diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..412eeda
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,22 @@
+# Auto detect text files and perform LF normalization
+* text=auto
+
+# Custom for Visual Studio
+*.cs diff=csharp
+*.sln merge=union
+*.csproj merge=union
+*.vbproj merge=union
+*.fsproj merge=union
+*.dbproj merge=union
+
+# Standard to msysgit
+*.doc diff=astextplain
+*.DOC diff=astextplain
+*.docx diff=astextplain
+*.DOCX diff=astextplain
+*.dot diff=astextplain
+*.DOT diff=astextplain
+*.pdf diff=astextplain
+*.PDF diff=astextplain
+*.rtf diff=astextplain
+*.RTF diff=astextplain
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..b9d6bd9
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,215 @@
+#################
+## Eclipse
+#################
+
+*.pydevproject
+.project
+.metadata
+bin/
+tmp/
+*.tmp
+*.bak
+*.swp
+*~.nib
+local.properties
+.classpath
+.settings/
+.loadpath
+
+# External tool builders
+.externalToolBuilders/
+
+# Locally stored "Eclipse launch configurations"
+*.launch
+
+# CDT-specific
+.cproject
+
+# PDT-specific
+.buildpath
+
+
+#################
+## Visual Studio
+#################
+
+## Ignore Visual Studio temporary files, build results, and
+## files generated by popular Visual Studio add-ons.
+
+# User-specific files
+*.suo
+*.user
+*.sln.docstates
+
+# Build results
+
+[Dd]ebug/
+[Rr]elease/
+x64/
+build/
+[Bb]in/
+[Oo]bj/
+
+# MSTest test Results
+[Tt]est[Rr]esult*/
+[Bb]uild[Ll]og.*
+
+*_i.c
+*_p.c
+*.ilk
+*.meta
+*.obj
+*.pch
+*.pdb
+*.pgc
+*.pgd
+*.rsp
+*.sbr
+*.tlb
+*.tli
+*.tlh
+*.tmp
+*.tmp_proj
+*.log
+*.vspscc
+*.vssscc
+.builds
+*.pidb
+*.log
+*.scc
+
+# Visual C++ cache files
+ipch/
+*.aps
+*.ncb
+*.opensdf
+*.sdf
+*.cachefile
+
+# Visual Studio profiler
+*.psess
+*.vsp
+*.vspx
+
+# Guidance Automation Toolkit
+*.gpState
+
+# ReSharper is a .NET coding add-in
+_ReSharper*/
+*.[Rr]e[Ss]harper
+
+# TeamCity is a build add-in
+_TeamCity*
+
+# DotCover is a Code Coverage Tool
+*.dotCover
+
+# NCrunch
+*.ncrunch*
+.*crunch*.local.xml
+
+# Installshield output folder
+[Ee]xpress/
+
+# DocProject is a documentation generator add-in
+DocProject/buildhelp/
+DocProject/Help/*.HxT
+DocProject/Help/*.HxC
+DocProject/Help/*.hhc
+DocProject/Help/*.hhk
+DocProject/Help/*.hhp
+DocProject/Help/Html2
+DocProject/Help/html
+
+# Click-Once directory
+publish/
+
+# Publish Web Output
+*.Publish.xml
+*.pubxml
+
+# NuGet Packages Directory
+## TODO: If you have NuGet Package Restore enabled, uncomment the next line
+#packages/
+
+# Windows Azure Build Output
+csx
+*.build.csdef
+
+# Windows Store app package directory
+AppPackages/
+
+# Others
+sql/
+*.Cache
+ClientBin/
+[Ss]tyle[Cc]op.*
+~$*
+*~
+*.dbmdl
+*.[Pp]ublish.xml
+*.pfx
+*.publishsettings
+
+# RIA/Silverlight projects
+Generated_Code/
+
+# Backup & report files from converting an old project file to a newer
+# Visual Studio version. Backup files are not needed, because we have git ;-)
+_UpgradeReport_Files/
+Backup*/
+UpgradeLog*.XML
+UpgradeLog*.htm
+
+# SQL Server files
+App_Data/*.mdf
+App_Data/*.ldf
+
+#############
+## Windows detritus
+#############
+
+# Windows image file caches
+Thumbs.db
+ehthumbs.db
+
+# Folder config file
+Desktop.ini
+
+# Recycle Bin used on file shares
+$RECYCLE.BIN/
+
+# Mac crap
+.DS_Store
+
+
+#############
+## Python
+#############
+
+*.py[co]
+
+# Packages
+*.egg
+*.egg-info
+dist/
+build/
+eggs/
+parts/
+var/
+sdist/
+develop-eggs/
+.installed.cfg
+
+# Installer logs
+pip-log.txt
+
+# Unit test / coverage reports
+.coverage
+.tox
+
+#Translations
+*.mo
+
+#Mr Developer
+.mr.developer.cfg
diff --git a/Binaries/Trojan.Win32.Bechiro.BCD/VirusTotalIdentification.txt b/Binaries/Trojan.Win32.Bechiro.BCD/VirusTotalIdentification.txt
deleted file mode 100644
index 05461ab..0000000
--- a/Binaries/Trojan.Win32.Bechiro.BCD/VirusTotalIdentification.txt
+++ /dev/null
@@ -1,13 +0,0 @@
-Antivirus Result Update
-Antiy-AVL Downloader/Win32.Morstar 20140114
-Comodo Application.Win32.Bechiro.BCD 20140114
-ESET-NOD32 a variant of Win32/FirseriaInstaller.C 20140114
-Ikarus not-a-virus:Downloader.Win32.Morstar 20140114
-Kaspersky not-a-virus:Downloader.Win32.Morstar.o 20140114
-Kingsoft Win32.Troj.Generic.a.(kcloud) 20130829
-Malwarebytes PUP.Optional.BundleInstaller.A 20140114
-Panda Adware/MultiToolbar 20140114
-Rising PE:PUF.FirseriaInstaller@CV!1.9C54 20140114
-Sophos Solimba Installer 20140114
-VBA32 Downloader.Morstar 20140114
-VIPRE DownloadMR (fs) 20140114
diff --git a/PackFiles.sh b/PackFiles.sh
deleted file mode 100644
index 39f0d9c..0000000
--- a/PackFiles.sh
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-
-bold=`tput bold`
-normal=`tput sgr0`
-green_plus='\e[00;32m[+]\e[00m'
-
-if [ $# -ne 1 ] ; then
- echo "No directory choosen."
