diff --git a/app/core/settings.py b/app/core/settings.py index ecce6ac..d37a3da 100644 --- a/app/core/settings.py +++ b/app/core/settings.py @@ -19,3 +19,5 @@ SPAMASSASSIN_TIMEOUT: int = config("SPAMASSASSIN_TIMEOUT", cast=int, default=10) URLSCAN_API_KEY: Secret = config("URLSCAN_API_KEY", cast=Secret, default="") + +VIRUSTOTAL_API_KEY: Secret = config("VIRUSTOTAL_API_KEY", cast=Secret, default="") diff --git a/app/factories/response.py b/app/factories/response.py index 8b55572..9263e9e 100644 --- a/app/factories/response.py +++ b/app/factories/response.py @@ -7,7 +7,8 @@ from app.factories.oldid import OleIDVerdictFactory from app.factories.spamassassin import SpamAssassinVerdictFactory from app.factories.urlscan import UrlscanVerdictFactory -from app.schemas.eml import Body +from app.factories.virustotal import VirusTotalVerdictFactory +from app.schemas.eml import Attachment, Body from app.schemas.response import Response from app.schemas.verdict import Verdict @@ -19,6 +20,13 @@ def aggregate_urls_from_bodies(bodies: List[Body]) -> List[str]: return urls +def aggregate_sha256s_from_attachments(attachments: List[Attachment]) -> List[str]: + sha256s: List[str] = [] + for attachment in attachments: + sha256s.append(attachment.hash_.sha256) + return sha256s + + class ResponseFactory: def __init__(self, eml_file: bytes): self.eml_file = eml_file @@ -26,6 +34,7 @@ def __init__(self, eml_file: bytes): async def to_model(self) -> Response: eml = EmlFactory.from_bytes(self.eml_file) urls = aggregate_urls_from_bodies(eml.bodies) + sha256s = aggregate_sha256s_from_attachments(eml.attachments) verdicts: List[Verdict] = [] # Add SpamAsassin and urlscan verdicts @@ -33,10 +42,12 @@ async def to_model(self) -> Response: [ partial(SpamAssassinVerdictFactory.from_bytes, self.eml_file), partial(UrlscanVerdictFactory.from_urls, urls), + partial(VirusTotalVerdictFactory.from_sha256s, sha256s), ] ) # Add OleID verdict verdicts.append(OleIDVerdictFactory.from_attachments(eml.attachments)) + # Add VT verdict return Response(eml=eml, verdicts=verdicts) diff --git a/app/factories/urlscan.py b/app/factories/urlscan.py index ffe7067..c649195 100644 --- a/app/factories/urlscan.py +++ b/app/factories/urlscan.py @@ -88,7 +88,7 @@ async def to_model(self) -> Verdict: details=[ Detail( key="benign", - description="There is no suspicous urls in bodies.", + description="There is no malicious URL in bodies.", ) ], ) diff --git a/app/factories/virustotal.py b/app/factories/virustotal.py new file mode 100644 index 0000000..a7f4799 --- /dev/null +++ b/app/factories/virustotal.py @@ -0,0 +1,102 @@ +from dataclasses import dataclass +from functools import partial +from typing import List, Optional + +import aiometer +import vt +from loguru import logger + +from app.core.settings import VIRUSTOTAL_API_KEY +from app.schemas.verdict import Detail, Verdict + + +@dataclass +class VirusTotalVerdict: + malicious: int + sha256: str + + @property + def link(self) -> str: + return f"https://www.virustotal.com/gui/file/{self.sha256}/detection" + + @property + def description(self) -> str: + return f"{self.malicious} reports say {self.sha256} is malicious." + + +async def get_file(client: vt.Client, sha256: str) -> Optional[vt.Object]: + try: + return await client.get_object_async(f"/files/{sha256}") + except Exception as e: + logger.exception(e) + return None + + +async def bulk_get_files(sha256s: List[str]) -> List[vt.Object]: + if str(VIRUSTOTAL_API_KEY) == "": + return [] + + if len(sha256s) == 0: + return [] + + client = vt.Client(str(VIRUSTOTAL_API_KEY)) + files = await aiometer.run_all( + [partial(get_file, client, sha256) for sha256 in sha256s] + ) + return [file_ for file_ in files if file_ is not None] + + +async def get_virustotal_verdicts(sha256s: List[str]) -> List[VirusTotalVerdict]: + if str(VIRUSTOTAL_API_KEY) == "": + return [] + + files = await bulk_get_files(sha256s) + + verdicts: List[VirusTotalVerdict] = [] + for file_ in files: + malicious = int(file_.last_analysis_stats.get("malicious", 0)) + sha256 = str(file_.sha256) + verdicts.append(VirusTotalVerdict(malicious=malicious, sha256=sha256)) + + return verdicts + + +class VirusTotalVerdictFactory: + def __init__(self, sha256s: List[str]): + self.sha256s = sha256s + self.name = "VirusTotal" + + async def to_model(self) -> Verdict: + malicious_verdicts: List[VirusTotalVerdict] = [] + + verdicts = await get_virustotal_verdicts(self.sha256s) + for verdict in verdicts: + if verdict.malicious > 0: + malicious_verdicts.append(verdict) + + if len(malicious_verdicts) == 0: + return Verdict( + name=self.name, + malicious=False, + details=[ + Detail( + key="benign", description="There is no malicious attachment.", + ) + ], + ) + + details: List[Detail] = [] + details = [ + Detail( + key=verdict.sha256, + score=verdict.malicious, + description=verdict.description, + ) + for verdict in malicious_verdicts + ] + return Verdict(name=self.name, malicious=True, score=100, details=details) + + @classmethod + async def from_sha256s(cls, sha256s: List[str]) -> Verdict: + obj = cls(sha256s) + return await obj.to_model() diff --git a/poetry.lock b/poetry.lock index 8fd1f3e..1ea8e6a 100644 --- a/poetry.lock +++ b/poetry.lock @@ -6,6 +6,24 @@ optional = false python-versions = "*" version = "0.5.0" +[[package]] +category = "main" +description = "Async http client/server framework (asyncio)" +name = "aiohttp" +optional = false +python-versions = ">=3.5.3" +version = "3.6.2" + +[package.dependencies] +async-timeout = ">=3.0,<4.0" +attrs = ">=17.3.0" +chardet = ">=2.0,<4.0" +multidict = ">=4.5,<5.0" +yarl = ">=1.0,<2.0" + +[package.extras] +speedups = ["aiodns", "brotlipy", "cchardet"] + [[package]] category = "main" description = "A Python concurrency scheduling library, compatible with asyncio and trio" @@ -93,6 +111,14 @@ optional = false python-versions = ">=3.5.3" version = "3.0.1" +[[package]] +category = "main" +description = "reference implementation of PEP 3156" +name = "asyncio" +optional = false +python-versions = "*" +version = "3.4.3" + [[package]] category = "dev" description = "Enhance the standard unittest package with features for testing asyncio libraries" @@ -102,7 +128,7 @@ python-versions = ">=3.5" version = "0.13.0" [[package]] -category = "dev" +category = "main" description = "Atomic file writes." marker = "sys_platform == \"win32\"" name = "atomicwrites" @@ -111,7 +137,7 @@ python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" version = "1.4.0" [[package]] -category = "dev" +category = "main" description = "Classes Without Boilerplate" name = "attrs" optional = false @@ -552,7 +578,7 @@ python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" version = "2.10" [[package]] -category = "dev" +category = "main" description = "iniconfig: brain-dead simple config-ini parsing" name = "iniconfig" optional = false @@ -621,7 +647,7 @@ python-versions = "*" version = "0.6.1" [[package]] -category = "dev" +category = "main" description = "More routines for operating on iterables, beyond itertools" name = "more-itertools" optional = false @@ -640,6 +666,14 @@ version = "4.10.2" cryptography = ">=2.3" olefile = ">=0.45" +[[package]] +category = "main" +description = "multidict implementation" +name = "multidict" +optional = false +python-versions = ">=3.5" +version = "4.7.6" + [[package]] category = "dev" description = "Optional static typing for Python" @@ -697,7 +731,7 @@ pcodedmp = ">=1.2.5" pyparsing = ">=2.1.0" [[package]] -category = "dev" +category = "main" description = "Core utilities for Python packages" name = "packaging" optional = false @@ -729,7 +763,7 @@ oletools = ">=0.54" win-unicode-console = "*" [[package]] -category = "dev" +category = "main" description = "plugin and hook calling mechanisms for python" name = "pluggy" optional = false @@ -756,7 +790,7 @@ toml = "*" virtualenv = ">=20.0.8" [[package]] -category = "dev" +category = "main" description = "library with cross-python path, ini-parsing, io, code, log facilities" name = "py" optional = false @@ -809,7 +843,7 @@ python-versions = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*" version = "2.4.7" [[package]] -category = "dev" +category = "main" description = "pytest: simple powerful testing with Python" name = "pytest" optional = false @@ -860,6 +894,21 @@ pytest = ">=4.6" [package.extras] testing = ["fields", "hunter", "process-tests (2.0.2)", "six", "pytest-xdist", "virtualenv"] +[[package]] +category = "main" +description = "pytest-httpserver is a httpserver for pytest" +name = "pytest-httpserver" +optional = false +python-versions = ">=3.4" +version = "0.3.5" + +[package.dependencies] +werkzeug = "*" + +[package.extras] +dev = ["autopep8", "coverage", "flake8", "ipdb", "pytest", "pytest-cov", "reno", "requests", "rope", "sphinx", "sphinx-rtd-theme", "wheel"] +test = ["coverage", "pytest", "pytest-cov", "requests"] + [[package]] category = "dev" description = "Thin-wrapper around the mock package for easier use with pytest" @@ -1102,7 +1151,7 @@ python-versions = ">=3.6.1" version = "4.0.0" [[package]] -category = "dev" +category = "main" description = "Python Library for Tom's Obvious, Minimal Language" name = "toml" optional = false @@ -1176,6 +1225,23 @@ optional = false python-versions = "*" version = "0.14.0" +[[package]] +category = "dev" +description = "Automatically mock your HTTP interactions to simplify and speed up testing" +name = "vcrpy" +optional = false +python-versions = ">=3.5" +version = "4.1.0" + +[package.dependencies] +PyYAML = "*" +six = ">=1.5" +wrapt = "*" + +[package.dependencies.yarl] +python = ">=3.6" +version = "*" + [[package]] category = "dev" description = "Virtual Python Environment builder" @@ -1194,6 +1260,20 @@ six = ">=1.9.0,<2" docs = ["proselint (>=0.10.2)", "sphinx (>=3)", "sphinx-argparse (>=0.2.5)", "sphinx-rtd-theme (>=0.4.3)", "towncrier (>=19.9.0rc1)"] testing = ["coverage (>=5)", "coverage-enable-subprocess (>=1)", "flaky (>=3)", "pytest (>=4)", "pytest-env (>=0.6.2)", "pytest-freezegun (>=0.4.1)", "pytest-mock (>=2)", "pytest-randomly (>=1)", "pytest-timeout (>=1)", "pytest-xdist (>=1.31.0)", "packaging (>=20.0)", "xonsh (>=0.9.16)"] +[[package]] +category = "main" +description = "The official Python client library for VirusTotal" +name = "vt-py" +optional = false +python-versions = ">=3.6.0" +version = "0.5.4" + +[package.dependencies] +aiohttp = "*" +asyncio = "*" +pytest = "*" +pytest_httpserver = "*" + [[package]] category = "main" description = "An implementation of the WebSocket Protocol (RFC 6455 & 7692)" @@ -1202,6 +1282,18 @@ optional = false python-versions = ">=3.6.1" version = "8.1" +[[package]] +category = "main" +description = "The comprehensive WSGI web application library." +name = "werkzeug" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" +version = "1.0.1" + +[package.extras] +dev = ["pytest", "pytest-timeout", "coverage", "tox", "sphinx", "pallets-sphinx-themes", "sphinx-issues"] +watchdog = ["watchdog"] + [[package]] category = "main" description = "Enable Unicode input and display when running Python from Windows console." @@ -1223,8 +1315,28 @@ version = "1.0.1" [package.extras] dev = ["pytest (>=4.6.2)", "black (>=19.3b0)"] +[[package]] +category = "dev" +description = "Module for decorators, wrappers and monkey patching." +name = "wrapt" +optional = false +python-versions = "*" +version = "1.12.1" + +[[package]] +category = "main" +description = "Yet another URL library" +name = "yarl" +optional = false +python-versions = ">=3.5" +version = "1.5.1" + +[package.dependencies] +idna = ">=2.0" +multidict = ">=4.0" + [metadata] -content-hash = "e815ff7c2609c116929df5fcf0526efc8d3a225faf7a0a1800fdf280f50549b6" +content-hash = "ae951f3a4c946c3fa8ecafa5b467dd018f6ead946445e273bed2023c2cb77613" python-versions = "^3.8" [metadata.files] @@ -1232,6 +1344,20 @@ aiofiles = [ {file = "aiofiles-0.5.0-py3-none-any.whl", hash = "sha256:377fdf7815cc611870c59cbd07b68b180841d2a2b79812d8c218be02448c2acb"}, {file = "aiofiles-0.5.0.tar.gz", hash = "sha256:98e6bcfd1b50f97db4980e182ddd509b7cc35909e903a8fe50d8849e02d815af"}, ] +aiohttp = [ + {file = "aiohttp-3.6.2-cp35-cp35m-macosx_10_13_x86_64.whl", hash = "sha256:1e984191d1ec186881ffaed4581092ba04f7c61582a177b187d3a2f07ed9719e"}, + {file = "aiohttp-3.6.2-cp35-cp35m-manylinux1_x86_64.whl", hash = "sha256:50aaad128e6ac62e7bf7bd1f0c0a24bc968a0c0590a726d5a955af193544bcec"}, + {file = "aiohttp-3.6.2-cp36-cp36m-macosx_10_13_x86_64.whl", hash = "sha256:65f31b622af739a802ca6fd1a3076fd0ae523f8485c52924a89561ba10c49b48"}, + {file = "aiohttp-3.6.2-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:ae55bac364c405caa23a4f2d6cfecc6a0daada500274ffca4a9230e7129eac59"}, + {file = "aiohttp-3.6.2-cp36-cp36m-win32.whl", hash = "sha256:344c780466b73095a72c616fac5ea9c4665add7fc129f285fbdbca3cccf4612a"}, + {file = "aiohttp-3.6.2-cp36-cp36m-win_amd64.whl", hash = "sha256:4c6efd824d44ae697814a2a85604d8e992b875462c6655da161ff18fd4f29f17"}, + {file = "aiohttp-3.6.2-cp37-cp37m-macosx_10_13_x86_64.whl", hash = "sha256:2f4d1a4fdce595c947162333353d4a44952a724fba9ca3205a3df99a33d1307a"}, + {file = "aiohttp-3.6.2-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:6206a135d072f88da3e71cc501c59d5abffa9d0bb43269a6dcd28d66bfafdbdd"}, + {file = "aiohttp-3.6.2-cp37-cp37m-win32.whl", hash = "sha256:b778ce0c909a2653741cb4b1ac7015b5c130ab9c897611df43ae6a58523cb965"}, + {file = "aiohttp-3.6.2-cp37-cp37m-win_amd64.whl", hash = "sha256:32e5f3b7e511aa850829fbe5aa32eb455e5534eaa4b1ce93231d00e2f76e5654"}, + {file = "aiohttp-3.6.2-py3-none-any.whl", hash = "sha256:460bd4237d2dbecc3b5ed57e122992f60188afe46e7319116da5eb8a9dfedba4"}, + {file = "aiohttp-3.6.2.tar.gz", hash = "sha256:259ab809ff0727d0e834ac5e8a283dc5e3e0ecc30c4d80b3cd17a4139ce1f326"}, +] aiometer = [ {file = "aiometer-0.2.1-py3-none-any.whl", hash = "sha256:6a6d9181032d4173d94a38f4bfe9dffa43874665c73f41539af4ae7147679cef"}, {file = "aiometer-0.2.1.tar.gz", hash = "sha256:379e4e5a01f4c4b9bc3200cd93cd17e9bbcd791d404a312eb331e47f7011fd53"}, @@ -1264,6 +1390,12 @@ async-timeout = [ {file = "async-timeout-3.0.1.tar.gz", hash = "sha256:0c3c816a028d47f659d6ff5c745cb2acf1f966da1fe5c19c77a70282b25f4c5f"}, {file = "async_timeout-3.0.1-py3-none-any.whl", hash = "sha256:4291ca197d287d274d0b6cb5d6f8f8f82d434ed288f962539ff18cc9012f9ea3"}, ] +asyncio = [ + {file = "asyncio-3.4.3-cp33-none-win32.whl", hash = "sha256:b62c9157d36187eca799c378e572c969f0da87cd5fc42ca372d92cdb06e7e1de"}, + {file = "asyncio-3.4.3-cp33-none-win_amd64.whl", hash = "sha256:c46a87b48213d7464f22d9a497b9eef8c1928b68320a2fa94240f969f6fec08c"}, + {file = "asyncio-3.4.3-py3-none-any.whl", hash = "sha256:c4d18b22701821de07bd6aea8b53d21449ec0ec5680645e5317062ea21817d2d"}, + {file = "asyncio-3.4.3.tar.gz", hash = "sha256:83360ff8bc97980e4ff25c964c7bd3923d333d177aa4f7fb736b019f26c7cb41"}, +] asynctest = [ {file = "asynctest-0.13.0-py3-none-any.whl", hash = "sha256:5da6118a7e6d6b54d83a8f7197769d046922a44d2a99c21382f0a6e4fadae676"}, {file = "asynctest-0.13.0.tar.gz", hash = "sha256:c27862842d15d83e6a34eb0b2866c323880eb3a75e4485b079ea11748fd77fac"}, @@ -1564,6 +1696,25 @@ more-itertools = [ msoffcrypto-tool = [ {file = "msoffcrypto-tool-4.10.2.tar.gz", hash = "sha256:beda602d97ca2913a1da697f840290b2dfdf0ee1d60bc230468df1e7de41da98"}, ] +multidict = [ + {file = "multidict-4.7.6-cp35-cp35m-macosx_10_14_x86_64.whl", hash = "sha256:275ca32383bc5d1894b6975bb4ca6a7ff16ab76fa622967625baeebcf8079000"}, + {file = "multidict-4.7.6-cp35-cp35m-manylinux1_x86_64.whl", hash = "sha256:1ece5a3369835c20ed57adadc663400b5525904e53bae59ec854a5d36b39b21a"}, + {file = "multidict-4.7.6-cp35-cp35m-win32.whl", hash = "sha256:5141c13374e6b25fe6bf092052ab55c0c03d21bd66c94a0e3ae371d3e4d865a5"}, + {file = "multidict-4.7.6-cp35-cp35m-win_amd64.whl", hash = "sha256:9456e90649005ad40558f4cf51dbb842e32807df75146c6d940b6f5abb4a78f3"}, + {file = "multidict-4.7.6-cp36-cp36m-macosx_10_14_x86_64.whl", hash = "sha256:e0d072ae0f2a179c375f67e3da300b47e1a83293c554450b29c900e50afaae87"}, + {file = "multidict-4.7.6-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:3750f2205b800aac4bb03b5ae48025a64e474d2c6cc79547988ba1d4122a09e2"}, + {file = "multidict-4.7.6-cp36-cp36m-win32.whl", hash = "sha256:f07acae137b71af3bb548bd8da720956a3bc9f9a0b87733e0899226a2317aeb7"}, + {file = "multidict-4.7.6-cp36-cp36m-win_amd64.whl", hash = "sha256:6513728873f4326999429a8b00fc7ceddb2509b01d5fd3f3be7881a257b8d463"}, + {file = "multidict-4.7.6-cp37-cp37m-macosx_10_14_x86_64.whl", hash = "sha256:feed85993dbdb1dbc29102f50bca65bdc68f2c0c8d352468c25b54874f23c39d"}, + {file = "multidict-4.7.6-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:fcfbb44c59af3f8ea984de67ec7c306f618a3ec771c2843804069917a8f2e255"}, + {file = "multidict-4.7.6-cp37-cp37m-win32.whl", hash = "sha256:4538273208e7294b2659b1602490f4ed3ab1c8cf9dbdd817e0e9db8e64be2507"}, + {file = "multidict-4.7.6-cp37-cp37m-win_amd64.whl", hash = "sha256:d14842362ed4cf63751648e7672f7174c9818459d169231d03c56e84daf90b7c"}, + {file = "multidict-4.7.6-cp38-cp38-macosx_10_14_x86_64.whl", hash = "sha256:c026fe9a05130e44157b98fea3ab12969e5b60691a276150db9eda71710cd10b"}, + {file = "multidict-4.7.6-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:51a4d210404ac61d32dada00a50ea7ba412e6ea945bbe992e4d7a595276d2ec7"}, + {file = "multidict-4.7.6-cp38-cp38-win32.whl", hash = "sha256:5cf311a0f5ef80fe73e4f4c0f0998ec08f954a6ec72b746f3c179e37de1d210d"}, + {file = "multidict-4.7.6-cp38-cp38-win_amd64.whl", hash = "sha256:7388d2ef3c55a8ba80da62ecfafa06a1c097c18032a501ffd4cabbc52d7f2b19"}, + {file = "multidict-4.7.6.tar.gz", hash = "sha256:fbb77a75e529021e7c4a8d4e823d88ef4d23674a202be4f5addffc72cbb91430"}, +] mypy = [ {file = "mypy-0.782-cp35-cp35m-macosx_10_6_x86_64.whl", hash = "sha256:2c6cde8aa3426c1682d35190b59b71f661237d74b053822ea3d748e2c9578a7c"}, {file = "mypy-0.782-cp35-cp35m-manylinux1_x86_64.whl", hash = "sha256:9c7a9a7ceb2871ba4bac1cf7217a7dd9ccd44c27c2950edbc6dc08530f32ad4e"}, @@ -1664,6 +1815,10 @@ pytest-cov = [ {file = "pytest-cov-2.10.1.tar.gz", hash = "sha256:47bd0ce14056fdd79f93e1713f88fad7bdcc583dcd7783da86ef2f085a0bb88e"}, {file = "pytest_cov-2.10.1-py2.py3-none-any.whl", hash = "sha256:45ec2d5182f89a81fc3eb29e3d1ed3113b9e9a873bcddb2a71faaab066110191"}, ] +pytest-httpserver = [ + {file = "pytest_httpserver-0.3.5-py3-none-any.whl", hash = "sha256:c55289404b7604bfd1c103d243824b441add501828e05807795c2b851b9b0747"}, + {file = "pytest_httpserver-0.3.5.tar.gz", hash = "sha256:1d553dc0fb27483d00a1e25ddcfc38bd3438336ed60f862cad8c50b11621a11a"}, +] pytest-mock = [ {file = "pytest-mock-3.3.0.tar.gz", hash = "sha256:1d146a6e798b9e6322825e207b4e0544635e679b69253e6e01a221f45945d2f6"}, {file = "pytest_mock-3.3.0-py3-none-any.whl", hash = "sha256:0061f9e8f14b77d0f3915a00f18b1b71f07da3c8bd66994e42ee91537681a76e"}, @@ -1858,10 +2013,17 @@ uvloop = [ {file = "uvloop-0.14.0-cp38-cp38-manylinux2010_x86_64.whl", hash = "sha256:4315d2ec3ca393dd5bc0b0089d23101276778c304d42faff5dc4579cb6caef09"}, {file = "uvloop-0.14.0.tar.gz", hash = "sha256:123ac9c0c7dd71464f58f1b4ee0bbd81285d96cdda8bc3519281b8973e3a461e"}, ] +vcrpy = [ + {file = "vcrpy-4.1.0-py2.py3-none-any.whl", hash = "sha256:d833248442bbc560599add895c9ab0ef518676579e8dc72d8b0933bdb3880253"}, + {file = "vcrpy-4.1.0.tar.gz", hash = "sha256:4138e79eb35981ad391406cbb7227bce7eba8bad788dcf1a89c2e4a8b740debe"}, +] virtualenv = [ {file = "virtualenv-20.0.31-py2.py3-none-any.whl", hash = "sha256:e0305af10299a7fb0d69393d8f04cb2965dda9351140d11ac8db4e5e3970451b"}, {file = "virtualenv-20.0.31.tar.gz", hash = "sha256:43add625c53c596d38f971a465553f6318decc39d98512bc100fa1b1e839c8dc"}, ] +vt-py = [ + {file = "vt-py-0.5.4.tar.gz", hash = "sha256:3a79477910a64ce7a1bbefd06f3ecaf9d5eef3fb752e349235f26bb566917292"}, +] websockets = [ {file = "websockets-8.1-cp36-cp36m-macosx_10_6_intel.whl", hash = "sha256:3762791ab8b38948f0c4d281c8b2ddfa99b7e510e46bd8dfa942a5fff621068c"}, {file = "websockets-8.1-cp36-cp36m-manylinux1_i686.whl", hash = "sha256:3db87421956f1b0779a7564915875ba774295cc86e81bc671631379371af1170"}, @@ -1886,6 +2048,10 @@ websockets = [ {file = "websockets-8.1-cp38-cp38-win_amd64.whl", hash = "sha256:f8a7bff6e8664afc4e6c28b983845c5bc14965030e3fb98789734d416af77c4b"}, {file = "websockets-8.1.tar.gz", hash = "sha256:5c65d2da8c6bce0fca2528f69f44b2f977e06954c8512a952222cea50dad430f"}, ] +werkzeug = [ + {file = "Werkzeug-1.0.1-py2.py3-none-any.whl", hash = "sha256:2de2a5db0baeae7b2d2664949077c2ac63fbd16d98da0ff71837f7d1dea3fd43"}, + {file = "Werkzeug-1.0.1.tar.gz", hash = "sha256:6c80b1e5ad3665290ea39320b91e1be1e0d5f60652b964a3070216de83d2e47c"}, +] win-unicode-console = [ {file = "win_unicode_console-0.5.zip", hash = "sha256:d4142d4d56d46f449d6f00536a73625a871cba040f0bc1a2e305a04578f07d1e"}, ] @@ -1893,3 +2059,25 @@ win32-setctime = [ {file = "win32_setctime-1.0.1-py3-none-any.whl", hash = "sha256:568fd636c68350bcc54755213fe01966fe0a6c90b386c0776425944a0382abef"}, {file = "win32_setctime-1.0.1.tar.gz", hash = "sha256:b47e5023ec7f0b4962950902b15bc56464a380d869f59d27dbf9ab423b23e8f9"}, ] +wrapt = [ + {file = "wrapt-1.12.1.tar.gz", hash = "sha256:b62ffa81fb85f4332a4f609cab4ac40709470da05643a082ec1eb88e6d9b97d7"}, +] +yarl = [ + {file = "yarl-1.5.1-cp35-cp35m-macosx_10_14_x86_64.whl", hash = "sha256:db6db0f45d2c63ddb1a9d18d1b9b22f308e52c83638c26b422d520a815c4b3fb"}, + {file = "yarl-1.5.1-cp35-cp35m-manylinux1_x86_64.whl", hash = "sha256:17668ec6722b1b7a3a05cc0167659f6c95b436d25a36c2d52db0eca7d3f72593"}, + {file = "yarl-1.5.1-cp35-cp35m-win32.whl", hash = "sha256:040b237f58ff7d800e6e0fd89c8439b841f777dd99b4a9cca04d6935564b9409"}, + {file = "yarl-1.5.1-cp35-cp35m-win_amd64.whl", hash = "sha256:f18d68f2be6bf0e89f1521af2b1bb46e66ab0018faafa81d70f358153170a317"}, + {file = "yarl-1.5.1-cp36-cp36m-macosx_10_14_x86_64.whl", hash = "sha256:c52ce2883dc193824989a9b97a76ca86ecd1fa7955b14f87bf367a61b6232511"}, + {file = "yarl-1.5.1-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:ce584af5de8830d8701b8979b18fcf450cef9a382b1a3c8ef189bedc408faf1e"}, + {file = "yarl-1.5.1-cp36-cp36m-win32.whl", hash = "sha256:df89642981b94e7db5596818499c4b2219028f2a528c9c37cc1de45bf2fd3a3f"}, + {file = "yarl-1.5.1-cp36-cp36m-win_amd64.whl", hash = "sha256:3a584b28086bc93c888a6c2aa5c92ed1ae20932f078c46509a66dce9ea5533f2"}, + {file = "yarl-1.5.1-cp37-cp37m-macosx_10_14_x86_64.whl", hash = "sha256:da456eeec17fa8aa4594d9a9f27c0b1060b6a75f2419fe0c00609587b2695f4a"}, + {file = "yarl-1.5.1-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:bc2f976c0e918659f723401c4f834deb8a8e7798a71be4382e024bcc3f7e23a8"}, + {file = "yarl-1.5.1-cp37-cp37m-win32.whl", hash = "sha256:4439be27e4eee76c7632c2427ca5e73703151b22cae23e64adb243a9c2f565d8"}, + {file = "yarl-1.5.1-cp37-cp37m-win_amd64.whl", hash = "sha256:48e918b05850fffb070a496d2b5f97fc31d15d94ca33d3d08a4f86e26d4e7c5d"}, + {file = "yarl-1.5.1-cp38-cp38-macosx_10_14_x86_64.whl", hash = "sha256:9b930776c0ae0c691776f4d2891ebc5362af86f152dd0da463a6614074cb1b02"}, + {file = "yarl-1.5.1-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:b3b9ad80f8b68519cc3372a6ca85ae02cc5a8807723ac366b53c0f089db19e4a"}, + {file = "yarl-1.5.1-cp38-cp38-win32.whl", hash = "sha256:f379b7f83f23fe12823085cd6b906edc49df969eb99757f58ff382349a3303c6"}, + {file = "yarl-1.5.1-cp38-cp38-win_amd64.whl", hash = "sha256:9102b59e8337f9874638fcfc9ac3734a0cfadb100e47d55c20d0dc6087fb4692"}, + {file = "yarl-1.5.1.tar.gz", hash = "sha256:c22c75b5f394f3d47105045ea551e08a3e804dc7e01b37800ca35b58f856c3d6"}, +] diff --git a/pyproject.toml b/pyproject.toml index 8a97e78..eef0916 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -26,6 +26,7 @@ oletools = "^0.55.1" pydantic = "^1.6.1" python-multipart = "^0.0.5" uvicorn = "^0.11.7" +vt-py = "^0.5.4" [tool.poetry.dev-dependencies] asynctest = "^0.13.0" @@ -48,11 +49,12 @@ pytest-timeout = "^1.4.2" pyupgrade = "^2.7.2" respx = "^0.11.2" seed-isort-config = "^2.2.0" +vcrpy = "^4.1.0" [tool.isort] force_grid_wrap = 0 include_trailing_comma = true -known_third_party = ["aiometer", "aiospamc", "arrow", "async_timeout", "asynctest", "compoundfiles", "compressed_rtf", "dateparser", "eml_parser", "fastapi", "fastapi_utils", "httpx", "ioc_finder", "loguru", "magic", "olefile", "oletools", "pydantic", "pytest", "respx", "starlette"] +known_third_party = ["aiometer", "aiospamc", "arrow", "async_timeout", "asynctest", "compoundfiles", "compressed_rtf", "dateparser", "eml_parser", "fastapi", "fastapi_utils", "httpx", "ioc_finder", "loguru", "magic", "olefile", "oletools", "pydantic", "pytest", "respx", "starlette", "vcr", "vt"] line_length = 88 multi_line_output = 3 use_parentheses= true diff --git a/tests/factories/test_virustotal.py b/tests/factories/test_virustotal.py new file mode 100644 index 0000000..3710aa0 --- /dev/null +++ b/tests/factories/test_virustotal.py @@ -0,0 +1,26 @@ +import pytest +import vcr + +from app.factories.virustotal import VirusTotalVerdictFactory + + +@pytest.mark.asyncio +@vcr.use_cassette("tests/fixtures/vcr_cassettes/vt.yaml", filter_headers=["x-apikey"]) +async def test_virustotal(): + # eicar file + verdict = await VirusTotalVerdictFactory.from_sha256s( + ["275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f"] + ) + assert verdict.malicious is True + + +@pytest.mark.asyncio +@vcr.use_cassette( + "tests/fixtures/vcr_cassettes/vt_non_malicious.yaml", filter_headers=["x-apikey"] +) +async def test_virustotal_with_non_malicious_file(): + # empty file + verdict = await VirusTotalVerdictFactory.from_sha256s( + ["e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"] + ) + assert verdict.malicious is False diff --git a/tests/fixtures/vcr_cassettes/vt.yaml b/tests/fixtures/vcr_cassettes/vt.yaml new file mode 100644 index 0000000..04d206f --- /dev/null +++ b/tests/fixtures/vcr_cassettes/vt.yaml @@ -0,0 +1,411 @@ +interactions: +- request: + body: null + headers: + Accept-Encoding: + - gzip + User-Agent: + - unknown; vtpy 0.5.4; gzip + method: GET + uri: https://www.virustotal.com/api/v3/files/275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f + response: + body: + string: "{\n \"data\": {\n \"attributes\": {\n \"crowdsourced_yara_results\": + [\n {\n \"description\": \"Just an EICAR + test file - this is boring but users asked for it\",\n \"rule_name\": + \"SUSP_Just_EICAR\",\n \"ruleset_id\": \"000ae70a1a\",\n + \ \"ruleset_name\": \"gen_suspicious_strings\",\n \"source\": + \"https://github.com/Neo23x0/signature-base\"\n }\n ],\n + \ \"first_submission_date\": 1148301722,\n \"last_analysis_date\": + 1598233343,\n \"last_analysis_results\": {\n \"ALYac\": + {\n \"category\": \"malicious\",\n \"engine_name\": + \"ALYac\",\n \"engine_update\": \"20200823\",\n \"engine_version\": + \"1.1.1.5\",\n \"method\": \"blacklist\",\n \"result\": + \"Misc.Eicar-Test-File\"\n },\n \"APEX\": {\n + \ \"category\": \"malicious\",\n \"engine_name\": + \"APEX\",\n \"engine_update\": \"20200822\",\n \"engine_version\": + \"6.62\",\n \"method\": \"blacklist\",\n \"result\": + \"EICAR Anti-Virus Test File\"\n },\n \"AVG\": + {\n \"category\": \"malicious\",\n \"engine_name\": + \"AVG\",\n \"engine_update\": \"20200823\",\n \"engine_version\": + \"18.4.3895.0\",\n \"method\": \"blacklist\",\n \"result\": + \"EICAR Test-NOT virus!!!\"\n },\n \"Acronis\": + {\n \"category\": \"type-unsupported\",\n \"engine_name\": + \"Acronis\",\n \"engine_update\": \"20200806\",\n \"engine_version\": + \"1.1.1.77\",\n \"method\": \"blacklist\",\n \"result\": + null\n },\n \"Ad-Aware\": {\n \"category\": + \"malicious\",\n \"engine_name\": \"Ad-Aware\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"3.0.16.117\",\n \"method\": + \"blacklist\",\n \"result\": \"EICAR-Test-File (not a virus)\"\n + \ },\n \"AegisLab\": {\n \"category\": + \"malicious\",\n \"engine_name\": \"AegisLab\",\n \"engine_update\": + \"20200824\",\n \"engine_version\": \"4.2\",\n \"method\": + \"blacklist\",\n \"result\": \"Test.File.EICAR.y\"\n },\n + \ \"AhnLab-V3\": {\n \"category\": \"malicious\",\n + \ \"engine_name\": \"AhnLab-V3\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"3.18.1.10026\",\n + \ \"method\": \"blacklist\",\n \"result\": + \"Virus/EICAR_Test_File\"\n },\n \"Alibaba\": + {\n \"category\": \"malicious\",\n \"engine_name\": + \"Alibaba\",\n \"engine_update\": \"20190527\",\n \"engine_version\": + \"0.3.0.5\",\n \"method\": \"blacklist\",\n \"result\": + \"Trojan:MacOS/eicar.com\"\n },\n \"Antiy-AVL\": + {\n \"category\": \"malicious\",\n \"engine_name\": + \"Antiy-AVL\",\n \"engine_update\": \"20200823\",\n \"engine_version\": + \"3.0.0.1\",\n \"method\": \"blacklist\",\n \"result\": + \"TestFile/Win32.EICAR\"\n },\n \"Arcabit\": + {\n \"category\": \"malicious\",\n \"engine_name\": + \"Arcabit\",\n \"engine_update\": \"20200823\",\n \"engine_version\": + \"1.0.0.877\",\n \"method\": \"blacklist\",\n \"result\": + \"EICAR-Test-File (not a virus)\"\n },\n \"Avast\": + {\n \"category\": \"malicious\",\n \"engine_name\": + \"Avast\",\n \"engine_update\": \"20200823\",\n \"engine_version\": + \"18.4.3895.0\",\n \"method\": \"blacklist\",\n \"result\": + \"EICAR Test-NOT virus!!!