from colorama import init, Fore, Back, Style import re def printResult(info, count, total): """ prints the result block :param info: all collected info :param count: counter (number of samples checked) :param total: total number of lines to check :return: """ # Rating and Color info["res_color"] = Back.CYAN # If VT returned results if "total" in info: info["res_color"] = Back.GREEN if info["positives"] > 0: info["res_color"] = Back.YELLOW if info["positives"] > 10: info["res_color"] = Back.RED # Head line printSeparator(count, total, info['res_color'], info["rating"]) headline = "HASH: {0}".format(info["hash"]) if 'comment' in info and info['comment'] != '': headline += " COMMENT: {0}".format(info['comment']) if 'matching_rule' in info and info['matching_rule'] != '': headline += " RULE: {0}".format(info['matching_rule']) printHighlighted(headline) # More VT info if "total" in info: # Result info["result"] = "%s / %s" % (info["positives"], info["total"]) if info["virus"] != "-": printHighlighted("VIRUS: {0}".format(info["virus"])) printHighlighted("TYPE: {1} SIZE: {2} FILENAMES: {0}".format(removeNonAsciiDrop(info["filenames"]), info['filetype'], info['filesize'])) # Tags to show tags = "" if isinstance(info['tags'], list): tags = " ".join(map(lambda x: x.upper(), info['tags'])) # Extra Info printPeInfo(info) printHighlighted("FIRST: {0} LAST: {1} SUBMISSIONS: {5} REPUTATION: {6}\nCOMMENTS: {2} USERS: {3} TAGS: {4}".format( info["first_submitted"], info["last_submitted"], info["comments"], ', '.join(info["commenter"]), tags, info["times_submitted"], info["reputation"] ), tag_color=True) # Print the highlighted result line printHighlighted("RESULT: %s" % (info["result"]), hl_color=info["res_color"]) def printHighlighted(line, hl_color=Back.WHITE, tag_color=False): """ Print a highlighted line """ if tag_color: # Tags colorer = re.compile('(HARMLESS|SIGNED|MS_SOFTWARE_CATALOGUE|MSSOFT|SUCCESSFULLY\sCOMMENTED)', re.VERBOSE) line = colorer.sub(Fore.BLACK + Back.GREEN + r'\1' + Style.RESET_ALL + '', line) colorer = re.compile('(REVOKED|EXPLOIT|CVE-[0-9\-]+|OBFUSCATED|RUN\-FILE)', re.VERBOSE) line = colorer.sub(Fore.BLACK + Back.RED + r'\1' + Style.RESET_ALL + '', line) colorer = re.compile('(EXPIRED|VIA\-TOR|OLE\-EMBEDDED|RTF|ATTACHMENT|ASPACK|UPX|AUTO\-OPEN|MACROS)', re.VERBOSE) line = colorer.sub(Fore.BLACK + Back.YELLOW + r'\1' + Style.RESET_ALL + '', line) # Extras colorer = re.compile('(\[!\])', re.VERBOSE) line = colorer.sub(Fore.BLACK + Back.LIGHTMAGENTA_EX + r'\1' + Style.RESET_ALL + '', line) # Add line breaks colorer = re.compile('(ORIGNAME:)', re.VERBOSE) line = colorer.sub(r'\n\1', line) # Standard colorer = re.compile('([A-Z_]{2,}:)\s', re.VERBOSE) line = colorer.sub(Fore.BLACK + hl_color + r'\1' + Style.RESET_ALL + ' ', line) print(line) def printSeparator(count, total, color, rating): """ Print a separator line status infos :param count: :param total: :return: """ print(Fore.BLACK + color) print(" {0} / {1} > {2}".format(count+1, total, rating.title()).ljust(80) + Style.RESET_ALL) def printKeyLine(line): """ Print a given string as a separator line :param line: :return: """ print(Fore.BLACK + Back.WHITE) print("{0}".format(line).ljust(80) + Style.RESET_ALL) print("") def printPeInfo(sample_info): """ Prints PE information in a clever form :param peInfo: :return: """ peInfo = [u'origname', u'description', u'copyright', u'signer'] outString = [] for k, v in sample_info.items(): if k in peInfo: if v != '-': outString.append("{0}: {1}".format(k.upper(), removeNonAsciiDrop(v))) if " ".join(outString): printHighlighted(" ".join(outString)) def removeNonAsciiDrop(string): nonascii = "error" # print "CON: ", string try: # Generate a new string without disturbing characters and allow new lines # Python 2 method try: nonascii = "".join(i for i in string if (ord(i) < 127 and ord(i) > 31) or ord(i) == 10 or ord(i) == 13) except Exception as e: # Python 3 fallback return string except Exception as e: traceback.print_exc() pass return nonascii