- echo "Using `pwd`"
- current_dir=`pwd`
-fi
-
-find $pwd -maxdepth 1 -type d | while read folder; do
- mkdir -p "Compressed/$folder"
- zip -r --password infected "Compressed/$folder/$folder.zip" "$folder" > /dev/null
- sha256sum "Compressed/$folder/$folder.zip" > "Compressed/$folder/$folder.sha256"
- md5sum "Compressed/$folder/$folder.zip" > "Compressed/$folder/$folder.md5"
- echo "infected" > "Compressed/$folder/$folder.pass"
- echo -e "$green_plus $folder compressed. "
- echo -e "$green_plus Remember that you still need to create index.log :) "
-done
diff --git a/README.md b/README.md
index 4d2c711..2e49779 100644
--- a/README.md
+++ b/README.md
@@ -55,7 +55,7 @@ Each directory is composed of 5 files:
The main index.csv is the DB which you will look in to find malwares indexed on your drive. We use the , charachter as the delimiter to our CSVs.
The structure is al follows:
- uid,location,type,name,version,author,language,date,platform,architecture
+ uid,location,type,name,version,author,language,date
- UID - Determined base on the indexing process. Does not really have any purpose yet.
- Location The location on the drive of the malware you have searched for. This and the UID field are automatically built on run by Rebuild_CSV.sh.
@@ -65,8 +65,6 @@ The structure is al follows:
- Author - ... I'm not that into documentation...
- Language - VB/C/ASM/C++/Java or binaries (bin)
- Date - See 'Author' section.
-- Platform - Platform can be win32,win64,android,ios.
-- Architecture - Can be x86,x64,arm and so on.
## Structure of index.log:
@@ -83,14 +81,12 @@ Bugs and Reports
The repository holding all files is currently
https://github.com/ytisf/theZoo
-Stuff which are in the making:
Stuff which are in the making:
- [X] Fix EULA for proper disclaimer.
- [X] More precise searching and indexing including platform and more.
- [ ] We have about 400 more malwares to map and add
-- [ ] Git update of platform and new malware.
-- [X] Separate DB version from application version.
-- [ ] Fix display of search.
+- [X] Git update of platform and new malware.
+- [X] Fix display of search.
- [X] Enable support for platform and architecture in indexing.
If you have any suggestions or malware that you have indexed as in the documentations please send it to us to yuvaln210 [at] your most popular mail server so we can add it for every one's enjoyment.
\ No newline at end of file
diff --git a/Rebuild_CSV.sh b/Rebuild_CSV.sh
deleted file mode 100644
index 45a174a..0000000
--- a/Rebuild_CSV.sh
+++ /dev/null
@@ -1,41 +0,0 @@
-#!/bin/bash
-
-bold=`tput bold`
-normal=`tput sgr0`
-green_plus='\e[00;32m[+]\e[00m'
-red_min='\e[01;31m[-]\e[00m'
-
-# This file rebuilds the index.csv file based on the local index.log file in each folder.
-
-# Backup previous
-mv conf/index.csv conf/Index.Backup.csv
-
-# finds all index.log files:
-
-find `pwd` -name 'index.log' > /tmp/indexrebuild.tmp
-touch conf/index.csv
-i=1
-cat /tmp/indexrebuild.tmp | while read file ; do
- let string="$i"
- string="$string,`echo "$file"`,`cat "$file"`,"
- echo -e "$green_plus $i was added successfully"
- echo "$string" >> conf/index.csv
- let i=i+1
-done
-
-linesofdb=`wc -l < conf/index.csv`
-
-if [ $linesofdb = 0 ]; then
- echo ""
- echo -e "$red_min No index files were detected!"
- echo ""
- exit 0
-fi
-if [ $linesofdb > 0 ]; then
- echo ""
- echo -e "$green_plus Rebuilt index with $linesofdb malwares. Be safe."
- echo " Go and have some fun :)"
- echo ""
- exit 1
-fi
-
diff --git a/Source/Original/nBot 0.32 - May 2008/nBot 0.32 - May 2008.md5 b/Source/Original/nBot 0.32 - May 2008/nBot 0.32 - May 2008.md5
deleted file mode 100644
index c093948..0000000
--- a/Source/Original/nBot 0.32 - May 2008/nBot 0.32 - May 2008.md5
+++ /dev/null
@@ -1 +0,0 @@
-026548cd05f37fc70c901fe767be3e3f Compressed/./NBot - July 2008/./NBot - July 2008.zip
diff --git a/Source/Original/nBot 0.32 - May 2008/nBot 0.32 - May 2008.rar b/Source/Original/nBot 0.32 - May 2008/nBot 0.32 - May 2008.rar
deleted file mode 100644
index 9f4d977..0000000
Binary files a/Source/Original/nBot 0.32 - May 2008/nBot 0.32 - May 2008.rar and /dev/null differ
diff --git a/Source/Original/nBot 0.32 - May 2008/nBot 0.32 - May 2008.sha256 b/Source/Original/nBot 0.32 - May 2008/nBot 0.32 - May 2008.sha256
deleted file mode 100644
index 3590caf..0000000
--- a/Source/Original/nBot 0.32 - May 2008/nBot 0.32 - May 2008.sha256
+++ /dev/null
@@ -1 +0,0 @@
-f1375f24795bd1dd76d002fef32f85685d21d113165eff6db86f01126235ce95 Compressed/./NBot - July 2008/./NBot - July 2008.zip
diff --git a/conf/index.csv b/conf/index.csv
index 9bee64a..750f9fd 100644
--- a/conf/index.csv
+++ b/conf/index.csv
@@ -1,31 +1,35 @@
-1,Source/Original/Dokan - Dec 2008/index.log,__,Dokan,unknown,unknown,c,12/2008,x86,win32
-2,Source/Original/NBot - July 2008/index.log,botnet,NBot,unknown,unknown,cpp,07/2008,x86,win32
