Find Malware Sample with MD5, SHA1, SHA256 Hash on Internet
For now:
python2
requests
google
bs4
With pip
# pip install git+https://github.com/pe3zx/malwaresearch.git
Manual
# pip install -r requirements.txt
# python setup.py install
$ malwaresearch
Usage: malwaresearch [options] [hashs|files]
Options:
-h, --help show this help message and exit
-f, --file input file keyword
-c CONFIG, --config=CONFIG
config file path
-m MODE, --mode=MODE search mode: [1] Hybrid Analysis, [2] Malware Traffic
Analysis, [3] Malwarebreakdown default: 1,2,3 (for all
mode)
// For first time
$ malwaresearch ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
Input some config please answer some question
Hybrid Analysis api key: 4pwx5vtzb4sg0c080800w0c88
Hybrid Analysis secret key: ee3d523e9e8fd6832a0034f84b149a039b9785fa3e2139f1
Write config to /home/bongtrop/.malwaresearch.json
$ malwaresearch ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
Search for ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
With hybrid-analysis.com
Description: Trojan.Ransom.WannaCryptor
Link: https://www.hybrid-analysis.com/sample/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
With malware-traffic-analysis.net
Not Found
With malwarebreakdown.com
Not Found
$ malwaresearch -f input_test.txt
Search for b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
With hybrid-analysis.com
Description: Generic.Ransom.HydraCrypt
Link: https://www.hybrid-analysis.com/sample/b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
With malware-traffic-analysis.net
Not Found
With malwarebreakdown.com
Not Found
Search for 2584e1521065e45ec3c17767c065429038fc6291c091097ea8b22c8a502c41dd
With hybrid-analysis.com
Description: Gen:Variant.Graftor
Link: https://www.hybrid-analysis.com/sample/2584e1521065e45ec3c17767c065429038fc6291c091097ea8b22c8a502c41dd
With malware-traffic-analysis.net
Not Found
With malwarebreakdown.com
Not Found
...
$ malwaresearch -m 1,3 -f input_test.txt
Search for b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
With hybrid-analysis.com
Description: Generic.Ransom.HydraCrypt
Link: https://www.hybrid-analysis.com/sample/b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
With malwarebreakdown.com
Not Found
...
- Support on more available sources