tis-emocheck
1.0.0-7
Emotet (malware) detection tool for Windows. (Windows 7 does not support UTF-8 output in the Command Prompt. The package is working since he's silent)
726 downloads
Description
- package : tis-emocheck
- version : 1.0.0-7
- architecture : x64
- categories : Security
- maintainer : WAPT Team,Tranquil IT,Jimmy PELÉ
- description : Emotet (malware) detection tool for Windows. (Windows 7 does not support UTF-8 output in the Command Prompt. The package is working since he's silent)
- locale :
- target_os : windows
- min_os_version : 6.1
- max_os_version :
- min_wapt_version : 1.8
- sources : https://github.com/JPCERTCC/EmoCheck/releases
- installed_size :
- impacted_process :
- description_fr : Outil de détection du malware Emotet pour Windows. (Windows 7 ne prend pas en charge la sortie UTF-8 dans l'invite de commande. Le paquet fonctionne car il est silencieux)
- description_pl :
- description_de :
- description_es :
- description_pt :
- description_it :
- description_nl :
- description_ru :
- editor : JPCERT Coordination Center
- licence :
- signature_date : 2020-09-09T14:35:36.417626
- Homepage : https://github.com/JPCERTCC/EmoCheck
Setup.py
# -*- coding: utf-8 -*-
from setuphelpers import *
import json
uninstallkey = []
# Defining variables
bin_name_string = 'emocheck_v%s_x64.exe'
app_dir = makepath(programfiles,'EmoCheck')
def install():
# Initializing variables
package_version = control.version.split('-',1)[0]
bin_name = bin_name_string % package_version
app_path = makepath(app_dir,bin_name)
# Installing the package
print('Copying: %s to %s' % (bin_name, app_path))
killalltasks(bin_name)
if isdir(app_dir):
remove_tree(app_dir)
mkdirs(app_dir)
filecopyto(makepath(basedir, bin_name), app_path)
def uninstall():
# Initializing variables
package_version = control.version.split('-',1)[0]
bin_name = bin_name_string % package_version
app_path = makepath(app_dir,bin_name)
# Uninstalling the package
killalltasks(bin_name)
if isdir(app_dir):
remove_tree(app_dir)
def audit():
# Initializing variables
package_version = control.version.split('-',1)[0]
bin_name = bin_name_string % package_version
app_path = makepath(app_dir,bin_name)
for old_json in glob.glob(makepath(app_dir,'*.json')):
remove_file(old_json)
# Checking
run('"%s" -quiet -output "%s" -json' % (app_path, app_dir))
if not isfile(glob.glob(makepath(app_dir,'*.json'))[0]):
print("WARNING: The scan do not return a result !")
return "WARNING"
json_scan = json_load_file(glob.glob(makepath(app_dir,'*.json'))[0])
print("Scan result in json format:")
print(json_scan)
if json_scan['is_infected'] == 'no':
print("OK: This machine is not infected.")
return "OK"
else:
print("CRITICAL: This machine is infected!")
return "ERROR"
def update_package():
print('Downloading/Updating package content from upstream binary sources')
# Initializing variables
proxies = get_proxies()
app_name = control.name
git_repo = 'JPCERTCC/EmoCheck'
url_api = 'https://api.github.com/repos/%s/releases/latest' % git_repo
bin_end = bin_name_string.split('%s')[-1]
# Getting latest version from official website
print('API used is: ' + url_api)
json_load = json.loads(wgets(url_api,proxies=proxies))
for download in json_load['assets']:
if download['name'].endswith(bin_end):
url_dl = download['browser_download_url']
break
version = json_load['tag_name'].replace('v','')
latest_bin = bin_name_string % version
print("Latest %s version is: %s" % (app_name, version))
print("Download url is: %s" % url_dl)
# Downloading latest binaries
if not isfile(latest_bin):
print('Downloading: %s' % latest_bin)
wget(url_dl, latest_bin, proxies=proxies)
# Checking version from file
version_from_file = get_version_from_binary(latest_bin)
if version_from_file != '' and version != version_from_file:
os.rename(latest_bin, bin_name_string % version_from_file)
version = version_from_file
# Changing version of the package
control.version = '%s-%s'%(version,int(control.version.split('-')[-1])+1)
control.save_control_to_wapt()
print('Changing version to: %s in WAPT\\control' % control.version)
# Deleting outdated binaries
remove_outdated_binaries(version, list_extensions=bin_name_string.split('.'[-1]), list_filename_contain=control.architecture)
def json_load_file(json_file):
with open(json_file) as read_file:
data = json.load(read_file)
return data
def get_proxies():
import platform
if platform.python_version_tuple()[0] == '3':
from urllib.request import getproxies
else:
from urllib import getproxies
return getproxies()
def get_version_from_binary(filename):
if filename.endswith('.msi'):
return get_msi_properties(filename)['ProductVersion']
else:
return get_file_properties(filename)['ProductVersion']
def remove_outdated_binaries(version, list_extensions=['exe','msi','deb','rpm','dmg','pkg'], list_filename_contain=None):
if type(list_extensions) != list:
list_extensions = [list_extensions]
if list_filename_contain:
if type(list_filename_contain) != list:
list_filename_contain = [list_filename_contain]
list_extensions = ['.' + ext for ext in list_extensions if ext[0] != '.']
for file_ext in list_extensions:
for bin_in_dir in glob.glob('*%s' % file_ext):
if not version in bin_in_dir:
remove_file(bin_in_dir)
if list_filename_contain:
for filename_contain in list_filename_contain:
if not filename_contain in bin_in_dir:
remove_file(bin_in_dir)
Changelog
Changelog software url : https://github.com/JPCERTCC/EmoCheck/releases
No changelog
[["emocheck_v1.0.0_x64.exe","cb80892758754d12af2148bcffc32eae0daa02c4815415b394aff2d79e0b761b"],["setup.py","a2f49f1b2e63abfd83758dab260cc7e0f6af0892b348bb6753dfe629999b76c4"],["WAPT/icon.png","6c397954cb9707a2201568ea512a02584ec87287d16330a6407e0659913a0d47"],["WAPT/certificate.crt","a5a97261381e1d0ad46ee15916abec9c2631d0201f5cc50ceb0197a165a0bbbf"],["WAPT/control","c7790322745a53f51ee1b9ca7e811e9a4ea2e4b488764250c8f5fb850e50922c"]]