-3,Source/Original/ShadowBot v3 - March 2007/index.log,botnet,ShadowBot,3,unknown,cpp,03/2007,x86,win32
-4,Source/Original/rBot 0.3.3 - May 2004/index.log,botnet,rBot,0.3.3,unknown,cpp,05/2004,x86,win32
-5,Source/Original/ZeuS 2.0.8.9 - Feb 2013/index.log,botnet,ZeuS,2.0.8.9,unknown,c,02/2013,x86,win32
-6,Source/Original/X0R-USB - Virus Version - Jan 2009/index.log,virus,X0R-USB-Virus,unknown,unknown,c,01/2009,x86,win32
-7,Source/Original/LoexBot1.3 - Sep 2008/index.log,botnet,LoexBot,1.3,unknown,cpp,09/2008,x86,win32
-8,Source/Original/ZunkerBot 1.4.5 - Sep 2007/index.log,botnet,ZunkerBot,1.4.5,unknown,php,09/2007,x86,win32
-9,Source/Original/DopeBot v0.22 UnCrippled- Feb 2007/index.log,botnet,DopeBot-UnCrippled,0.22,unknown,cpp,02/2007,x86,win32
-10,Source/Original/vbBot - Jan 2007/index.log,botnet,vbBot,unknown,unknown,vb,01/2007,x86,win32
-11,Source/Original/xTBot 0.0.2 - 2 Feb 2002/index.log,botnet,xTBot,0.0.2,unknown,cpp,02/2002,x86,win32
-12,Source/Original/VBS.Win32.Vabian - Unknown/index.log,VBS-Worm,VBS.Win32.Vabian,unknown,unknown,vb,unknown,x86,win32
-13,Source/Original/DopeBot v0.22 Crippled- Feb 2007/index.log,botnet,DopeBot-Crippled,0.22,unknown,cpp,02/2007,x86,win32
-14,Source/Original/Win32.MiniPig - Nov 2006/index.log,Worm,Win32.MiniPig,unknown,unknown,c,11/2006,x86,win32
-15,Source/Original/HellBot v3.0 - 10 June 2005/index.log,botnet,Hellbot,3.0,unknown,cpp,06/2005,x86,win32
-16,Source/Original/Win32.ogw0rm - Nov 2008/index.log,Worm,Win32.ogwOrm,unknown,unknown,cpp,11/2008,x86,win32
-17,Source/Original/DopeBot.B - Dec 2004/index.log,botnet,DopeBot.B,unknown,unknown,cpp,12/2004,x86,win32
-18,Source/Original/LiquidBot - May 2005/index.log,botnet,LiquidBot,unknown,unknown,cpp,05/2005,x86,win32
-19,Source/Original/SpazBot 2.12 - June 2007/index.log,botnet,SpazBot,2.12,unknown,vb,06/2007,x86,win32
-20,Source/Original/DBot v3.1 - March 2007/index.log,botnet,DBot,3.1,unknown,c,03/2007,x86,win32
-21,Source/Original/CyberBot v2.2 - October 2006/index.log,botnet,CyberBot,2.2,unknown,cpp,10/2006,x86,win32
-22,Source/Original/DopeBot.A - Dec 2004/index.log,botnet,DopeBot.A,unknown,unknown,cpp,12/2004,x86,win32
-23,Source/Original/MyDoom.A - Jan 2004/index.log,__,MyDoom.A,unknown,unknown,c,01/2004,x86,win32
-24,Source/Original/ShadowBot - Sep 2008/index.log,botnet,ShadowBot,unknown,unknown,cpp,09/2008,x86,win32
-25,Binaries/CryptoLocker Ransomware 20th Nov 2013/index.log,ransomeware,CryptoLocker,Unknown,Unknown,bin,20/12/2013,x86,win32
-26,Binaries/CryptoLocker Ransomware 10th Sep 2013/index.log,ransomeware,CryptoLocker,Unknown,Unknown,bin,10/12/2013,x86,win32
-27,Binaries/IllusionBot - May 2007/index.log,botnet,Illusion Bot,Unknown,Unknown,bin,00/05/2007,x86,win32
-28,Source/Original/nBot 0.32 - May 2008/index.log,botnet,nBot,0.32,Unknown,c,00/05/2008,x86,win32
-29,Binaries/Trojan.Dropper.Gen/index.log,trojan,Dropper,Unknown,Unknown,bin,00/01/2014,x86,win32
-30,Binaries/Trojan.NSIS.Win32/index.log,trojan,NSIS,Unknown,Unknown,bin,00/01/2014,x86,win32
-31,Binaries/Trojan.Win32.Bechiro.BCD/index.log,trojan,Bechiro,BCD,Unknown,bin,00/01/2014,x86,win32
\ No newline at end of file
+1,Source/Original/Dokan_Dec2008/Dokan_Dec2008,botnet,Dokan,unknown,unknown,c,00/12/2008,x86,win32
+3,Source/Original/ShadowBotv3_March2007/ShadowBotv3_March2007,botnet,ShadowBot,3,unknown,cpp,03/2007,x86,win32
+4,Source/Original/rBot0.3.3_May2004/rBot0.3.3_May2004,botnet,rBot,0.3.3,unknown,cpp,00/05/2004,x86,win32
+5,Source/Original/ZeuS2.0.8.9_Feb2013/ZeuS2.0.8.9_Feb2013,botnet,ZeuS,2.0.8.9,unknown,c,02/2013,x86,win32
+6,Source/Original/X0R-USB_Jan2009/X0R-USB_Jan2009,virus,X0R-USB-Virus,unknown,unknown,c,00/01/2009,x86,win32
+7,Source/Original/LoexBot1.3_Sep2008/LoexBot1.3_Sep2008,botnet,LoexBot,1.3,unknown,cpp,00/09/2008,x86,win32
+8,Source/Original/ZunkerBot1.4.5_Sep2007/ZunkerBot1.4.5_Sep2007,botnet,ZunkerBot,1.4.5,unknown,php,09/2007,x86,win32
+9,Source/Original/DopeBotv0.22_UnCrippled_Feb2007/DopeBotv0.22_UnCrippled_Feb2007,botnet,DopeBot-UnCrippled,0.22,unknown,cpp,00/02/2007,x86,win32
+10,Source/Original/vbBot_Jan2007/vbBot_Jan2007,botnet,vbBot,unknown,unknown,vb,01/2007,x86,win32
+11,Source/Original/xTBot0.0.2_2Feb2002/xTBot0.0.2_2Feb2002,botnet,xTBot,0.0.2,unknown,cpp,02/2002,x86,win32
+12,Source/Original/VBS.Win32.Vabian/VBS.Win32.Vabian,VBS-Worm,VBS.Win32.Vabian,botnet,unknown,vb,unknown,x86,win32
+13,Source/Original/DopeBotv0.22_CrippledFeb2007/DopeBotv0.22_CrippledFeb2007,botnet,DopeBot-Crippled,0.22,unknown,cpp,00/02/2007,x86,win32
+14,Source/Original/Win32.MiniPig_Nov2006/Win32.MiniPig_Nov2006,Worm,Win32.MiniPig,virus,unknown,c,00/11/2006,x86,win32
+15,Source/Original/HellBotv3.0_10June2005/HellBotv3.0_10June2005,botnet,Hellbot,3.0,unknown,cpp,00/06/2005,x86,win32
+16,Source/Original/Win32.ogw0rm_Nov2008/Win32.ogw0rm_Nov2008,Worm,Win32.ogwOrm,unknown,unknown,cpp,00/11/2008,x86,win32
