Code changes, Alina source, Cryptowall & Rustock

2026-01-06 17:53:31 -08:00 · 2015-02-09 22:47:27 +02:00
parent eac9ed8bf9
commit 93610eabd2
20 changed files with 104 additions and 50 deletions
--- a/imports/colors.py
+++ b/imports/colors.py
@@ -0,0 +1,50 @@
+#!/usr/bin/env python
+
+import os 
+
+BOLD = ''
+NORM = ''
+PURPLE = ''
+BLUE = ''
+GREEN = ''
+YELLOW = ''
+RED = ''
+WHITE = ''
+MAGENTA = ''
+UNDERLINE = ''
+
+if os.name is not 'nt':
+	PURPLE = '\033[95m'
+	BLUE = '\033[94m'
+	GREEN = '\033[92m'
+	YELLOW = '\033[93m'
+	RED = '\033[91m'
+	WHITE = '\033[0m'
+	MAGENTA = '\033[35m'
+	BOLD = '\033[01m'
+	UNDERLINE = '\033[04m'
+
+
+def bold(str):
+	return BOLD + str + WHITE
+
+def underline(str):
+	return UNDERLINE + str + WHITE
+
+def purple(str):
+	return PURPLE + str + WHITE
+
+def blue(str):
+	return BLUE + str + WHITE
+
+def green(str):
+	return GREEN + str + WHITE
+
+def red(str):
+	return RED + str + WHITE
+
+def yellow(str):
+	return YELLOW + str + WHITE
+
+def white(str):
+	return WHITE + str + WHITE
--- a/imports/db_handler.py
+++ b/imports/db_handler.py
@@ -27,7 +27,10 @@ class DBHandler:

    def get_mal_tags(self):
        return [val[0] for val in self.cur.execute("SELECT DISTINCT TAGS From Malwares WHERE TAGS IS NOT NULL").fetchall()]
-		
+
+    def get_mal_info(self, mid):
+        return self.cur.execute("SELECT TYPE, NAME, VERSION, AUTHOR, LANGUAGE, DATE, ARCHITECTURE, PLATFORM, TAGS From Malwares WHERE ID =" + str(mid)).fetchall()
+
    def query(self, query, param=''):
        if globals.vars.DEBUG_LEVEL is 2:
            print locals()
--- a/imports/eula_handler.py
+++ b/imports/eula_handler.py
@@ -19,7 +19,7 @@
 import sys
 import os
 from imports import globals
-
+from imports.colors import *

 class EULA:

@@ -38,20 +38,19 @@ class EULA:
    def prompt_eula(self):
        globals.init()
        os.system('cls' if os.name == 'nt' else 'clear')
-        print globals.bcolors.RED
-        print '_____________________________________________________________________________'
-        print '|                 ATTENTION!!! ATTENTION!!! ATTENTION!!!                    |'
-        print '|                       ' + globals.vars.appname + ' v' + globals.vars.version + '                            |'
-        print '|___________________________________________________________________________|'
-        print '|This program contains live and dangerous malware files                     |'
-        print '|This program is intended to be used only for malware analysis and research |'
-        print '|and by agreeing the EULA you agree to only use it for legal purposes and   |'
-        print '|studying malware.                                                          |'
-        print '|You understand that these file are dangerous and should only be run on VMs |'
-        print '|you can control and know how to handle. Running them on a live system will |'
-        print '|infect you machines will live and dangerous malwares!.                     |'
-        print '|___________________________________________________________________________|'
-        print globals.bcolors.WHITE
+        notice = '_____________________________________________________________________________\n'
+        notice += '|                 ATTENTION!!! ATTENTION!!! ATTENTION!!!                    |\n'
+        notice += '|                       ' + globals.vars.appname + ' v' + globals.vars.version + '                            |\n'
+        notice += '|___________________________________________________________________________|\n'
+        notice += '|This program contains live and dangerous malware files                     |\n'
+        notice += '|This program is intended to be used only for malware analysis and research |\n'
+        notice += '|and by agreeing the EULA you agree to only use it for legal purposes and   |\n'
+        notice += '|studying malware.                                                          |\n'
+        notice += '|You understand that these file are dangerous and should only be run on VMs |\n'
+        notice += '|you can control and know how to handle. Running them on a live system will |\n'
+        notice += '|infect you machines will live and dangerous malwares!.                     |\n'
+        notice += '|___________________________________________________________________________|\n'
+        print red(notice)
        eula_answer = raw_input(
            'Type YES in captial letters to accept this EULA.\n > ')
        if eula_answer == 'YES':
--- a/imports/globals.py
+++ b/imports/globals.py
@@ -60,21 +60,6 @@ class Completer:
            return None
 ################################################################

