Check `md5`, `sha1` and record `file magic type`, `runnable` as well.

### File hash functions
- https://stackoverflow.com/questions/22058048/hashing-a-file-in-python
- https://stackoverflow.com/questions/3431825/generating-an-md5-checksum-of-a-file

In [None]:
import hashlib

filePath = '../惡意程式樣本與清冊/202207_malware_sample/20227_1_Xorddos/0aefb67c01a24d05351b093455203fa2.bin'

In [6]:
def md5(fname):
    hash_md5 = hashlib.md5()
    with open(fname, "rb") as f:
        for chunk in iter(lambda: f.read(4096), b""):
            hash_md5.update(chunk)
    return hash_md5.hexdigest()

md5(filePath)

'0aefb67c01a24d05351b093455203fa2'

In [7]:
def sha1(fname):
    hash = hashlib.sha1()
    with open(fname, "rb") as f:
        for chunk in iter(lambda: f.read(4096), b""):
            hash.update(chunk)
    return hash.hexdigest()

sha1(filePath)

'ea83f4d58131b153640cbe0f43a448af1c147335'

### Magic type function
- https://stackoverflow.com/questions/1974724/is-there-a-python-equivalent-of-the-unix-file-utility
- https://github.com/Yelp/elastalert/issues/1927

In [16]:
! pip install python-magic-bin==0.4.14

Collecting python-magic-bin==0.4.14
  Downloading python_magic_bin-0.4.14-py2.py3-none-win_amd64.whl (409 kB)
Installing collected packages: python-magic-bin
Successfully installed python-magic-bin-0.4.14


In [21]:
import magic
def getMagic(fname):
    return magic.from_buffer(open(fname, "rb").read(2048))

getMagic(filePath)

'ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV)'

### Collecting information

In [2]:
import glob
import os
rootFolder = "../惡意程式樣本與清冊/202207_malware_sample"
sampleRootFolder = glob.glob(os.path.join(rootFolder, "*"))
print(sampleRootFolder)

for family in sampleRootFolder:
    sampleFiles = glob.glob(os.path.join(f'rootFolder/{family}', "*"))
    for file in sampleFiles:
        md5(file)
        sha1(file)
        getMagic(file)

['../惡意程式樣本與清冊/202207_malware_sample\\20227_1_Xorddos',
 '../惡意程式樣本與清冊/202207_malware_sample\\20227_2_Mozi',
 '../惡意程式樣本與清冊/202207_malware_sample\\20227_3_Mirai',
 '../惡意程式樣本與清冊/202207_malware_sample\\20227_4_Dofloo',
 '../惡意程式樣本與清冊/202207_malware_sample\\20227_5_Tsunami']