+17,Source/Original/DopeBot.B_Dec2004/DopeBot.B_Dec2004,botnet,DopeBot.B,unknown,unknown,cpp,00/12/2004,x86,win32
+18,Source/Original/LiquidBot_May2005/LiquidBot_May2005,botnet,LiquidBot,unknown,unknown,cpp,00/05/2005,x86,win32
+19,Source/Original/SpazBot2.12_June2007/SpazBot2.12_June2007,botnet,SpazBot,2.12,unknown,vb,00/06/2007,x86,win32
+20,Source/Original/DBotv3.1_March2007/DBotv3.1_March2007,botnet,DBot,3.1,unknown,c,00/03/2007,x86,win32
+21,Source/Original/CyberBotv2.2_October2006/CyberBotv2.2_October2006,botnet,CyberBot,2.2,unknown,cpp,00/10/2006,x86,win32
+22,Source/Original/DopeBot.A_Dec2004/DopeBot.A_Dec2004,botnet,DopeBot.A,unknown,unknown,cpp,00/12/2004,x86,win32
+23,Source/Original/MyDoom.A_Jan2004/MyDoom.A_Jan2004,virus,MyDoom.A,unknown,unknown,c,00/01/2004,x86,win32
+24,Source/Original/ShadowBot_Sep2008/ShadowBot_Sep2008,botnet,ShadowBot,unknown,unknown,cpp,00/09/2008,x86,win32
+25,Binaries/CryptoLocker20Nov2013/CryptoLocker20Nov2013,ransomeware,CryptoLocker,Unknown,Unknown,bin,20/12/2013,x86,win32
+26,Binaries/CryptoLocker_10Sep2013/CryptoLocker_10Sep2013,ransomeware,CryptoLocker,Unknown,Unknown,bin,10/12/2013,x86,win32
+27,Binaries/IllusionBot_May2007/IllusionBot_May2007,botnet,Illusion Bot,Unknown,Unknown,bin,00/05/2007,x86,win32
+28,Source/Original/NBot_July2008/NBot_July2008,botnet,nBot,0.32,Unknown,c,00/05/2008,x86,win32
+29,Binaries/Trojan.Dropper.Gen/Trojan.Dropper.Gen,trojan,Dropper,Unknown,Unknown,bin,00/01/2014,x86,win32
+30,Binaries/Trojan.NSIS.Win32/Trojan.NSIS.Win32,trojan,NSIS,Unknown,Unknown,bin,00/01/2014,x86,win32
+31,Binaries/Trojan.Win32.Bechiro.BCD/Trojan.Win32.Bechiro.BCD,trojan,Bechiro,BCD,Unknown,bin,00/01/2014,x86,win32
+32,Binaries/AndroRat_6Dec2013/AndroRat_6Dec2013,botnet,AndroRat,Dec2013,Unknown,java,06/12/2013,x86,win32
+33,Binaries/CryptoLocker_22Jan2014/CryptoLocker_22Jan2014,ransomeware,CryptoLocker,Jan2014,Unknown,bin,22/01/2014,x86,win32
+34,Binaries/njRAT-v0.6.4/njRAT-v0.6.4,botnet,njRAT,0.6.4,Unknown,bin,00/09/2013,x86,win32
+35,Binaries/ZeusBankingVersion_26Nov2013/ZeusBankingVersion_26Nov2013,botnet,Zeus - zBot,Nov2013,Unknown,bin,23/11/2013,x86,win32
+36,Source/Original/NullBot_Dec2006/NullBot_Dec2006,botnet,NullBot,Dec2006,Unknown,cpp,00/12/2006,x86,win32
\ No newline at end of file
diff --git a/imports/__init__.py b/imports/__init__.py
new file mode 100644
index 0000000..6755d5f
--- /dev/null
+++ b/imports/__init__.py
@@ -0,0 +1 @@
+__author__ = 'tisf'
diff --git a/imports/eula_handler.py b/imports/eula_handler.py
new file mode 100644
index 0000000..d27f74e
--- /dev/null
+++ b/imports/eula_handler.py
@@ -0,0 +1,60 @@
+#!/usr/bin/env python
+
+ #Malware DB - the most awesome free malware database on the air
+ #Copyright (C) 2014, Yuval Nativ, Lahad Ludar, 5Fingers
+
+ #This program is free software: you can redistribute it and/or modify
+ #it under the terms of the GNU General Public License as published by
+ #the Free Software Foundation, either version 3 of the License, or
+ #(at your option) any later version.
+
+ #This program is distributed in the hope that it will be useful,
+ #but WITHOUT ANY WARRANTY; without even the implied warranty of
+ #MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ #GNU General Public License for more details.
+
+ #You should have received a copy of the GNU General Public License
+ #along with this program. If not, see .
+
+import sys
+from imports import globals
+
+
+class EULA:
+
+ def __init__(self, langs = None, oneRun=True):
+ #self.oneRun = oneRun
+ self.check_eula_file()
+ #self.prompt_eula()
+
+ def check_eula_file(self):
+ try:
+ with open(globals.vars.eula_file):
+ return 1
+ except IOError:
+ return 0
+
+ def prompt_eula(self):
+ globals.init()
+ #os.system('clear')
+ print globals.bcolors.RED
+ print '_____________________________________________________________________________'
+ print '| ATTENTION!!! ATTENTION!!! ATTENTION!!! |'
+ print '| ' + globals.vars.appname + ' v' + globals.vars.version + ' |'
+ print '|___________________________________________________________________________|'
+ print '|This program contain live and dangerous malware files |'
+ print '|This program is intended to be used only for malware analysis and research |'
+ print '|and by agreeing the EULA you agree to only use it for legal purposes and |'
+ print '|studying malware. |'
+ print '|You understand that these file are dangerous and should only be run on VMs |'
+ print '|you can control and know how to handle. Running them on a live system will |'
+ print '|infect you machines will live and dangerous malwares!. |'
+ print '|___________________________________________________________________________|'
+ print globals.bcolors.WHITE
+ eula_answer = raw_input('Type YES in captial letters to accept this EULA.\n >')
+ if eula_answer == 'YES':
+ new = open(globals.vars.eula_file, 'a')
+ new.write(eula_answer)
+ else:
+ print 'You need to accept the EULA.\nExiting the program.'