-class bcolors:
-    PURPLE = ''
-    BLUE = ''
-    GREEN = ''
-    YELLOW = ''
-    RED = ''
-    WHITE = ''
-    if os.name is not 'nt':
-        PURPLE = '\033[95m'
-        BLUE = '\033[94m'
-        GREEN = '\033[92m'
-        YELLOW = '\033[93m'
-        RED = '\033[91m'
-        WHITE = '\033[0m'
-

 class vars:
    version = "0.6.0 'Moat'"
--- a/imports/manysearches.py
+++ b/imports/manysearches.py
@@ -1,7 +1,7 @@
 from imports import globals
 from imports import db_handler
 from imports.prettytable import PrettyTable
-
+from imports.colors import *

 class MuchSearch(object):

@@ -45,7 +45,7 @@ class MuchSearch(object):
            self.ar = self.db.query(self.prequery + self.query, [self.param])
            self.print_payloads(self.ar)
        else:
-            print globals.bcolors.RED + "[!] " + globals.bcolors.WHITE + "Filter did not match any malware :(\n"
+            print red("[!]") + " Filter did not match any malware :(\n"

        return self.hits

@@ -60,13 +60,11 @@ class MuchSearch(object):
            qlist.append(' ' + tmp + ' ')
        return "and".join(qlist)

-    def print_payloads(self, m, fields=["ID", "Type", "Language", "Architecture", "Platform", "Name"]):
+    def print_payloads(self, m, fields=["#", "Type", "Language", "Architecture", "Platform", "Name"]):

        table = PrettyTable(fields)
-        table.align["ID"] = "l"
-        table.align["Name"] = "l"
+        table.align = "l"
        for malware in m:
            table.add_row(malware)
        print table
-        print "\n"
-        print globals.bcolors.GREEN + "[+]" + globals.bcolors.WHITE + " Total records found: %s" % len(m)
+        print bold(green("[+]")) + " Total records found: %s" % len(m) + "\n"
--- a/imports/terminal_handler.py
+++ b/imports/terminal_handler.py
@@ -10,6 +10,7 @@ import globals
 from imports import manysearches
 from imports.update_handler import Updater
 from imports import db_handler
+from imports.colors import *


 class Controller:
@@ -21,6 +22,7 @@ class Controller:
        self.commands = [("search", "Search for malwares according to a filter,\n\t\t\te.g 'search cpp worm'."),
                         ("list all", "Lists all available modules"),
                         ("use", "Selects a malware by ID"),
+                         ("info", "Retreives information about malware"),
                         ("get", "Downloads selected malware"),
                         ("report-mal", "Report a malware you found"),
                         ("update-db", "Updates the databse"),
@@ -53,14 +55,12 @@ class Controller:
                    g = self.currentmodule - 1
                    just_print = self.modules[g][int(globals.vars.column_for_name)]
                    cmd = raw_input(
-                        globals.bcolors.GREEN + 'mdb ' + globals.bcolors.RED + str(
-                            just_print) + globals.bcolors.GREEN + '#> ' + globals.bcolors.WHITE).strip()
+                        bold(green('mdb ')) + bold(blue(just_print)) + green('#> ')).strip()
                else:
                    cmd = raw_input(
-                        globals.bcolors.GREEN + 'mdb ' + globals.bcolors.GREEN + '#> ' + globals.bcolors.WHITE).strip()
+                        bold(green('mdb ')) + green('#> ')).strip()
            except KeyboardInterrupt:
-                print globals.bcolors.BLUE + "\n\n[*]" + globals.bcolors.WHITE \
-                    + " Hope you enjoyed your visit at" + globals.bcolors.RED + " theZoo!" + globals.bcolors.WHITE
+                print bold(blue("\n\n[*]")) + " Hope you enjoyed your visit at" + bold(red(" theZoo")) + "!"
                exit()

