Analyze that: Malware analysis using the Virus Total API
amzn_assoc_ad_type = "banner"; amzn_assoc_marketplace = "amazon"; amzn_assoc_region = "US"; amzn_assoc_placement = "assoc_banner_placement_default"; amzn_assoc_campaigns = "amzn_vicc_cloudcam_1017"; amzn_assoc_banner_type = "category"; amzn_assoc_isresponsive = "true"; amzn_assoc_banner_id = "1J0CHGJT75D586M66602"; amzn_assoc_tracking_id = "kraljevicn1-20"; amzn_assoc_linkid = "c122cc4768b349b4aab7d3099b74ea1c";
2017 was really supposed to be the year of the Chatbot but chatbots never really took off trust me I wrote a few. What 2017 actually was, was the year of the API. I actually spent a fair portion of 2017 working with API's and with the general automation and IoT trends that are picking up more and more API's have become essential for almost every kind of digital product or service including security.
Setup
Setup is quite simple with the project from Erethon run the following commands
$ mkdir virustotal $ cd virustotal/ $ git clone https://github.com/Erethon/vta.py.git
Once you have cloned the repo you will need to update the contents inside the vta.py with your virus total api key and then you are ready to go:
#self.api = "ASWGFHAHJGASDAGHHKHEGWARJLQGEIQYEQWIUAGHDASD" self.api = "INSERT YOUR VIRUS TOTAL PUBLIC API HERE"
Checking websites with VirusTotal
With the vta.py simple api interface you can quickly scan a website with virus total wit the below command
$ python vtwrapper.py -u www.security-sleuth.com
Once complete you will catch the output that looks something like the below:
You should be able to view the output results in a browser like the below:
Checking files with VirusTotal
Aside from url scanning you can also perform file scans with the command below:
$ python vtwrapper.py -F eicar_test.txt
Results will look something like this:
Just like the url scan you can view the results online aswell:
The test file contains an eicar test pattern:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Conclusion
As always I hope you found this tutorial useful. Please let me know if you would like to see more api / VirusTotal focused tutorials in the near future.
As always thanks for your support! Until next time,
The Security Sleuth