+ sys.exit(1)
\ No newline at end of file
diff --git a/imports/globals.py b/imports/globals.py
new file mode 100644
index 0000000..dc5eafc
--- /dev/null
+++ b/imports/globals.py
@@ -0,0 +1,95 @@
+#!/usr/bin/env python
+
+ #Malware DB - the most awesome free malware database on the air
+ #Copyright (C) 2014, Yuval Nativ, Lahad Ludar, 5Fingers
+
+ #This program is free software: you can redistribute it and/or modify
+ #it under the terms of the GNU General Public License as published by
+ #the Free Software Foundation, either version 3 of the License, or
+ #(at your option) any later version.
+
+ #This program is distributed in the hope that it will be useful,
+ #but WITHOUT ANY WARRANTY; without even the implied warranty of
+ #MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ #GNU General Public License for more details.
+
+ #You should have received a copy of the GNU General Public License
+ #along with this program. If not, see .
+import sys
+
+class init:
+ def init(self):
+ # Global Variables
+ version = "0.4.2 Arthur"
+ appname = "Malware DB"
+ authors = "Yuval Nativ, Lahad Ludar, 5fingers"
+ licensev = "GPL v3.0"
+ fulllicense = appname + " Copyright (C) 2014 " + authors + "\n"
+ fulllicense += "This program comes with ABSOLUTELY NO WARRANTY; for details type '" + sys.argv[0] +" -w'.\n"
+ fulllicense += "This is free software, and you are welcome to redistribute it."
+
+ useage = '\nUsage: ' + sys.argv[0] + ' -s search_query -t trojan -p vb\n\n'
+ useage += 'The search engine can search by regular search or using specified arguments:\n\nOPTIONS:\n -h --help\t\tShow this message\n -t --type\t\tMalware type, can be virus/trojan/botnet/spyware/ransomeware.\n -p --language\tProgramming language, can be c/cpp/vb/asm/bin/java.\n -u --update\t\tUpdate malware index. Rebuilds main CSV file. \n -s --search\t\tSearch query for name or anything. \n -v --version\tPrint the version information.\n -w\t\t\tPrint GNU license.\n'
+
+ column_for_pl = 6
+ column_for_type = 2
+ column_for_location = 1
+ colomn_for_time = 7
+ column_for_version = 4
+ column_for_name = 3
+ column_for_uid = 0
+ column_for_arch = 8
+ column_for_plat = 9
+ conf_folder = 'conf'
+ eula_file = conf_folder + '/eula_run.conf'
+ maldb_ver_file = conf_folder + '/db.ver'
+ main_csv_file = conf_folder + '/index.csv'
+ giturl = 'https://raw.github.com/ytisf/theZoo/master/'
+ addrs = ['reverce_tcp/', 'crazy_mal/', 'mal/', 'show malwares']
+
+class bcolors:
+ PURPLE = '\033[95m'
+ BLUE = '\033[94m'
+ GREEN = '\033[92m'
+ YELLOW = '\033[93m'
+ RED = '\033[91m'
+ WHITE = '\033[0m'
+
+class vars:
+ version = "0.4.2 Arthur"
+ appname = "Malware DB"
+ authors = "Yuval Nativ, Lahad Ludar, 5fingers"
+ licensev = "GPL v3.0"
+ fulllicense = appname + " Copyright (C) 2014 " + authors + "\n"
+ fulllicense += "This program comes with ABSOLUTELY NO WARRANTY; for details type '" + sys.argv[0] +" -w'.\n"
+ fulllicense += "This is free software, and you are welcome to redistribute it."
+
+ useage = '\nUsage: ' + sys.argv[0] + ' -s search_query -t trojan -p vb\n\n'
+ useage += 'The search engine can search by regular search or using specified arguments:\n\nOPTIONS:\n -h --help\t\tShow this message\n -t --type\t\tMalware type, can be virus/trojan/botnet/spyware/ransomeware.\n -p --language\tProgramming language, can be c/cpp/vb/asm/bin/java.\n -u --update\t\tUpdate malware index. Rebuilds main CSV file. \n -s --search\t\tSearch query for name or anything. \n -v --version\tPrint the version information.\n -w\t\t\tPrint GNU license.\n'
+
+ column_for_pl = 6
+ column_for_type = 2
+ column_for_location = 1
+ colomn_for_time = 7
+ column_for_version = 4
+ column_for_name = 3
+ column_for_uid = 0
+ column_for_arch = 8
+ column_for_plat = 9
+
+ conf_folder = 'conf'
+ eula_file = conf_folder + '/eula_run.conf'
+ maldb_ver_file = conf_folder + '/db.ver'
+ main_csv_file = conf_folder + '/index.csv'
+ giturl = 'https://raw.github.com/ytisf/theZoo/master/'
+
+ maldb_banner = " __ ___ __ ____ ____\n"
+ maldb_banner += " / |/ /___ _/ / ______ _________ / __ \/ __ )\n"
+ maldb_banner += " / /|_/ / __ `/ / | /| / / __ `/ ___/ _ \______/ / / / __ |\n"
+ maldb_banner += " / / / / /_/ / /| |/ |/ / /_/ / / / __/_____/ /_/ / /_/ /\n"
+ maldb_banner += " /_/ /_/\__,_/_/ |__/|__/\__,_/_/ \___/ /_____/_____/\n"
+ maldb_banner += " version: " + version + "\n"
+ maldb_banner += " built by: " + authors + "\n\n"
+
+ addrs = ['reverce_tcp/', 'crazy_mal/', 'mal/', 'show malwares']
+ addrs = ['list', 'search', 'get', 'exit']
diff --git a/imports/manysearches.py b/imports/manysearches.py
new file mode 100644
index 0000000..8c63eba
--- /dev/null
+++ b/imports/manysearches.py
@@ -0,0 +1,31 @@
+from imports import globals
+
+
+class MuchSearch(object):
+ def __init__(self):
+ self.array = []
+
+ def sort(self, array, column, value):
+ i=0
+ m=[]
+ for each in array:
+ if array[i][column] == value:
+ m.append(each)
+ i = i + 1
+ return m
+
+ def PrintPayloads(self, m):
+ print "\nPayloads Found:"
+ array = m
+ i = 0
+ print "ID\tType\t\tLang\tArch\tPlat\tName"
+ print '---\t-----\t\t-----\t----\t-----\t----------------'
+ for element in array:
+ answer = array[i][globals.vars.column_for_uid]
+ answer += '\t%s' % ('{0: <12}'.format(array[i][globals.vars.column_for_type]))
+ answer += '\t%s' % ('{0: <12}'.format(array[i][globals.vars.column_for_pl]))
+ answer += array[i][globals.vars.column_for_arch] + '\t'
+ answer += array[i][globals.vars.column_for_plat] + '\t'
+ answer += '\t%s' % ('{0: <12}'.format(array[i][globals.vars.column_for_name]))
+ print answer
+ i=i+1
diff --git a/imports/muchmuchstrings.py b/imports/muchmuchstrings.py
new file mode 100644
index 0000000..18f92e8
--- /dev/null
+++ b/imports/muchmuchstrings.py
@@ -0,0 +1,42 @@
+#!/usr/bin/env python
+
+ #Malware DB - the most awesome free malware database on the air
+ #Copyright (C) 2014, Yuval Nativ, Lahad Ludar, 5Fingers
+
+ #This program is free software: you can redistribute it and/or modify
+ #it under the terms of the GNU General Public License as published by
+ #the Free Software Foundation, either version 3 of the License, or
+ #(at your option) any later version.