            self.actOnCommand(cmd)
@@ -85,7 +85,7 @@ class Controller:
                    args = cmd.rsplit(' ')[1:]
                    manySearch.sort(args)
                except:
-                    print globals.bcolors.RED + '[!]' + globals.bcolors.WHITE + 'Uh oh, Invalid query.'
+                    print red('[!]') + 'Uh oh, Invalid query.'
                return

            if cmd == 'exit':
@@ -140,7 +140,7 @@ class Controller:
                try:
                    update_handler.get_malware(self.currentmodule)
                except:
-                    print globals.bcolors.RED + '[-] ' + globals.bcolors.WHITE + 'Error getting malware.'
+                    print red('[-] ') + 'Error getting malware.'
                return
            # If used the 'use' command
            if re.match('^use', cmd):
@@ -170,6 +170,15 @@ class Controller:
                    i = i + 1
                return

+            if cmd == 'info':
+                if self.currentmodule is None:
+                    print red("[!] ") + "First select a malware using the \'use\' command"
+                    return
+                m = self.db.get_mal_info(self.currentmodule)
+                manySearch = manysearches.MuchSearch()
+                manySearch.print_payloads(m, ["%", "Name", "Ver.", "Author", "Lang", "Date", "Arch.", "Plat.", "Tags"])
+                return
+
            if cmd == 'quit':
                print ":("
                sys.exit(1)
--- a/imports/update_handler.py
+++ b/imports/update_handler.py
@@ -21,7 +21,7 @@ from os import remove, rename
 import urllib2
 from imports import globals
 from imports import db_handler
-
+from imports.colors import *

 class Updater:

@@ -51,11 +51,11 @@ class Updater:
            globals.vars.giturl_dl + globals.vars.maldb_ver_file)
        new_maldb_ver = response.read()
        if new_maldb_ver == curr_db_version:
-            print globals.bcolors.GREEN + '[+]' + globals.bcolors.WHITE + " theZoo is up to date :)\n" + globals.bcolors.GREEN + '[+]' + globals.bcolors.WHITE + " You are at " + new_maldb_ver + " which is the latest version."
+            print green('[+]') + " theZoo is up to date.\n" + green('[+]') + " You are at " + new_maldb_ver + " which is the latest version."
            return

-        print globals.bcolors.RED + '[+]' + globals.bcolors.WHITE + " A newer version is available: " + new_maldb_ver + "!"
-        print globals.bcolors.RED + '[+]' + globals.bcolors.WHITE + " Updating..."
+        print red('[+]') + " A newer version is available: " + new_maldb_ver + "!"
+        print red('[+]') + " Updating..."

        # Get the new DB and update it

@@ -84,7 +84,8 @@ class Updater:
        self.download_from_repo(loc, '.pass')
        self.download_from_repo(loc, '.md5')
        self.download_from_repo(loc, '.sha256')
-
+        print bold(green("[+]")) + " Successfully downloaded a new friend.\n"
+		
    def download_from_repo(self, filepath, suffix=''):
        if globals.vars.DEBUG_LEVEL is 1:
            print locals()