\"\n },\n \"Avast-Mobile\": + {\n \"category\": \"malicious\",\n \"engine_name\": + \"Avast-Mobile\",\n \"engine_update\": \"20200823\",\n + \ \"engine_version\": \"200823-00\",\n \"method\": + \"blacklist\",\n \"result\": \"Eicar\"\n },\n + \ \"Avira\": {\n \"category\": \"malicious\",\n + \ \"engine_name\": \"Avira\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"8.3.3.8\",\n \"method\": + \"blacklist\",\n \"result\": \"Eicar-Test-Signature\"\n + \ },\n \"Baidu\": {\n \"category\": + \"malicious\",\n \"engine_name\": \"Baidu\",\n \"engine_update\": + \"20190318\",\n \"engine_version\": \"1.0.0.2\",\n \"method\": + \"blacklist\",\n \"result\": \"Win32.Test.Eicar.a\"\n },\n + \ \"BitDefender\": {\n \"category\": \"malicious\",\n + \ \"engine_name\": \"BitDefender\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"7.2\",\n \"method\": + \"blacklist\",\n \"result\": \"EICAR-Test-File (not a virus)\"\n + \ },\n \"BitDefenderTheta\": {\n \"category\": + \"malicious\",\n \"engine_name\": \"BitDefenderTheta\",\n + \ \"engine_update\": \"20200819\",\n \"engine_version\": + \"7.2.37796.0\",\n \"method\": \"blacklist\",\n \"result\": + \"EICAR-Test-File (not a virus)\"\n },\n \"Bkav\": + {\n \"category\": \"malicious\",\n \"engine_name\": + \"Bkav\",\n \"engine_update\": \"20200822\",\n \"engine_version\": + \"1.3.0.9899\",\n \"method\": \"blacklist\",\n \"result\": + \"DOS.EiracA.Trojan\"\n },\n \"CAT-QuickHeal\": + {\n \"category\": \"malicious\",\n \"engine_name\": + \"CAT-QuickHeal\",\n \"engine_update\": \"20200823\",\n + \ \"engine_version\": \"14.00\",\n \"method\": + \"blacklist\",\n \"result\": \"EICAR.TestFile\"\n },\n + \ \"CMC\": {\n \"category\": \"undetected\",\n + \ \"engine_name\": \"CMC\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"2.7.2019.1\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"ClamAV\": {\n \"category\": \"malicious\",\n + \ \"engine_name\": \"ClamAV\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"0.102.4.0\",\n \"method\": + \"blacklist\",\n \"result\": \"Win.Test.EICAR_HDB-1\"\n + \ },\n \"Comodo\": {\n \"category\": + \"malicious\",\n \"engine_name\": \"Comodo\",\n \"engine_update\": + \"20200728\",\n \"engine_version\": \"32668\",\n \"method\": + \"blacklist\",\n \"result\": \"ApplicUnwnt@#2975xfk8s2pq1\"\n + \ },\n \"CrowdStrike\": {\n \"category\": + \"type-unsupported\",\n \"engine_name\": \"CrowdStrike\",\n + \ \"engine_update\": \"20190702\",\n \"engine_version\": + \"1.0\",\n \"method\": \"blacklist\",\n \"result\": + null\n },\n \"Cybereason\": {\n \"category\": + \"type-unsupported\",\n \"engine_name\": \"Cybereason\",\n + \ \"engine_update\": \"20190616\",\n \"engine_version\": + \"1.2.449\",\n \"method\": \"blacklist\",\n \"result\": + null\n },\n \"Cylance\": {\n \"category\": + \"type-unsupported\",\n \"engine_name\": \"Cylance\",\n + \ \"engine_update\": \"20200824\",\n \"engine_version\": + \"2.3.1.101\",\n \"method\": \"blacklist\",\n \"result\": + null\n },\n \"Cynet\": {\n \"category\": + \"malicious\",\n \"engine_name\": \"Cynet\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"4.0.0.24\",\n \"method\": + \"blacklist\",\n \"result\": \"Malicious (score: 85)\"\n + \ },\n \"Cyren\": {\n \"category\": + \"malicious\",\n \"engine_name\": \"Cyren\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"6.3.0.2\",\n \"method\": + \"blacklist\",\n \"result\": \"EICAR_Test_File\"\n },\n + \ \"DrWeb\": {\n \"category\": \"malicious\",\n + \ \"engine_name\": \"DrWeb\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"7.0.46.3050\",\n + \ \"method\": \"blacklist\",\n \"result\": + \"EICAR Test File (NOT a Virus!)\"\n },\n \"ESET-NOD32\": + {\n \"category\": \"malicious\",\n \"engine_name\": + \"ESET-NOD32\",\n \"engine_update\": \"20200823\",\n \"engine_version\": + \"21870\",\n \"method\": \"blacklist\",\n \"result\": + \"Eicar test file\"\n },\n \"Elastic\": {\n + \ \"category\": \"malicious\",\n \"engine_name\": + \"Elastic\",\n \"engine_update\": \"20200817\",\n \"engine_version\": + \"4.0.7\",\n \"method\": \"blacklist\",\n \"result\": + \"eicar\"\n },\n \"Emsisoft\": {\n \"category\": + \"malicious\",\n \"engine_name\": \"Emsisoft\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"2018.12.0.1641\",\n + \ \"method\": \"blacklist\",\n \"result\": + \"EICAR-Test-File (not a virus) (B)\"\n },\n \"F-Secure\": + {\n \"category\": \"malicious\",\n \"engine_name\": + \"F-Secure\",\n \"engine_update\": \"20200824\",\n \"engine_version\": + \"12.0.86.52\",\n \"method\": \"blacklist\",\n \"result\": + \"EICAR_Test_File\"\n },\n \"FireEye\": {\n + \ \"category\": \"malicious\",\n \"engine_name\": + \"FireEye\",\n \"engine_update\": \"20200824\",\n \"engine_version\": + \"32.36.1.0\",\n \"method\": \"blacklist\",\n \"result\": + \"EICAR-Test-File (not a virus)\"\n },\n \"Fortinet\": + {\n \"category\": \"malicious\",\n \"engine_name\": + \"Fortinet\",\n \"engine_update\": \"20200823\",\n \"engine_version\": + \"6.2.142.0\",\n \"method\": \"blacklist\",\n \"result\": + \"EICAR_TEST_FILE\"\n },\n \"GData\": {\n \"category\": + \"malicious\",\n \"engine_name\": \"GData\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"A:25.26723B:27.19911\",\n + \ \"method\": \"blacklist\",\n \"result\": + \"EICAR_TEST_FILE\"\n },\n \"Ikarus\": {\n \"category\": + \"malicious\",\n \"engine_name\": \"Ikarus\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"0.1.5.2\",\n \"method\": + \"blacklist\",\n \"result\": \"EICAR-Test-File\"\n },\n + \ \"Invincea\": {\n \"category\": \"type-unsupported\",\n + \ \"engine_name\": \"Invincea\",\n \"engine_update\": + \"20200502\",\n \"engine_version\": \"6.3.6.26157\",\n + \ \"method\": \"blacklist\",\n \"result\": + null\n },\n \"Jiangmin\": {\n \"category\": + \"malicious\",\n \"engine_name\": \"Jiangmin\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"16.0.100\",\n \"method\": + \"blacklist\",\n \"result\": \"EICAR-Test-File\"\n },\n + \ \"K7AntiVirus\": {\n \"category\": \"malicious\",\n + \ \"engine_name\": \"K7AntiVirus\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"11.131.35078\",\n + \ \"method\": \"blacklist\",\n \"result\": + \"EICAR_Test_File\"\n },\n \"K7GW\": {\n \"category\": + \"malicious\",\n \"engine_name\": \"K7GW\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"11.131.35078\",\n + \ \"method\": \"blacklist\",\n \"result\": + \"EICAR_Test_File\"\n },\n \"Kaspersky\": {\n + \ \"category\": \"malicious\",\n \"engine_name\": + \"Kaspersky\",\n \"engine_update\": \"20200824\",\n \"engine_version\": + \"15.0.1.13\",\n \"method\": \"blacklist\",\n \"result\": + \"EICAR-Test-File\"\n },\n \"Kingsoft\": {\n + \ \"category\": \"malicious\",\n \"engine_name\": + \"Kingsoft\",\n \"engine_update\": \"20200824\",\n \"engine_version\": + \"2013.8.14.323\",\n \"method\": \"blacklist\",\n \"result\": + \"Test.eicar.aa\"\n },\n \"MAX\": {\n \"category\": + \"malicious\",\n \"engine_name\": \"MAX\",\n \"engine_update\": + \"20200824\",\n \"engine_version\": \"2019.9.16.1\",\n + \ \"method\": \"blacklist\",\n \"result\": + \"malware (ai score=100)\"\n },\n \"Malwarebytes\": + {\n \"category\": \"undetected\",\n \"engine_name\": + \"Malwarebytes\",\n \"engine_update\": \"20200824\",\n + \ \"engine_version\": \"3.6.4.335\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"MaxSecure\": {\n \"category\": \"malicious\",\n + \ \"engine_name\": \"MaxSecure\",\n \"engine_update\": + \"20200820\",\n \"engine_version\": \"1.0.0.1\",\n \"method\": + \"blacklist\",\n \"result\": \"Virus.COM.Eicar.TestFile\"\n + \ },\n \"McAfee\": {\n \"category\": + \"malicious\",\n \"engine_name\": \"McAfee\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"6.0.6.653\",\n \"method\": + \"blacklist\",\n \"result\": \"EICAR test file\"\n },\n + \ \"MicroWorld-eScan\": {\n \"category\": + \"malicious\",\n \"engine_name\": \"MicroWorld-eScan\",\n + \ \"engine_update\": \"20200824\",\n \"engine_version\": + \"14.0.409.0\",\n \"method\": \"blacklist\",\n \"result\": + \"EICAR-Test-File\"\n },\n \"Microsoft\": {\n + \ \"category\": \"malicious\",\n \"engine_name\": + \"Microsoft\",\n \"engine_update\": \"20200823\",\n \"engine_version\": + \"1.1.17300.4\",\n \"method\": \"blacklist\",\n \"result\": + \"Virus:DOS/EICAR_Test_File\"\n },\n \"NANO-Antivirus\": + {\n \"category\": \"malicious\",\n \"engine_name\": + \"NANO-Antivirus\",\n \"engine_update\": \"20200823\",\n + \ \"engine_version\": \"1.0.134.25140\",\n \"method\": + \"blacklist\",\n \"result\": \"Marker.Dos.EICAR-Test-File.dyb\"\n + \ },\n \"Paloalto\": {\n \"category\": + \"type-unsupported\",\n \"engine_name\": \"Paloalto\",\n + \ \"engine_update\": \"20200824\",\n \"engine_version\": + \"1.0\",\n \"method\": \"blacklist\",\n \"result\": + null\n },\n \"Panda\": {\n \"category\": + \"malicious\",\n \"engine_name\": \"Panda\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"4.6.4.2\",\n \"method\": + \"blacklist\",\n \"result\": \"EICAR-AV-TEST-FILE\"\n },\n + \ \"Qihoo-360\": {\n \"category\": \"malicious\",\n + \ \"engine_name\": \"Qihoo-360\",\n \"engine_update\": + \"20200824\",\n \"engine_version\": \"1.0.0.1120\",\n \"method\": + \"blacklist\",\n \"result\": \"qex.eicar.gen.gen\"\n },\n + \ \"Rising\": {\n \"category\": \"malicious\",\n + \ \"engine_name\": \"Rising\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"25.0.0.26\",\n \"method\": + \"blacklist\",\n \"result\": \"EICAR-Test-File (CLASSIC)\"\n + \ },\n \"SUPERAntiSpyware\": {\n \"category\": + \"malicious\",\n \"engine_name\": \"SUPERAntiSpyware\",\n + \ \"engine_update\": \"20200821\",\n \"engine_version\": + \"5.6.0.1032\",\n \"method\": \"blacklist\",\n \"result\": + \"NotAThreat.EICAR[TestFile]\"\n },\n \"Sangfor\": + {\n \"category\": \"malicious\",\n \"engine_name\": + \"Sangfor\",\n \"engine_update\": \"20200814\",\n \"engine_version\": + \"1.0\",\n \"method\": \"blacklist\",\n \"result\": + \"Malware\"\n },\n \"SentinelOne\": {\n \"category\": + \"malicious\",\n \"engine_name\": \"SentinelOne\",\n \"engine_update\": + \"20200724\",\n \"engine_version\": \"4.4.0.0\",\n \"method\": + \"blacklist\",\n \"result\": \"DFI - Malicious COM\"\n + \ },\n \"Sophos\": {\n \"category\": + \"malicious\",\n \"engine_name\": \"Sophos\",\n \"engine_update\": + \"20200824\",\n \"engine_version\": \"4.98.0\",\n \"method\": + \"blacklist\",\n \"result\": \"EICAR-AV-Test\"\n },\n + \ \"Symantec\": {\n \"category\": \"malicious\",\n + \ \"engine_name\": \"Symantec\",\n \"engine_update\": + \"20200821\",\n \"engine_version\": \"1.11.0.0\",\n \"method\": + \"blacklist\",\n \"result\": \"EICAR Test String\"\n },\n + \ \"SymantecMobileInsight\": {\n \"category\": + \"malicious\",\n \"engine_name\": \"SymantecMobileInsight\",\n + \ \"engine_update\": \"20200813\",\n \"engine_version\": + \"2.0\",\n \"method\": \"blacklist\",\n \"result\": + \"ALG:EICAR Test String\"\n },\n \"TACHYON\": + {\n \"category\": \"malicious\",\n \"engine_name\": + \"TACHYON\",\n \"engine_update\": \"20200824\",\n \"engine_version\": + \"2020-08-24.01\",\n \"method\": \"blacklist\",\n \"result\": + \"EICAR-Test-File\"\n },\n \"Tencent\": {\n + \ \"category\": \"malicious\",\n \"engine_name\": + \"Tencent\",\n \"engine_update\": \"20200824\",\n \"engine_version\": + \"1.0.0.1\",\n \"method\": \"blacklist\",\n \"result\": + \"EICAR.TEST.NOT-A-VIRUS\"\n },\n \"TotalDefense\": + {\n \"category\": \"malicious\",\n \"engine_name\": + \"TotalDefense\",\n \"engine_update\": \"20200823\",\n + \ \"engine_version\": \"37.1.62.1\",\n \"method\": + \"blacklist\",\n \"result\": \"the EICAR test string\"\n + \ },\n \"TrendMicro\": {\n \"category\": + \"malicious\",\n \"engine_name\": \"TrendMicro\",\n \"engine_update\": + \"20200824\",\n \"engine_version\": \"11.0.0.1006\",\n + \ \"method\": \"blacklist\",\n \"result\": + \"Eicar_test_file\"\n },\n \"TrendMicro-HouseCall\": + {\n \"category\": \"malicious\",\n \"engine_name\": + \"TrendMicro-HouseCall\",\n \"engine_update\": \"20200824\",\n + \ \"engine_version\": \"10.0.0.1040\",\n \"method\": + \"blacklist\",\n \"result\": \"Eicar_test_file\"\n },\n + \ \"Trustlook\": {\n \"category\": \"type-unsupported\",\n + \ \"engine_name\": \"Trustlook\",\n \"engine_update\": + \"20200824\",\n \"engine_version\": \"1.0\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"VBA32\": {\n \"category\": \"malicious\",\n + \ \"engine_name\": \"VBA32\",\n \"engine_update\": + \"20200821\",\n \"engine_version\": \"4.4.1\",\n \"method\": + \"blacklist\",\n \"result\": \"EICAR-Test-File\"\n },\n + \ \"VIPRE\": {\n \"category\": \"malicious\",\n + \ \"engine_name\": \"VIPRE\",\n \"engine_update\": + \"20200824\",\n \"engine_version\": \"86160\",\n \"method\": + \"blacklist\",\n \"result\": \"EICAR (v)\"\n },\n + \ \"ViRobot\": {\n \"category\": \"malicious\",\n + \ \"engine_name\": \"ViRobot\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"2014.3.20.0\",\n + \ \"method\": \"blacklist\",\n \"result\": + \"EICAR-test\"\n },\n \"Webroot\": {\n \"category\": + \"malicious\",\n \"engine_name\": \"Webroot\",\n \"engine_update\": + \"20200824\",\n \"engine_version\": \"1.0.0.403\",\n \"method\": + \"blacklist\",\n \"result\": \"W32.Eicar.Testvirus.Gen\"\n + \ },\n \"Yandex\": {\n \"category\": + \"malicious\",\n \"engine_name\": \"Yandex\",\n \"engine_update\": + \"20200707\",\n \"engine_version\": \"5.5.2.24\",\n \"method\": + \"blacklist\",\n \"result\": \"EICAR_test_file\"\n },\n + \ \"Zillya\": {\n \"category\": \"malicious\",\n + \ \"engine_name\": \"Zillya\",\n \"engine_update\": + \"20200821\",\n \"engine_version\": \"2.0.0.4159\",\n \"method\": + \"blacklist\",\n \"result\": \"EICAR.TestFile\"\n },\n + \ \"ZoneAlarm\": {\n \"category\": \"malicious\",\n + \ \"engine_name\": \"ZoneAlarm\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"1.0\",\n \"method\": + \"blacklist\",\n \"result\": \"EICAR-Test-File\"\n },\n + \ \"Zoner\": {\n \"category\": \"malicious\",\n + \ \"engine_name\": \"Zoner\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"0.0.0.0\",\n \"method\": + \"blacklist\",\n \"result\": \"EICAR.Test.File-NoVirus.250\"\n + \ },\n \"eGambit\": {\n \"category\": + \"type-unsupported\",\n \"engine_name\": \"eGambit\",\n + \ \"engine_update\": \"20200824\",\n \"engine_version\": + null,\n \"method\": \"blacklist\",\n \"result\": + null\n }\n },\n \"last_analysis_stats\": + {\n \"confirmed-timeout\": 0,\n \"failure\": + 0,\n \"harmless\": 0,\n \"malicious\": 63,\n + \ \"suspicious\": 0,\n \"timeout\": 0,\n \"type-unsupported\": + 8,\n \"undetected\": 2\n },\n \"last_modification_date\": + 1598233532,\n \"last_submission_date\": 1598233343,\n \"magic\": + \"ASCII text, with no line terminators\",\n \"md5\": \"44d88612fea8a8f36de82e1278abb02f\",\n + \ \"meaningful_name\": \"eicar.com-13391\",\n \"names\": + [\n \"eicar.com-13391\",\n \"eicar.com-36477\",\n + \ \"eicar.com-7865\",\n \"eicar.com-37110\",\n + \ \"eicar.com-11938\",\n \"eicar.com-14238\",\n + \ \"eicar.com-26023\",\n \"eicar.com-18384\",\n + \ \"eicar.com-10526\",\n \"eicar.com-76607\",\n + \ \"eicar.com-45874\",\n \"eicar.com-1161\",\n + \ \"eicar.com-30425\",\n \"eicar.com-57198\",\n + \ \"eicar.com-57076\",\n \"eicar.com-38953\",\n + \ \"eicar.com-7623\",\n \"eicar.com-35115\",\n + \ \"eicar.com-5526\",\n \"eicar.com-26987\",\n + \ \"eicar.com-29940\",\n \"eicar.com-19991\",\n + \ \"eicar.com-1342\",\n \"eicar.com-18292\",\n + \ \"eicar.com-23738\",\n \"eicar.com-14454\",\n + \ \"eicar.com-182321\",\n \"eicar.com-32723\",\n + \ \"eicar.com-140258\",\n \"eicar.com-11198\",\n + \ \"eicar.com-360534\",\n \"eicar.com-14222\",\n + \ \"eicar.com-137481\",\n \"eicar.com-28889\",\n + \ \"eicar.com-175172\",\n \"eicar.com-2039\",\n + \ \"eicar.com-165862\",\n \"eicar.com-11634\",\n + \ \"eicar.com-345035\",\n \"eicar.com-73439\",\n + \ \"eicar.com-1110\",\n \"eicar.com-35335\",\n + \ \"eicar.com-39843\",\n \"eicar.com-63467\",\n + \ \"eicar.com-18232\",\n \"eicar.com-24423\",\n + \ \"eicar.com-43915\",\n \"eicar.com-18610\",\n + \ \"eicar.com-1026\",\n \"eicar.com-20947\",\n + \ \"eicar.com-43328\",\n \"eicar.com-17454\",\n + \ \"eicar.com-25730\",\n \"eicar.com-33368\",\n + \ \"eicar.com-1890\",\n \"eicar.com-7421\",\n + \ \"eicar.com-21330\",\n \"eicar.com-12413\",\n + \ \"eicar.com-8908\",\n \"eicar.com-31206\",\n + \ \"eicar.com-25830\",\n \"eicar.com-9833\",\n + \ \"eicar.com-23463\",\n \"eicar.com-26952\",\n + \ \"eicar.com-23386\",\n \"eicar.com-40681\",\n + \ \"eicar.com-17392\",\n \"eicar.com-23734\",\n + \ \"eicar.com-134795\",\n \"eicar.com-4436\",\n + \ \"eicar.com-22072\",\n \"eicar.com-1822\",\n + \ \"eicar.com-330328\",\n \"eicar.com-1847\",\n + \ \"eicar.com-8477\",\n \"eicar.com-75278\",\n + \ \"eicar.com-130669\",\n \"eicar.com-4371\",\n + \ \"eicar.com-67355\",\n \"eicar.com-128024\",\n + \ \"eicar.com-16657\",\n \"eicar.com-279877\",\n + \ \"eicar.com-59370\",\n \"eicar.com-18128\",\n + \ \"eicar.com-11540\",\n \"eicar.com-18556\",\n + \ \"eicar.com-25802\",\n \"eicar.com-29308\",\n + \ \"eicar.com-4451\",\n \"eicar.com-6312\",\n + \ \"eicar.com-22792\",\n \"eicar.com-25028\",\n + \ \"eicar.com-48924\",\n \"eicar.com-263476\",\n + \ \"eicar.com-19797\",\n \"eicar.com-20764\",\n + \ \"eicar.com-32379\",\n \"eicar.com-16271\",\n + \ \"eicar.com-3491\",\n \"eicar.com-93945\"\n + \ ],\n \"reputation\": 3414,\n \"sha1\": \"3395856ce81f2b7382dee72602f798b642f14140\",\n + \ \"sha256\": \"275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f\",\n + \ \"size\": 68,\n \"ssdeep\": \"3:a+JraNvsgzsVqSwHq9:tJuOgzsko\",\n + \ \"tags\": [\n \"text\",\n \"attachment\",\n + \ \"via-tor\"\n ],\n \"times_submitted\": + 796466,\n \"total_votes\": {\n \"harmless\": 1965,\n + \ \"malicious\": 350\n },\n \"trid\": + [\n {\n \"file_type\": \"EICAR antivirus + test file\",\n \"probability\": 100.0\n }\n + \ ],\n \"type_description\": \"Text\",\n \"type_tag\": + \"text\",\n \"unique_sources\": 3557\n },\n \"id\": + \"275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f\",\n \"links\": + {\n \"self\": \"https://www.virustotal.com/api/v3/files/275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f\"\n + \ },\n \"type\": \"file\"\n }\n}" + headers: + Cache-Control: + - no-cache + Content-Encoding: + - gzip + Content-Type: + - application/json; charset=utf-8 + Date: + - Mon, 24 Aug 2020 01:45:34 GMT + Server: + - Google Frontend + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Cloud-Trace-Context: + - 0f216edf23925353d689dbb7a9c37553 + status: + code: 200 + message: OK + url: https://www.virustotal.com/api/v3/files/275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f +version: 1 diff --git a/tests/fixtures/vcr_cassettes/vt_non_malicious.yaml b/tests/fixtures/vcr_cassettes/vt_non_malicious.yaml new file mode 100644 index 0000000..f0d2e39 --- /dev/null +++ b/tests/fixtures/vcr_cassettes/vt_non_malicious.yaml @@ -0,0 +1,538 @@ +interactions: +- request: + body: null + headers: + Accept-Encoding: + - gzip + User-Agent: + - unknown; vtpy 0.5.4; gzip + method: GET + uri: https://www.virustotal.com/api/v3/files/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + response: + body: + string: "{\n \"data\": {\n \"attributes\": {\n \"first_submission_date\": + 1158564375,\n \"last_analysis_date\": 1598233084,\n \"last_analysis_results\": + {\n \"ALYac\": {\n \"category\": \"undetected\",\n + \ \"engine_name\": \"ALYac\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"1.1.1.5\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"APEX\": {\n \"category\": \"undetected\",\n + \ \"engine_name\": \"APEX\",\n \"engine_update\": + \"20200822\",\n \"engine_version\": \"6.62\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"AVG\": {\n \"category\": \"undetected\",\n + \ \"engine_name\": \"AVG\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"18.4.3895.0\",\n + \ \"method\": \"blacklist\",\n \"result\": + null\n },\n \"Acronis\": {\n \"category\": + \"type-unsupported\",\n \"engine_name\": \"Acronis\",\n + \ \"engine_update\": \"20200806\",\n \"engine_version\": + \"1.1.1.77\",\n \"method\": \"blacklist\",\n \"result\": + null\n },\n \"Ad-Aware\": {\n \"category\": + \"undetected\",\n \"engine_name\": \"Ad-Aware\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"3.0.16.117\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"AegisLab\": {\n \"category\": \"undetected\",\n + \ \"engine_name\": \"AegisLab\",\n \"engine_update\": + \"20200824\",\n \"engine_version\": \"4.2\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"AhnLab-V3\": {\n \"category\": \"undetected\",\n + \ \"engine_name\": \"AhnLab-V3\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"3.18.1.10026\",\n + \ \"method\": \"blacklist\",\n \"result\": + null\n },\n \"Alibaba\": {\n \"category\": + \"type-unsupported\",\n \"engine_name\": \"Alibaba\",\n + \ \"engine_update\": \"20190527\",\n \"engine_version\": + \"0.3.0.5\",\n \"method\": \"blacklist\",\n \"result\": + null\n },\n \"Antiy-AVL\": {\n \"category\": + \"undetected\",\n \"engine_name\": \"Antiy-AVL\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"3.0.0.1\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"Arcabit\": {\n \"category\": \"undetected\",\n + \ \"engine_name\": \"Arcabit\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"1.0.0.877\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"Avast\": {\n \"category\": \"undetected\",\n + \ \"engine_name\": \"Avast\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"18.4.3895.0\",\n + \ \"method\": \"blacklist\",\n \"result\": + null\n },\n \"Avast-Mobile\": {\n \"category\": + \"type-unsupported\",\n \"engine_name\": \"Avast-Mobile\",\n + \ \"engine_update\": \"20200823\",\n \"engine_version\": + \"200823-00\",\n \"method\": \"blacklist\",\n \"result\": + null\n },\n \"Avira\": {\n \"category\": + \"undetected\",\n \"engine_name\": \"Avira\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"8.3.3.8\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"Baidu\": {\n \"category\": \"undetected\",\n + \ \"engine_name\": \"Baidu\",\n \"engine_update\": + \"20190318\",\n \"engine_version\": \"1.0.0.2\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"BitDefender\": {\n \"category\": \"undetected\",\n + \ \"engine_name\": \"BitDefender\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"7.2\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"BitDefenderTheta\": {\n \"category\": + \"undetected\",\n \"engine_name\": \"BitDefenderTheta\",\n + \ \"engine_update\": \"20200819\",\n \"engine_version\": + \"7.2.37796.0\",\n \"method\": \"blacklist\",\n \"result\": + null\n },\n \"Bkav\": {\n \"category\": + \"undetected\",\n \"engine_name\": \"Bkav\",\n \"engine_update\": + \"20200822\",\n \"engine_version\": \"1.3.0.9899\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"CAT-QuickHeal\": {\n \"category\": \"undetected\",\n + \ \"engine_name\": \"CAT-QuickHeal\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"14.00\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"CMC\": {\n \"category\": \"undetected\",\n + \ \"engine_name\": \"CMC\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"2.7.2019.1\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"ClamAV\": {\n \"category\": \"undetected\",\n + \ \"engine_name\": \"ClamAV\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"0.102.4.0\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"Comodo\": {\n \"category\": \"undetected\",\n + \ \"engine_name\": \"Comodo\",\n \"engine_update\": + \"20200728\",\n \"engine_version\": \"32668\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"CrowdStrike\": {\n \"category\": \"type-unsupported\",\n + \ \"engine_name\": \"CrowdStrike\",\n \"engine_update\": + \"20190702\",\n \"engine_version\": \"1.0\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"Cybereason\": {\n \"category\": \"type-unsupported\",\n + \ \"engine_name\": \"Cybereason\",\n \"engine_update\": + \"20190616\",\n \"engine_version\": \"1.2.449\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"Cylance\": {\n \"category\": \"type-unsupported\",\n + \ \"engine_name\": \"Cylance\",\n \"engine_update\": + \"20200824\",\n \"engine_version\": \"2.3.1.101\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"Cynet\": {\n \"category\": \"undetected\",\n + \ \"engine_name\": \"Cynet\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"4.0.0.24\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"Cyren\": {\n \"category\": \"undetected\",\n + \ \"engine_name\": \"Cyren\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"6.3.0.2\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"DrWeb\": {\n \"category\": \"undetected\",\n + \ \"engine_name\": \"DrWeb\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"7.0.46.3050\",\n + \ \"method\": \"blacklist\",\n \"result\": + null\n },\n \"ESET-NOD32\": {\n \"category\": + \"undetected\",\n \"engine_name\": \"ESET-NOD32\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"21870\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"Elastic\": {\n \"category\": \"type-unsupported\",\n + \ \"engine_name\": \"Elastic\",\n \"engine_update\": + \"20200817\",\n \"engine_version\": \"4.0.7\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"Emsisoft\": {\n \"category\": \"failure\",\n + \ \"engine_name\": \"Emsisoft\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"2018.12.0.1641\",\n + \ \"method\": \"blacklist\",\n \"result\": + null\n },\n \"F-Secure\": {\n \"category\": + \"undetected\",\n \"engine_name\": \"F-Secure\",\n \"engine_update\": + \"20200824\",\n \"engine_version\": \"12.0.86.52\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"FireEye\": {\n \"category\": \"undetected\",\n + \ \"engine_name\": \"FireEye\",\n \"engine_update\": + \"20200824\",\n \"engine_version\": \"32.36.1.0\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"Fortinet\": {\n \"category\": \"undetected\",\n + \ \"engine_name\": \"Fortinet\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"6.2.142.0\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"GData\": {\n \"category\": \"undetected\",\n + \ \"engine_name\": \"GData\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"A:25.26723B:27.19911\",\n + \ \"method\": \"blacklist\",\n \"result\": + null\n },\n \"Ikarus\": {\n \"category\": + \"undetected\",\n \"engine_name\": \"Ikarus\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"0.1.5.2\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"Invincea\": {\n \"category\": \"type-unsupported\",\n + \ \"engine_name\": \"Invincea\",\n \"engine_update\": + \"20200502\",\n \"engine_version\": \"6.3.6.26157\",\n + \ \"method\": \"blacklist\",\n \"result\": + null\n },\n \"Jiangmin\": {\n \"category\": + \"undetected\",\n \"engine_name\": \"Jiangmin\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"16.0.100\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"K7AntiVirus\": {\n \"category\": \"undetected\",\n + \ \"engine_name\": \"K7AntiVirus\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"11.131.35078\",\n + \ \"method\": \"blacklist\",\n \"result\": + null\n },\n \"K7GW\": {\n \"category\": + \"undetected\",\n \"engine_name\": \"K7GW\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"11.131.35078\",\n + \ \"method\": \"blacklist\",\n \"result\": + null\n },\n \"Kaspersky\": {\n \"category\": + \"undetected\",\n \"engine_name\": \"Kaspersky\",\n \"engine_update\": + \"20200824\",\n \"engine_version\": \"15.0.1.13\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"Kingsoft\": {\n \"category\": \"undetected\",\n + \ \"engine_name\": \"Kingsoft\",\n \"engine_update\": + \"20200824\",\n \"engine_version\": \"2013.8.14.323\",\n + \ \"method\": \"blacklist\",\n \"result\": + null\n },\n \"MAX\": {\n \"category\": + \"confirmed-timeout\",\n \"engine_name\": \"MAX\",\n \"engine_update\": + \"20200824\",\n \"engine_version\": \"2019.9.16.1\",\n + \ \"method\": \"blacklist\",\n \"result\": + null\n },\n \"Malwarebytes\": {\n \"category\": + \"undetected\",\n \"engine_name\": \"Malwarebytes\",\n + \ \"engine_update\": \"20200824\",\n \"engine_version\": + \"3.6.4.335\",\n \"method\": \"blacklist\",\n \"result\": + null\n },\n \"MaxSecure\": {\n \"category\": + \"failure\",\n \"engine_name\": \"MaxSecure\",\n \"engine_update\": + \"20200820\",\n \"engine_version\": \"1.0.0.1\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"McAfee\": {\n \"category\": \"undetected\",\n + \ \"engine_name\": \"McAfee\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"6.0.6.653\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"MicroWorld-eScan\": {\n \"category\": + \"undetected\",\n \"engine_name\": \"MicroWorld-eScan\",\n + \ \"engine_update\": \"20200824\",\n \"engine_version\": + \"14.0.409.0\",\n \"method\": \"blacklist\",\n \"result\": + null\n },\n \"Microsoft\": {\n \"category\": + \"undetected\",\n \"engine_name\": \"Microsoft\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"1.1.17300.4\",\n + \ \"method\": \"blacklist\",\n \"result\": + null\n },\n \"NANO-Antivirus\": {\n \"category\": + \"undetected\",\n \"engine_name\": \"NANO-Antivirus\",\n + \ \"engine_update\": \"20200823\",\n \"engine_version\": + \"1.0.134.25140\",\n \"method\": \"blacklist\",\n \"result\": + null\n },\n \"Paloalto\": {\n \"category\": + \"undetected\",\n \"engine_name\": \"Paloalto\",\n \"engine_update\": + \"20200824\",\n \"engine_version\": \"1.0\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"Panda\": {\n \"category\": \"undetected\",\n + \ \"engine_name\": \"Panda\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"4.6.4.2\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"Qihoo-360\": {\n \"category\": \"undetected\",\n + \ \"engine_name\": \"Qihoo-360\",\n \"engine_update\": + \"20200824\",\n \"engine_version\": \"1.0.0.1120\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"Rising\": {\n \"category\": \"undetected\",\n + \ \"engine_name\": \"Rising\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"25.0.0.26\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"SUPERAntiSpyware\": {\n \"category\": + \"undetected\",\n \"engine_name\": \"SUPERAntiSpyware\",\n + \ \"engine_update\": \"20200821\",\n \"engine_version\": + \"5.6.0.1032\",\n \"method\": \"blacklist\",\n \"result\": + null\n },\n \"Sangfor\": {\n \"category\": + \"undetected\",\n \"engine_name\": \"Sangfor\",\n \"engine_update\": + \"20200814\",\n \"engine_version\": \"1.0\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"SentinelOne\": {\n \"category\": \"type-unsupported\",\n + \ \"engine_name\": \"SentinelOne\",\n \"engine_update\": + \"20200724\",\n \"engine_version\": \"4.4.0.0\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"Sophos\": {\n \"category\": \"undetected\",\n + \ \"engine_name\": \"Sophos\",\n \"engine_update\": + \"20200824\",\n \"engine_version\": \"4.98.0\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"Symantec\": {\n \"category\": \"undetected\",\n + \ \"engine_name\": \"Symantec\",\n \"engine_update\": + \"20200821\",\n \"engine_version\": \"1.11.0.0\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"SymantecMobileInsight\": {\n \"category\": + \"type-unsupported\",\n \"engine_name\": \"SymantecMobileInsight\",\n + \ \"engine_update\": \"20200813\",\n \"engine_version\": + \"2.0\",\n \"method\": \"blacklist\",\n \"result\": + null\n },\n \"TACHYON\": {\n \"category\": + \"undetected\",\n \"engine_name\": \"TACHYON\",\n \"engine_update\": + \"20200824\",\n \"engine_version\": \"2020-08-24.01\",\n + \ \"method\": \"blacklist\",\n \"result\": + null\n },\n \"Tencent\": {\n \"category\": + \"undetected\",\n \"engine_name\": \"Tencent\",\n \"engine_update\": + \"20200824\",\n \"engine_version\": \"1.0.0.1\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"TotalDefense\": {\n \"category\": \"undetected\",\n + \ \"engine_name\": \"TotalDefense\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"37.1.62.1\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"TrendMicro\": {\n \"category\": \"undetected\",\n + \ \"engine_name\": \"TrendMicro\",\n \"engine_update\": + \"20200824\",\n \"engine_version\": \"11.0.0.1006\",\n + \ \"method\": \"blacklist\",\n \"result\": + null\n },\n \"TrendMicro-HouseCall\": {\n \"category\": + \"undetected\",\n \"engine_name\": \"TrendMicro-HouseCall\",\n + \ \"engine_update\": \"20200824\",\n \"engine_version\": + \"10.0.0.1040\",\n \"method\": \"blacklist\",\n \"result\": + null\n },\n \"Trustlook\": {\n \"category\": + \"timeout\",\n \"engine_name\": \"Trustlook\",\n \"engine_update\": + \"20200824\",\n \"engine_version\": \"1.0\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"VBA32\": {\n \"category\": \"undetected\",\n + \ \"engine_name\": \"VBA32\",\n \"engine_update\": + \"20200821\",\n \"engine_version\": \"4.4.1\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"VIPRE\": {\n \"category\": \"undetected\",\n + \ \"engine_name\": \"VIPRE\",\n \"engine_update\": + \"20200824\",\n \"engine_version\": \"86160\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"ViRobot\": {\n \"category\": \"undetected\",\n + \ \"engine_name\": \"ViRobot\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"2014.3.20.0\",\n + \ \"method\": \"blacklist\",\n \"result\": + null\n },\n \"Webroot\": {\n \"category\": + \"type-unsupported\",\n \"engine_name\": \"Webroot\",\n + \ \"engine_update\": \"20200824\",\n \"engine_version\": + \"1.0.0.403\",\n \"method\": \"blacklist\",\n \"result\": + null\n },\n \"Yandex\": {\n \"category\": + \"undetected\",\n \"engine_name\": \"Yandex\",\n \"engine_update\": + \"20200707\",\n \"engine_version\": \"5.5.2.24\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"Zillya\": {\n \"category\": \"undetected\",\n + \ \"engine_name\": \"Zillya\",\n \"engine_update\": + \"20200821\",\n \"engine_version\": \"2.0.0.4159\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"ZoneAlarm\": {\n \"category\": \"undetected\",\n + \ \"engine_name\": \"ZoneAlarm\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"1.0\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"Zoner\": {\n \"category\": \"undetected\",\n + \ \"engine_name\": \"Zoner\",\n \"engine_update\": + \"20200823\",\n \"engine_version\": \"0.0.0.0\",\n \"method\": + \"blacklist\",\n \"result\": null\n },\n + \ \"eGambit\": {\n \"category\": \"type-unsupported\",\n + \ \"engine_name\": \"eGambit\",\n \"engine_update\": + \"20200824\",\n \"engine_version\": null,\n \"method\": + \"blacklist\",\n \"result\": null\n }\n + \ },\n \"last_analysis_stats\": {\n \"confirmed-timeout\": + 1,\n \"failure\": 2,\n \"harmless\": 0,\n \"malicious\": + 0,\n \"suspicious\": 0,\n \"timeout\": 1,\n + \ \"type-unsupported\": 12,\n \"undetected\": + 57\n },\n \"last_modification_date\": 1598233696,\n + \ \"last_submission_date\": 1598233084,\n \"magic\": + \"empty\",\n \"md5\": \"d41d8cd98f00b204e9800998ecf8427e\",\n \"meaningful_name\": + \"android-cts-7.1_r6-linux_x86-arm.zip\",\n \"monitor_info\": {\n + \ \"filenames\": [\n \"fsdui.exe-99235b5f9e15ae6d6de45d6a1e8a736373420847f8d40f0dbc0beba88e83ea2c\",\n + \ \"f9e3c7d5-915e-45bb-839b-ed899b010ebc\",\n \"jfr.dll-d14c3572678b7cf201a16a2902ff4beaf153d7a48300ddd29f0a6e3f16498729\",\n + \ \"33506fc4-c1d0-46a0-92d4-047ce0d07634\",\n \"VBoxMouseNT.sys-f65a3251377ed580d403e028b83d72124ca2f16325e4f1c3dfc690c40aad6ad1\",\n + \ \"SCC-347f0ad59cbb7259bc95e433025b4ed9bc05d5e348f875f37f1f38daa0b780bd\",\n + \ \"fsdui.exe-3f45826a161a47e7e7a1c27ae6a8c0b77785dc218fe1fc678e5c42ddf338c769\",\n + \ \"fsdui.exe-cf3442fae6e859e1fa3325f2b870c9021688a03afc44405667555a46a13f6381\",\n + \ \"Iron.dll-1d30936a490b8e8499467272760d38f3d234b9544b1589bc3e47ea9285e59453\",\n + \ \"65aaef2cf3cbb2216c0bef8a73da7a5226d4e6e2251053f960fe2b48f27271a5\",\n + \ \"fsdui.exe-70ec8775701165a74a7921a01cb64b56189740bf7ae592d0246ad6878345ba2d\",\n + \ \"fsdui.exe-cc5022a571560254219eb973b1236b219e9cce87e9c889e3f375df2ed50a6917\",\n + \ \"fsdui.exe-0237ac5da79ecec5af54fc0e28aaea5da5690ba93f36d0f3c6b005fe0a7dffda\",\n + \ \"7zS.sfx.exe-d3d1295e7fa73cf8320b0d5601f5cb8f412cdfbe380034e3e5bcee8a807af218\",\n + \ \"PCTAppInstaller.EXE-dd36b6b6ff132d9e0b53af8cb905d83b877414fbe0a5e99d0477b00c42fa29a1\",\n + \ \"3afb867c-6e3e-48f7-9035-efbfcf4b9c8e\",\n \"bbRGen.dll-16d707bcf5a581a03e1d965022ac83ba0afa3dc5169695ac4a2c6bc1fda3300f\",\n + \ \"Setup.exe-94802d243f960f849f40fc437b53bf89b92f14a91b65fef6bb0eb1ceaaf0b53c\",\n + \ \"TEMPLATE.EXE-f6ae24ff21c7511b7d851a89a985654f619a7cf6e617fab7fe71350346eaa2e2\",\n + \ \"fsdui.exe-c50c73b9667fcfabf48ff9158726d1330545d7989a1ff515753d7d7e47840b83\",\n + \ \"fsdui.exe-67c8fca49bd146ad8483bef703e5fefcd3db9bb1a4102242e51bfc6fb18e2bbd\",\n + \ \"fsdui.exe-736d12e7276638e982d5399dc8504694b3cb9ae09d3b253b127296c2d4d81b8f\",\n + \ \"SETDAD.CredManagerDarkCorner.dll-f84641b5badf29960f91dd7c5734ad26ce4d15f7e8594f5bee31a6882b262a92\",\n + \ \"lcms.dll-a7465b9c52fbcadcf7114b1effec4dd03e2231625ebc9add6cfbfbcbf4698c54\",\n + \ \"hpsoftpaqwrapper.exe-48b05def02c54a0e62c2fe5c6ba5b6de2142af89743af3bd78ac8222f212aca9\",\n + \ \"NFT.exe-65d67829fe5c1a08444d1d3b0dcf76304454dd383e9d2385c421286f3f856169\",\n + \ \"fsdui.exe-c7df0544d8212d40735d3aa5e7ef953472279fdf0cc4c64230d37e281a1924af\",\n + \ \"fsdui.exe-e8b1b54178af10fa15cebb7e8fe991796d68e1e09aae585ce5d4af586fb1882b\",\n + \ \"fsdui.exe-310d285bf8bb3651906058fbde5c5710a19be9f7f46ec33bc2e8a50d6c34f5a6\",\n + \ \"fsdui.exe-7d2c3855e593c0ed1613c531c13e73e7856a85be71698bbfea6f74f1566d4fc8\",\n + \ \"fsdui.exe-6df75472c30b3b1a7517cf9255666195da0d032360324bbe5d6f7bc073618447\",\n + \ \"fsdui.exe-700a35fac373e64fe5455b4ef35f43c616a2ff290e51515cb7e33145a738921c\",\n + \ \"88f6ce18-621f-4ad7-bcca-9bd50f8aa4b1\",\n \"fsdui.exe-32e6163b611c1cbac85769addfe94ac081c7dd1786146522733c054d26d61ff2\",\n + \ \"Setup.exe-b309f918fe7efda5711400ff0a51d2a2c47953eb0e5d05ea84810d57993c01a5\",\n + \ \"cb91052d-37e8-4caa-bcd8-ec8c84a6aea1\",\n \"ActiveSync.exe-b184504563ed0d4e7ebb05512d41211fa843b3911a6015b0557f37a9c5d6e7ae\",\n + \ \"fsdui.exe-9d42326c67457fe30d8a77f4bebb25a834f8b8319a55bdafcaecc848f3dd286b\",\n + \ \"9ad4f2776bc347a3d7493fa3c33f31b9ee37f808cd82aa4b4ba042724d633773\",\n + \ \"fsdui.exe-f021051cf30465e758ad46175f93ee7defc995971f46001b45adf1f4e80a1055\",\n + \ \"fsdui.exe-889852d8ebc4e274571091cc4fa02be1bba999991630850200dc28be90539042\",\n + \ \"fsdui.exe-a162a1a9e0dd7f33bc6d4fcd120194867de23e4355bd5015d9a67691d41c24aa\",\n + \ \"fsdui.exe-532cc06eefb21c994ec26c9d61834637427aaf99755afccf0835ca84ea7486fa\",\n + \ \"AeXAgentDesktop.exe-fa7d6050c491cb8ffe31c70b1056f23c977299f78f41f15eb61b2297b0e4e8ee\",\n + \ \"SM.SystemMechanic.dll-7fd0f0b4dd304c976d64ecab16329f946fe0b41e194a9b5b43b1901ad6bd435e\",\n + \ \"fsdui.exe-9f603cae5caa994146789c810de3af622e35ee3ea48990c99ef403b36c9e09cd\",\n + \ \"fsdui.exe-601406da5ec536c8a4f87603b4110e5abc833316c2ded91f3e69571e35be4ac8\",\n + \ \"fsdui.exe-94c6c1d615cfdfff9d30fa83184a7b0c1fdf3d8f8fd8bc6a01edc30c9604a3f3\",\n + \ \"fsdui.exe-dc6426024bc2d7d7ccca0309c01dce531086319b92e5d90688a2f046268a7a76\",\n + \ \"fsdui.exe-1a4f53efeebe5227af3255366154567cc03a5ad8578c130a9bc732bec649225f\"\n + \ ],\n \"organizations\": [\n \"ObserveIT\",\n + \ \"Google\",\n \"Electric Quilt\",\n + \ \"HP\",\n \"G DATA\",\n \"Oracle\",\n + \ \"Symantec\",\n \"Microsoft\"\n ]\n + \ },\n \"names\": [\n \"finalres.bat\",\n + \ \"nt.dex.flock (deleted)\",\n \"187aad49f1512986434ce3964ea8269b7520fe223483728c94c9352f99384c5d\",\n + \ \"Soft.lnk\",\n \"eNXT.dex.flock (deleted)\",\n + \ \"defrag.exe\",\n \"danish xxx kicking voyeur + .rar.exe\",\n \"d41d8cd98f00b204e9800998ecf8427e.js\",\n \"5F0E3E4B229808793CA40E749B69E8BB5791B13ED7388D29F4EC9EA608828900\",\n + \ \"eula.1036.txt .exe\",\n \"driver.exe\",\n + \ \"handjob kicking sleeping sweet .rar.exe\",\n \"lesbian + several models stockings .mpg.exe\",\n \"american action porn + lesbian sweet (Sandy).rar.exe\",\n \"tyrkish action cumshot + voyeur young .avi.exe\",\n \"17f6b783e2ff22ba0d87794eaf7b02de17400b7d07a4c1520af9f7503738e54d\",\n + \ \"eula.1041.txt .exe\",\n \"globdata.ini .exe\",\n + \ \"american horse lingerie girls glans .zip.exe\",\n \"utt7100.tmp\",\n + \ \"asian gay voyeur .mpeg.exe\",\n \"gay [milf] + .zip.exe\",\n \"ntldr .exe\",\n \"systemprofile:.repos\",\n + \ \"indian lingerie full movie hole lady .avi.exe\",\n \"undelete.exe\",\n + \ \"17693803bbb51cd066d6bbe25ec42fcf184f12b709c6527830fc139e60c8b259\",\n + \ \"cmonitor.dll\",\n \"eula.1031.txt .exe\",\n + \ \"Fk.dex.flock (deleted)\",\n \"RECYCLER .exe\",\n + \ \"Python27 .exe\",\n \"logs.dat\",\n \"screensaver.scr\",\n + \ \"autorun.inf\",\n \"russian horse lesbian + big .rar.exe\",\n \"DivX 7.2 