+
+ #This program is distributed in the hope that it will be useful,
+ #but WITHOUT ANY WARRANTY; without even the implied warranty of
+ #MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ #GNU General Public License for more details.
+
+ #You should have received a copy of the GNU General Public License
+ #along with this program. If not, see .
+
+from imports import globals
+
+
+class banners:
+
+ def print_license(self):
+ print ""
+ print globals.vars.fulllicense
+ print ""
+
+ def versionbanner(self):
+ print ""
+ print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
+ print "\t\t " + globals.vars.appname + ' v' + globals.vars.version
+ print "Built by:\t\t" + globals.vars.authors
+ print "Is licensed under:\t" + globals.vars.licensev
+ print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
+ print globals.vars.fulllicense
+ print globals.vars.useage
+
+ def print_available_payloads(self, array):
+ answer = array[globals.vars.column_for_uid] + "\t" + array[globals.vars.column_for_name]+ "\t" + array[globals.vars.column_for_version] + "\t\t"
+ answer += array[globals.vars.column_for_location] + "\t\t" + array[globals.vars.colomn_for_time]
+ print answer
diff --git a/imports/terminal_handler.py b/imports/terminal_handler.py
new file mode 100644
index 0000000..7bccc4f
--- /dev/null
+++ b/imports/terminal_handler.py
@@ -0,0 +1,162 @@
+import csv
+import sys
+import re
+
+import globals
+from imports import manysearches
+from imports.updatehandler import Updater
+
+
+class Controller:
+ def __init__(self):
+ self.modules = None
+ self.currentmodule = ''
+ self.commands = [ ("search", "searching for malwares using given parameter with 'set'."),
+ ("list all", "lists all available modules"),
+ ("set", "sets options for the search"),
+ ("get", "downloads the malware"),
+ ("update-db", "updates the databse"),
+ ("back", "removes currently chosen malware"),
+ ("help", "displays this help..."),
+ ("exit", "exits...")]
+
+ self.searchmeth = [ ("arch","which architecture etc; x86, x64, arm7 so on..."),
+ ("plat","platform: win32, win64, mac, android so on..."),
+ ("lang","c, cpp, vbs, bin so on..."),
+ ("","")]
+
+ self.modules = self.GetPayloads()
+
+ print 'im at init'
+ self.plat = ''
+ self.arch = ''
+ self.lang = ''
+ self.type = ''
+
+
+ def GetPayloads(self):
+ m = []
+ csvReader = csv.reader(open(globals.vars.main_csv_file, 'rb'), delimiter=',')
+ for row in csvReader:
+ m.append(row)
+ return m
+
+ def MainMenu(self):
+ if len(self.currentmodule) > 0:
+ g = int(self.currentmodule) - 1
+ just_print = self.modules[int(g)][int(globals.vars.column_for_name)]
+ cmd = raw_input(
+ globals.bcolors.GREEN + 'mdb ' + globals.bcolors.RED + str(just_print) + globals.bcolors.GREEN + '#> ' + globals.bcolors.WHITE).strip()
+ else:
+ cmd = raw_input(globals.bcolors.GREEN + 'mdb ' + globals.bcolors.GREEN + '#> ' + globals.bcolors.WHITE).strip()
+
+ try:
+ while cmd == "":
+ #print 'no cmd'
+ self.MainMenu()
+
+ if cmd == 'help':
+ print " Available commands:\n"
+ for (cmd, desc) in self.commands:
+ print "\t%s\t%s" % ('{0: <12}'.format(cmd), desc)
+ print ''
+ self.MainMenu()
+
+ if cmd == 'search':
+ ar = self.modules
+ manySearch = manysearches.MuchSearch()
+
+ # function to sort by arch
+ if len(self.arch) > 0:
+ ar = manySearch.sort(ar, globals.vars.column_for_arch, self.arch)
+ # function to sort by plat
+ if len(self.plat) > 0:
+ ar = manySearch.sort(ar, globals.vars.column_for_plat, self.plat)
+ # function to sort by lang
+ if len(self.lang) > 0:
+ ar = manySearch.sort(ar, globals.vars.column_for_pl, self.lang)
+ if len(self.type) > 0:
+ ar = manySearch.sort(ar, globals.vars.column_for_type, self.type)
+ printController = manysearches.MuchSearch()
+ printController.PrintPayloads(ar)
+ self.MainMenu()
+
+ if re.match('^set', cmd):
+ cmd = re.split('\s+', cmd)
+ print cmd[1] + ' => ' + cmd[2]
+ if cmd[1] == 'arch':
+ self.arch = cmd[2]
+ if cmd[1] == 'plat':
+ self.plat = cmd[2]
+ if cmd[1] == 'lang':
+ self.lang = cmd[2]
+ if cmd[1] == 'type':
+ self.type = cmd[2]
+ cmd = ''
+ self.MainMenu()
+
+ if cmd == 'show':
+ if len(self.currentmodule) == 0:
+ print "No modules have been chosen. Use 'use' command."
