb')
-        meta = u.info()
-        file_size = int(meta.getheaders("Content-Length")[0])
-        print "Downloading: %s Bytes: %s" % (main_csv_file, file_size)
-        file_size_dl = 0
-        block_sz = 8192
-        while True:
-            buffer = u.read(block_sz)
-            if not buffer:
-                break
-            file_size_dl += len(buffer)
-            f.write(buffer)
-            status = r"%10d  [%3.2f%%]" % (file_size_dl, file_size_dl * 100. / file_size)
-            status = status + chr(8) * (len(status) + 1)
-        print status,
-        f.close()
-        print "\nUpdates the malware DB."
-        sys.exit()
-
-    # prints version banner on screen
-    def versionbanner():
-        print ""
-        print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
-        print "\n\t\t    " + appname + ' v' + version + '\n'
-        print "Built by:\t\t" + authors
-        print "Is licensed under:\t" + licensev
-        print "DB version:\t\t" + get_maldb_ver()
-        print "\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n"
-        print fulllicense
-        print useage
-
-    # Check if maybe no results have been found
     def checkresults(array):
         if len(array) == 0:
             print "No results found\n\n"
             sys.exit(1)
 
-    # Check to needed arguments - left for debugging
     def checkargs():
         print "Type: " + type_of_mal
         print "Lang: " + pl
         print "Search: " + search
-        print "Platform: " + plat
-        print "Architecture: " + arch
 
-    # Sort arrays
     def filter_array(array, colum, value):
         ret_array = [row for row in array if value in row[colum]]
         return ret_array
 
-    # A function to print banner header
-    def res_banner():
-        print "\nUID\tName\t\tVersion\t\tLocation\t\tTime"
-        print "---\t----\t\t-------\t\t--------\t\t----"
-
-    # print_results will surprisingly print the results...
     def print_results(array):
-        answer = array[column_for_uid] + "\t" + array[column_for_name] + "\t" + array[column_for_version] + "\t\t"
-        answer += array[column_for_location] + "\t\t" + array[colomn_for_time]
+        # print_results will suprisingly print the results...
+        answer = array[vars.column_for_uid] + "\t" + array[vars.column_for_name]+ "\t" + array[vars.column_for_version] + "\t\t"
+        answer += array[vars.column_for_location] + "\t\t" + array[vars.colomn_for_time]
         print answer
 
-    options, remainder = getopt.getopt(sys.argv[1:], 'hwuvs:p:t:l:a:',
-                                       ['type=', 'language=', 'search=', 'help', 'update', 'version', 'dbv', 'platform=', 'arch='])
+
+    # Here actually starts Main()
+
+
+    options, remainder = getopt.getopt(sys.argv[1:], 'hwuvs:p:t:', ['type=', 'language=', 'search=', 'help', 'update', 'version', 'dbv' ])
+
+    # Zeroing everything
+    type_of_mal = ""
+    pl = ""
+    search = ""
+    new =""
+    update=0
+    m=[];
+    f = ""
 
     # Checking for EULA Agreement
-    a = check_eula_file()
+    a = eulaHandler.check_eula_file()
     if a == 0:
-        print appname + ' v' + version
-        print 'This program contain live and dangerous malware files'
-        print 'This program is intended to be used only for malware analysis and research'
-        print 'and by agreeing the EULA you agree to only use it for legal purposes and '
-        print 'studying malware.'
-        print 'You understand that these file are dangerous and should only be run on VMs'
-        print 'you can control and know how to handle. Running them on a live system will'
-        print 'infect you machines will live and dangerous malwares!.'
-        print ''
-        eula_answer = raw_input('Type YES in capital letters to accept this EULA.\n')
-        if eula_answer == 'YES':
-            print 'you types YES'
-            new = open(eula_file, 'a')
-            new.write(eula_answer)
-        else:
-            print 'You need to accept the EULA.\nExiting the program.'
-            sys.exit(1)
+        eulaHandler.prompt_eula()
 
     # Get arguments
     for opt, arg in options:
         if opt in ('-h', '--help'):
-            print fulllicense
-            print useage
+            print vars.fulllicense
+            print vars.useage
             sys.exit(1)
         elif opt in ('-u', '--update'):
-            #update = 1 # removing the rebuild CSV function. in the move from 0.1 alpha to 0.2 beta
-            update_db()
+            updateHandler.update_db()
+            sys.exit(1)
         elif opt in ('-v', '--version'):
-            versionbanner()
+            bannerHandler.versionbanner()
             sys.exit(1)
         elif opt in '-w':
-            print_license()
+            bannerHandler.print_license()
             sys.exit(1)
         elif opt in ('-t', '--type'):
             type_of_mal = arg
         elif opt in ('-p', '--language'):
             pl = arg
-        elif opt in ('-l', '--platform'):
-            plat = arg
-        elif opt in ('-a', '--arch'):
-            arch = arg
         elif opt in ('-s', '--search'):
             search = arg
         elif opt in '--dbv':
             # Getting version of malware-DB's database
-            a = get_maldb_ver()
+            a = updateHandler.get_maldb_ver()
             if a == 0:
                 sys.exit(0)
             elif len(a) > 0:
@@ -248,46 +114,24 @@ def main():
                 print "Malware-DB Database's version is: " + a
                 sys.exit()
 
-    # Rebuild CSV
-    if update == 1:
-        subprocess.call("./Rebuild_CSV.sh", shell=True)
-        sys.exit(1)
-
     # Take index.csv and convert into array m
-    csvReader = csv.reader(open(main_csv_file, 'rb'), delimiter=',');
+    csvReader = csv.reader(open(vars.main_csv_file, 'rb'), delimiter=',')
     for row in csvReader:
         m.append(row)
 
     # Filter by type
     if len(type_of_mal) > 0:
-        m = filter_array(m, column_for_type, type_of_mal)
+        m = filter_array(m, vars.column_for_type, type_of_mal)
 
     # Filter by programming language
     if len(pl) > 0:
-        m = filter_array(m, column_for_pl, pl)
+        m = filter_array(m, vars.column_for_pl, pl)
 
-    # Filter by arch
-    if len(arch) > 0:
-        m = filter_array(m, column_for_arch, arch)
-
-    # Filter by platform
-    if len(plat) > 0:
-        m = filter_array(m, column_for_plat, plat)
-
-    checkargs()
-
-    # Free search handler
-    if len(search) > 0:
-        res_banner()
-        matching = [y for y in m if search in y]
-        for line in matching:
-            checkresults(matching)
-            print_results(line)
-
-    if len(search) <= 0:
-        res_banner()
-        for line in m:
-            print_results(line)
+    os.system('clear')
+    print vars.maldb_banner
+    while 1:
+        terminalHandler.MainMenu()
+    sys.exit(1)
 
 
 if __name__ == "__main__":

malwares/Binaries/CryptoLocker_22Jan2014/CryptoLocker_22Jan2014.sha256

@@ -0,0 +1 @@
+e908dca957b9cb7759feeabef0f2921e3cb236368acc5e124e87af0492308b14

malwares/Binaries/Trojan.Dropper.Gen/Trojan.Dropper.Gen.sha256

@@ -0,0 +1 @@
+7e6b66c3fa1c2b86b90c9f4f0e786b3291ac33919369e3f731bfdc050737e50c

malwares/Binaries/njRAT-v0.6.4/njRAT-v0.6.4.pass

@@ -0,0 +1 @@
+crypted