SImple Malware Scanner (Offline & Online)

Earlier I wrote about how to scan a file using multiple antiviruses online, however, alternatively you can check the md5 hash of the file & compare it to the valid one in an offline database..or can validate it at an online one like VirusTotal. The specified action is done by a program known as "Simple Malware Check Tool" developed by Mert Sarica. The program has http proxy support & update feature.

You can easily check the hash by running -

python malware_check.py online malware.exe

This command calculates the md5 hash of a specified file (ex: malware.exe), submits it to http://www.virustotal.com
and then shows the result. To check Offline, you need to run -

python malware_check.py offline malware.exe

This command takes the md5 hash of the specified file (ex: malware.exe) and searches it in its current hash set (hashset.txt)
and then shows the result.

python malware_check.py update

This command updates its current hash set (hashset.txt) by crawling threat information from http://www.avira.ro &

includes information like virus name, virus type, md5 hash of the virus, severity and discovered date. If there is a hashset.txt it just up to date its current hash set to the latest.

To add proxy support simply edit the .py script and add in the relevant proxy details.

proxy_info = {
    'user' : 'username', # proxy username
    'pass' : 'password', # proxy password
    'host' : "proxy host", # proxy host
    'port' : 8080 # proxy port
    }

You can download the Malware Check Tool here:

Download Malware Check Tool

Like This post ?  You can buy me a Beer :)

 

 

Posted by XERO. ALL RIGHTS RESERVED.