+ if len(self.currentmodule) > 0:
+ print 'Currently selected Module: ' + self.currentmodule
+ print '\tarch => ' + str(self.arch)
+ print '\tplat => ' + str(self.plat)
+ print '\tlang => ' + str(self.lang)
+ print '\ttype => ' + str(self.type)
+ print ''
+ self.MainMenu()
+
+ if cmd == 'exit':
+ sys.exit(1)
+
+ if cmd == 'update-db':
+ updateHandler = Updater()
+ updateHandler.get_maldb_ver()
+ self.MainMenu()
+
+ if cmd == 'get':
+ updateHandler = Updater()
+ try:
+ updateHandler.get_malware(self.currentmodule, self.modules)
+ self.MainMenu()
+ except:
+ print globals.bcolors.RED + '[-]' + globals.bcolors.WHITE + 'Error getting malware.'
+ self.MainMenu()
+
+ if re.match('^use', cmd):
+ cmd = re.split('\s+', cmd)
+ self.currentmodule = cmd[1]
+ cmd = ''
+ self.MainMenu()
+
+ if cmd == 'back':
+ print 'im at back - WTF?'
+ self.arch = ''
+ self.plat = ''
+ self.lang = ''
+ self.type = ''
+ self.currentmodule = ''
+ self.MainMenu()
+
+ if cmd == 'list all':
+ print "\nAvailable Payloads:"
+ array = self.modules
+ i = 0
+ print "ID\tName\tType"
+ print '-----------------'
+ for element in array:
+ answer = array[i][globals.vars.column_for_uid]
+ answer += '\t%s' % ('{0: <12}'.format(array[i][globals.vars.column_for_name]))
+ answer += '\t%s' % ('{0: <12}'.format(array[i][globals.vars.column_for_type]))
+ print answer
+ i=i+1
+ self.MainMenu()
+
+ if cmd == 'quit':
+ print ":("
+ sys.exit(1)
+
+ except KeyboardInterrupt:
+ print ("i'll just go now...")
+ sys.exit()
diff --git a/imports/updatehandler.py b/imports/updatehandler.py
new file mode 100644
index 0000000..e666a48
--- /dev/null
+++ b/imports/updatehandler.py
@@ -0,0 +1,115 @@
+#!/usr/bin/env python
+
+ #Malware DB - the most awesome free malware database on the air
+ #Copyright (C) 2014, Yuval Nativ, Lahad Ludar, 5Fingers
+
+ #This program is free software: you can redistribute it and/or modify
+ #it under the terms of the GNU General Public License as published by
+ #the Free Software Foundation, either version 3 of the License, or
+ #(at your option) any later version.
+
+ #This program is distributed in the hope that it will be useful,
+ #but WITHOUT ANY WARRANTY; without even the implied warranty of
+ #MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ #GNU General Public License for more details.
+
+ #You should have received a copy of the GNU General Public License
+ #along with this program. If not, see .
+import sys
+import urllib2
+from imports import globals
+
+
+class Updater:
+
+ def get_maldb_ver(self):
+ try:
+ with file(globals.vars.maldb_ver_file) as f:
+ return f.read()
+ except IOError:
+ print("No malware DB version file found.\nPlease try to git clone the repository again.\n")
+ return 0
+
+ def update_db(self):
+ try:
+ with file(globals.vars.maldb_ver_file) as f:
+ f = f.read()
+ except IOError:
+ print("No malware DB version file found.\nPlease try to git clone the repository again.\n")
+ return 0
+
+ curr_maldb_ver = f
+ response = urllib2.urlopen(globals.vars.giturl+ globals.vars.maldb_ver_file)
+ new_maldb_ver = response.read()
+ if new_maldb_ver == curr_maldb_ver:
+ print globals.bcolors.GREEN + '[+]' + globals.bcolors.WHITE + " No need for an update.\n" + globals.bcolors.GREEN + '[+]' + globals.bcolors.WHITE + " You are at " + new_maldb_ver + " which is the latest version."
+ sys.exit(1)
+ # Write the new DB version into the file
+ f = open(globals.vars.maldb_ver_file, 'w')
+ f.write(new_maldb_ver)
+ f.close()
+
+ # Get the new CSV and update it
+ csvurl = globals.vars.giturl + globals.vars.main_csv_file
+ u = urllib2.urlopen(csvurl)
+ f = open(globals.vars.main_csv_file, 'wb')
+ meta = u.info()
+ file_size = int(meta.getheaders("Content-Length")[0])
+ print "Downloading: %s Bytes: %s" % (globals.vars.main_csv_file, file_size)
+ file_size_dl = 0
+ block_sz = 8192
+ while True:
+ buffer = u.read(block_sz)
+ if not buffer:
+ break
+ file_size_dl += len(buffer)
+ f.write(buffer)
+ status = r"%10d [%3.2f%%]" % (file_size_dl, file_size_dl * 100. / file_size)
+ status = status + chr(8)*(len(status)+1)
+ print status,
+ f.close()
+
+ def get_malware(self, id, allmal):
+ #get mal location
+ loc = allmal[id][globals.vars.column_for_location]
+ #concat with location
+ ziploc = globals.vars.giturl + '/' + loc + '.zip'
+ passloc = globals.vars.giturl + '/' + loc + '.pass'
+ #get from git
+ u = urllib2.urlopen(ziploc)
+ f = open(id+'zip', 'wb')
+ meta = u.info()
+ file_size = int(meta.getheaders("Content-Length")[0])
+ print "Downloading: %s Bytes: %s" % (loc, file_size)
+ file_size_dl = 0
+ block_sz = 8192
+ while True:
+ buffer = u.read(block_sz)
+ if not buffer:
+ break
+ file_size_dl += len(buffer)
+ f.write(buffer)
+ status = r"%10d [%3.2f%%]" % (file_size_dl, file_size_dl * 100. / file_size)
+ status = status + chr(8)*(len(status)+1)
+ print status,
+ f.close()
+
+ #get pass from git
+ u = urllib2.urlopen(passloc)
+ f = open(id+'pass', 'wb')
+ meta = u.info()
+ file_size = int(meta.getheaders("Content-Length")[0])
+ print "Downloading: %s Bytes: %s" % (loc, file_size)
+ file_size_dl = 0
+ block_sz = 8192
+ while True:
+ buffer = u.read(block_sz)
+ if not buffer:
+ break
+ file_size_dl += len(buffer)
+ f.write(buffer)
+ status = r"%10d [%3.2f%%]" % (file_size_dl, file_size_dl * 100. / file_size)
+ status = status + chr(8)*(len(status)+1)
+ print status,
+ f.close()
+ #alert ready
diff --git a/malware-db.py b/malware-db.py
index 8397ad0..746a6ad 100644
--- a/malware-db.py
+++ b/malware-db.py
@@ -1,246 +1,112 @@
#!/usr/bin/env python
-#Malware DB - the most awesome free malware database on the air
-#Copyright (C) 2014, Yuval Nativ, Lahad Ludar, 5fingers
+ #Malware DB - the most awesome free malware database on the air
+ #Copyright (C) 2014, Yuval Nativ, Lahad Ludar, 5Fingers
-#This program is free software: you can redistribute it and/or modify
-#it under the terms of the GNU General Public License as published by
-#the Free Software Foundation, either version 3 of the License, or
-#(at your option) any later version.
