/
known_virustotal.py
29 lines (26 loc) · 1.27 KB
/
known_virustotal.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
from lib.cuckoo.common.abstracts import Signature
class KnownVirustotal(Signature):
name = "known_virustotal"
description = "File has been identified by AV on virustotal as malicious"
severity = 3
categories = ["generic"]
authors = ["Michael Boman"]
def run(self, results):
try:
results["virustotal"]
#if results["virustotal"]["positives"] != None:
# print "results['virustotal']['positives'] = " + str(results["virustotal"]["positives"])
# print "results['virustotal']['total'] = " + str(results["virustotal"]["total"])
# percent_f = (float(results["virustotal"]["positives"]) / float(results["virustotal"]["total"])) * 100.0
# percent_i = int(percent_f)
# print "Detection rate: " + str(percent_f) + "%"
# print "Detection rate: " + str(percent_i) + "%"
except NameError:
return False
else:
percent_f = (float(results["virustotal"]["positives"]) / float(results["virustotal"]["total"])) * 100.0
percent_i = int(percent_f)
if results["virustotal"]["positives"] > 0:
self.data.append({"virus_total" : results["virustotal"]})
return True
return False