freeware.exe\",\n \"fkodmn32.exe\",\n + \ \"ballelong.bat\",\n \"horse uncut bedroom + .zip.exe\",\n \"MSWDM.EXE\",\n \"wpv.txt\",\n + \ \"BsPlayer v3.exe\",\n \"lesbian uncut glans + .mpeg.exe\",\n \"eula.2052.txt .exe\",\n \"log\",\n + \ \"defrag64.exe\",\n \"csrcs.exe\",\n \"16d711515bc0b52600c8d89efd5e8c63358fad6a93d419b5b7a7b97919572a2c\",\n + \ \"edit.exe\",\n \"sperm [bangbus] (Jade).rar.exe\",\n + \ \"071d5c44d21c365c13133d46b93a94bc.js\",\n \"drwatson32.exe\",\n + \ \"16728bc225e83c3fc6deab8353c951925e641bbf42128334e4fff59167e99d5d\",\n + \ \"excel.exe\",\n \"3rd World-installer.scr\",\n + \ \"eicar.com-722\",\n \"sperm voyeur .mpeg.exe\",\n + \ \"bemoag32.exe\",\n \"uninstall.exe\",\n \"hkdfdjfkl.exe:zoneidentifier\",\n + \ \"install.res.2052.dll .exe\",\n \"japanese + horse blowjob uncut hole .mpg.exe\",\n \"hardcore animal hidden + young (Gina,Jade).mpeg.exe\",\n \"rundll64.exe\",\n \"nuvbkdz.log\",\n + \ \"xxx hot (!) sweet .zip.exe\",\n \"install.res.1033.dll + .exe\",\n \"18449892_covid19_review.zip\",\n \"mssrv.exe\",\n + \ \"pgp9.exe\",\n \"apkprotect-v1.dex.flock (deleted)\",\n + \ \"cb32.exe\",\n \"russian beast xxx public + cock .zip.exe\",\n \"hardcore several models young (Curtney).mpeg.exe\",\n + \ \"fbnilpdl.exe\",\n \"japanese cumshot gay + full movie .zip.exe\",\n \"wel.bmp\",\n \"SkinH.she\",\n + \ \"libtbs.so\",\n \"login_video.mp4\",\n \"payload.dex.flock + (deleted)\",\n \".bss\",\n \"3D Movie Maker.exe\",\n + \ \"tyrkish cum fucking lesbian hole .mpg.exe\",\n \"russian + fetish xxx sleeping swallow .avi.exe\",\n \"3qubde0amswoilw.exe\",\n + \ \"fucking hardcore licking .avi.exe\",\n \"chinese + gang bang beastiality [bangbus] traffic .avi.exe\",\n \"ry.co.my.apk\",\n + \ \"__DATA__la_symbol_ptr\",\n \"32763\",\n \"VC_RED.cab + .exe\",\n \"NULL\",\n \"dkhbng32.exe\",\n \"indian + cum sperm [free] (Liz).zip.exe\",\n \"black animal lesbian + [milf] .avi.exe\"\n ],\n \"nsrl_info\": {\n \"filenames\": + [\n \"1, Augustin, Butterfield, Cook, Copperplate Gothic + (1, Copperplate Gothic (8, Drummer, Erickson, Eurostile (1, Eurostile 2 (3, + FJSV, FMI, Flynn, Gorman, Holmes, Ivey, Jirik, Koval, Lovitz, MAHJONGG.{EASY, + Met Turn, Midstokke, NATE, Nipstad, Oak, Papenfuss, Quigley, Rada, Ross, SUNW, + Schue, Sorry, TI, Thuen, Uglem, Univers (1-5, Univers Condensed (2, Vorhees, + Wicker, Xanadu, Yaeger, Zimmerman, btmgr.spec, nasm.vim, sunw\",\n \"iesetup.dir\",\n + \ \"BLANK.TXT, blogo.gi!, blogo.gi_\",\n \"ROUTE.TBL\",\n + \ \"BLANK DOCUMENT.PSW, BLANK NOTE.PWI, CD1.INF, FILEOSP.RC, + chat.adm\",\n \"cdrom_sp.tst\",\n \".FVWM95, + .FVWM95RC, .TEXTSWRC, .TEXT_EXTRAS_MENU, .TTYSWRC, ADDGROUP, ANSI, AWK, AWK.1, + CAPTOINFO, CBB-MAN, COMPILED, CONFIG, DIGITAL, DUMB, DYNALOADER, EDITOR, EDITOR.1, + FDLIST, FDMOUNT.CONF, FDMOUNTD, FDUMOUNT, FUJITSU, GENKSYMS, INFOTOCAP, INIT-RESTART.HOOK, + INIT.HOOK, IO, IO.BS, LASTB, LD-LINUX.000, LD-LINUX.SO, LIBAPT-PKG.001, LIBAPT-PKG.SO, + LIBATTRGLYPH.001, LIBATTRGLYPH.SO, LIBATTRIBUTE.001, LIBATTRIBUTE.SO, LIBBROKENLOCALE.SO, + LIBC.SO, LIBCOMGLYPH.001, LIBCOMGLYPH.SO, LIBCOMTERP.001, LIBCOMTERP.SO, LIBCOMUNIDRAW.001, + LIBCOMUNIDRAW.SO, LIBCOMUTIL.001, LIBCOMUTIL.SO, LIBCOM_ERR.000, LIBCRYPT.SO, + LIBDB.SO, LIBDL.000, LIBDL.SO, LIBDND++.SO, LIBDND.SO, LIBDPKG.000, LIBDPKG.001, + LIBDRAWSERV.001, LIBDRAWSERV.SO, LIBE2P.000, LIBEXT2FS.000, LIBFORM.000, LIBFRAMEUNIDRAW.001, + LIBFRAMEUNIDRAW.SO, LIBGDBM.000, LIBGDBM.001, LIBGIF.000, LIBGIF.SO, LIBGRAPHUNIDRAW.001, + LIBGRAPHUNIDRAW.SO, LIBHISTORY.000, LIBICE.001, LIBICE.SO, LIBIV-COMMON.001, + LIBIV-COMMON.SO, LIBIV.001, LIBIV.SO, LIBIVGLYPH.001, LIBIVGLYPH.SO, LIBJPEG.000, + LIBJPEG.SO, LIBM.SO, LIBMAGICK.SO, LIBMENU.000, LIBMRM.001, LIBMRM.SO, LIBNSL.SO, + LIBNSS_COMPAT.SO, LIBNSS_DB.SO, LIBNSS_DNS.SO, LIBNSS_FILES.SO, LIBNSS_NIS.SO, + LIBOLGX.SO, LIBOVERLAYUNIDRAW.001, LIBOVERLAYUNIDRAW.SO, LIBPANEL.000, LIBPEX5.001, + LIBPEX5.SO, LIBPTHREAD.SO, LIBQT.001, LIBQT.SO, LIBRESOLV.SO, LIBSLANG.000, + LIBSM.001, LIBSM.SO, LIBSS.000, LIBSTDC++-LIBC6.0-1, LIBSTDC++-LIBC6.1-1, + LIBSTDC++.001, LIBSTDC++.SO, LIBTIFF.SO, LIBTIME.001, LIBTIME.SO, LIBTOPOFACE.001, + LIBTOPOFACE.SO, LIBUNGIF.SO, LIBUNIDRAW-COMMON.001, LIBUNIDRAW-COMMON.SO, + LIBUNIDRAW.001, LIBUNIDRAW.SO, LIBUNIIDRAW.001, LIBUNIIDRAW.SO, LIBUTIL.SO, + LIBUUID.000, LIBWRASTER.SO, LIBWXGRID_XT.SO, LIBWXTAB_XT.SO, LIBWX_XT.SO, + LIBWX_XTTHREAD.SO, LIBWX_XTWIDGETS.SO, LIBX11.001, LIBX11.SO, LIBXAW.001, + LIBXAW.SO, LIBXAW3D.001, LIBXAW3D.SO, LIBXEXT.001, LIBXEXT.SO, LIBXI.001, + LIBXI.SO, LIBXIE.001, LIBXIE.SO, LIBXM.001, LIBXM.SO, LIBXMU.001, LIBXMU.SO, + LIBXP.001, LIBXP.SO, LIBXPM.000, LIBXPM.SO, LIBXT.001, LIBXT.SO, LIBXTST.001, + LIBXTST.SO, LIBXVIEW.SO, LIBZ.001, LIBZ.SO, LOCALE.ALIAS, MACINTOSH, MAIN-MENU-PRE.HOOK, + MAIN-MENU.HOOK, MENUDEFS.HOOK, NAWK, NAWK.1, NEC, NEWXSERVER.XSERVER-VGA16, + PAGER, PIDOF, POST.HOOK, POWEROFF, RAMSIZE, RBASH, RCLOCK, REBOOT, RESET, + RMMOD, ROOTFLAGS, RXVT, RXVT-M, SCREEN, SCREEN-W, SECURITYPOLICY, SG, SGI, + SHELLTOOL, SOCKET, SOCKET.BS, SONY, SUN, SWAPDEV, SWAPOFF, TABSET, TELINIT, + TERMINFO, VI.1, VIDMODE, VIGR, VT100, VT102, VT220, VT52, W.1, X11R6, XDFFORMAT, + XDM-CONFIG, XDVI, XF86CONFIG, XFTP, XINITRC, XKBCOMP, XSCREENSAVER, XSERVERRC, + XSETBG, XSYSINFO, XTERM, XTERM-DEBIAN, XTERM-XFREE86\",\n \"rfc779.htm\",\n + \ \"test1.txt, test1.z\",\n \"INSTALL.LOG\",\n + \ \"Drafts, Inbox, Sent, Templates, Trash, Unsent_Messages, + blogo.gi!, blogo.gi_, ns45_drafts, ns45_inbox, ns45_sent, ns45_templates, + ns45_trash, ns45_unsent_messages, phonepref.txt\",\n \"MSDN332.INF\",\n + \ \"PREFREPT.BMP, PREFRPT2.BMP, PREFSMOD.BMP, PREFSWIN.BMP, + PROGGRP1.BMP, PROGGRP2.BMP, PROGRUN.BMP, QCARD01.BMP, QCARD06.BMP, UGCHAP9.BMP\",\n + \ \"BD.CON, BF.CON, BG.CON, BL.CON, BN.CON, BNCON.WRI, CC.CON, + CD.CON, DISK1, DISK2, DISK3, WOW.DRV\",\n \".exists, API.bs, + B.bs, Base64.bs, ByteLoader.bs, ChangeNotify.bs, Clipboard.bs, Console.bs, + DBI.bs, DB_File.bs, DProf.bs, Dumper.bs, Embperl.bs, Event.bs, EventLog.bs, + Fcntl.bs, FileSecurity.bs, GDBM_File.bs, Glob.bs, Hostname.bs, IO.bs, IPC.bs, + Internet.bs, Leak.bs, MD2.bs, MD5.bs, Mutex.bs, NDBM_File.bs, Net.bs, NetAdmin.bs, + NetResource.bs, ODBC.bs, ODBM_File.bs, OLE.bs, Opcode.bs, Oracle.bs, POSIX.bs, + Peek.bs, PerfLib.bs, Pipe.bs, Process.bs, Registry.bs, SDBM_File.bs, SHA1.bs, + Semaphore.bs, Service.bs, Shortcut.bs, Socket.bs, Sound.bs, Storable.bs, Symbol.bs, + SysV.bs, Syslog.bs, Thread.bs, Win32.bs, WinError.bs, attrs.bs, carts.MYD, + columns_priv.MYD, comments, host.MYD, images.MYD, mail, mrbs_entry.MYD, mrbs_repeat.MYD, + mysql.bs, nomail, sessions.MYD, tables_priv.MYD, users.MYD, zlib.bs\",\n \"empty.htm, + logagent.exe, quartz.dll, tvxdup.001, vnetsup.vxd, xeno.avb\",\n \"blogo.gi!, + blogo.gi_\",\n \"MessagesD.properties, MessagesF.properties, + MessagesJA.properties, access_log\",\n \"CUSTOMERSERVICE.RESX, + CUSTOMERSERVICES.CUSTOMERSERVICE.RESOURCES, DEFAULT.ASPX.RESX, EXCEPTIONHANDLING.EXCEPTIONHANDLINGFORM.RESOURCES, + EXCEPTIONHANDLINGFORM.RESX, FRMPOORUPGRADE.RESX, GLOBAL.ASAX.RESX, LOGIN.ASPX.RESX, + MAINFORM.RESX, MOBILEWEBFORM1.ASPX.RESX, README.ASPX.RESX, SERVICE.LCK, SERVICE1.ASMX.RESX, + VB6POOREXAMPLE.FRMPOORUPGRADE.RESOURCES, WEBAPPLICATION3.GLOBAL.RESOURCES, + WEBAPPLICATION3.WEBFORM1.RESOURCES, _11EVENTLOGGINGDEMO.README.RESOURCES, + _MYHEADER.ASCX.RESX\",\n \"DECSCSI, DISK1, DISK103, PLANGEOAREA.BCP, + SPCDROM.40, TAGFILE.1\"\n ],\n \"products\": + [\n \"DRAW (Corel Corporation)\",\n \"Photo-Paint + (Corel Corporation)\",\n \"Commerce Server Developer Edition + (Microsoft)\",\n \"Exchange Server Enterprise Edition (Microsoft)\",\n + \ \"eMbedded Visual Tools (Microsoft)\",\n \"Internet + Security and Acceleration Server - Enterprise Edition (Microsoft)\",\n \"Commerce + Server - Developer Edition (Microsoft)\",\n \"Linux (Corel + Corporation)\",\n \"Yourideallink.com (Ideal link Inc.)\",\n + \ \"NSRL Test (NIST)\",\n \"Visio (Microsoft)\",\n + \ \"Visio Enterprise Edition (Microsoft)\",\n \"EarthLink + (Earthlink Inc.)\",\n \"Riven (Red Orb)\",\n \"Quicken + (Intuit Inc.)\",\n \"Get Set to Learn (Creative Wonders)\",\n + \ \"MySQL (NuSphere Corporation)\",\n \"Windows + (Microsoft)\",\n \"QuickBooks (Intuit Inc.)\",\n \"Tivoli + Manager (Tivoli)\"\n ]\n },\n \"oldapps_info\": + {\n \"developer\": \"The Blender Foundation\",\n \"oldapps\": + \"http://oldapps.com/blender.php?old_blender=7584?download\",\n \"product\": + \"Blender 2.63 (x64)\",\n \"website\": \"http://oldapps.com/blender.php?old_blender=7584\"\n + \ },\n \"reputation\": 1368,\n \"sha1\": \"da39a3ee5e6b4b0d3255bfef95601890afd80709\",\n + \ \"sha256\": \"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\n + \ \"size\": 0,\n \"ssdeep\": \"3::\",\n \"tags\": + [\n \"zero-filled\",\n \"software-collection\",\n + \ \"nsrl\",\n \"trusted\",\n \"via-tor\"\n + \ ],\n \"times_submitted\": 1160756,\n \"total_votes\": + {\n \"harmless\": 7571,\n \"malicious\": 1729\n + \ },\n \"trusted_verdict\": {\n \"filename\": + \"android-cts-7.1_r6-linux_x86-arm.zip\",\n \"link\": \"https://dl.google.com/dl/android/cts/android-cts-7.1_r6-linux_x86-arm.zip\",\n + \ \"organization\": \"Google\",\n \"verdict\": + \"goodware\"\n },\n \"type_description\": \"unknown\",\n + \ \"unique_sources\": 3756\n },\n \"id\": \"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\n + \ \"links\": {\n \"self\": \"https://www.virustotal.com/api/v3/files/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\"\n + \ },\n \"type\": \"file\"\n }\n}" + headers: + Cache-Control: + - no-cache + Content-Encoding: + - gzip + Content-Type: + - application/json; charset=utf-8 + Date: + - Mon, 24 Aug 2020 01:48:27 GMT + Server: + - Google Frontend + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Cloud-Trace-Context: + - afbb4bbcf25f5416d62d5a096a465420 + status: + code: 200 + message: OK + url: https://www.virustotal.com/api/v3/files/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 +version: 1