+ #This program is free software: you can redistribute it and/or modify
+ #it under the terms of the GNU General Public License as published by
+ #the Free Software Foundation, either version 3 of the License, or
+ #(at your option) any later version.
-#This program is distributed in the hope that it will be useful,
-#but WITHOUT ANY WARRANTY; without even the implied warranty of
-#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-#GNU General Public License for more details.
+ #This program is distributed in the hope that it will be useful,
+ #but WITHOUT ANY WARRANTY; without even the implied warranty of
+ #MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ #GNU General Public License for more details.
-#You should have received a copy of the GNU General Public License
-#along with this program. If not, see .
+ #You should have received a copy of the GNU General Public License
+ #along with this program. If not, see .
+from imports import muchmuchstrings
-__version__ = "0.2 Beta"
+__version__ = "0.4.2 Arthur"
__appname__ = "Malware DB"
-__authors__ = ["Yuval Nativ", "Lahad Ludar", "5fingers"]
+__authors__ = ["Yuval Nativ","Lahad Ludar","5Fingers"]
__licensev__ = "GPL v3.0"
-__maintainer__ = "Yuval Nativ"
+__maintainer = "Yuval Nativ"
__status__ = "Development"
import sys
import getopt
-import subprocess
import csv
-import urllib2
-# import git
-#import os
-#import inspect
+import os
+from imports.updatehandler import Updater
+from imports.eula_handler import EULA
+from imports.globals import vars
+from imports.terminal_handler import Controller
def main():
- # Set general variables.
- version = __version__
- appname = __appname__
- licensev = __licensev__
- authors = "Yuval Nativ, Lahad Ludar, 5fingers"
- fulllicense = appname + " Copyright (C) 2014 " + authors + "\n"
- fulllicense += "This program comes with ABSOLUTELY NO WARRANTY; for details type '" + sys.argv[0] + " -w'.\n"
- fulllicense += "This is free software, and you are welcome to redistribute it."
+ # Much much imports :)
+ updateHandler = Updater
+ eulaHandler = EULA()
+ bannerHandler = muchmuchstrings.banners()
+ terminalHandler = Controller()
- useage = '\nUsage: ' + sys.argv[0] + ' -s search_query -t trojan -p vb\n\n'
- useage += 'The search engine can search by regular search or using specified arguments:\n\n'
- useage += 'OPTIONS:\n'
- useage += ' -h --help\t\tShow this message\n'
- useage += ' -t --type\t\tMalware type, can be virus/trojan/botnet/spyware/ransomeware.\n'
- useage += ' -p --language\tProgramming language, can be c/cpp/vb/asm/bin/java.\n'
- useage += ' -l --platform\tPlatform of malware. Can be win32/win64/arm.\n'
- useage += ' -a --arch\t\tArchitecture of malware. Can be x86/x64/android/ios.\n'
- useage += ' -u --update\t\tUpdate malware index. Rebuilds main CSV file. \n'
- useage += ' -s --search\t\tSearch query for name or anything. \n'
- useage += ' -v --version\tPrint the version information.\n' # needs to print db version
- useage += ' -w \t\t\tPrints license information. \n'
- # Basic configurations for later use
- column_for_uid = 0
- column_for_location = 1
- column_for_type = 2
- column_for_name = 3
- column_for_version = 4
- column_for_pl = 6
- colomn_for_time = 7
- column_for_arch = 8
- column_for_plat = 9
-
- conf_folder = 'conf'
- eula_file = conf_folder + '/eula_run.conf'
- maldb_ver_file = conf_folder + '/db.ver'
- main_csv_file = conf_folder + '/index.csv'
- giturl = 'https://raw.github.com/ytisf/theZoo/master/'
-
- # Zeroing everything
- type_of_mal = ""
- pl = ""
- search = ""
- new = ""
- update = 0
- m = [];
- a = 0
- eula_answer = 'no'
- f = ""
- get_malware = 0
- malware_index = 0
- arch = ''
- plat = ''
-
- # Function to print license of malware-db
- def print_license():
- print ""
- print fulllicense
- print ""
-
- # Check if EULA file has been created
- def check_eula_file():
- try:
- with open(eula_file):
- return 1
- except IOError:
- return 0
-
- def get_maldb_ver():
- try:
- with file(maldb_ver_file) as f:
- return f.read()
- except IOError:
- print("No malware DB version file found.\nPlease try to git clone the repository again.\n")
- return 0
-
- # Download an updated version of the CSV from the git file.
- def update_db():
- curr_maldb_ver = get_maldb_ver()
- response = urllib2.urlopen(giturl + maldb_ver_file)
- new_maldb_ver = response.read()
- if new_maldb_ver == curr_maldb_ver:
- print "No need for an update.\nYou are at " + new_maldb_ver + " which is the latest version."
- sys.exit(1)
-
- # Write the new DB version into the file
- f = open(maldb_ver_file, 'w')
- f.write(new_maldb_ver)
- f.close()
-
- # Get the new CSV and update it
- csvurl = giturl + main_csv_file
- u = urllib2.urlopen(csvurl)
- f = open(main_csv_file, 'wb')
- meta = u.info()
- file_size = int(meta.getheaders("Content-Length")[0])
- print "Downloading: %s Bytes: %s" % (main_csv_file, file_size)
- file_size_dl = 0
- block_sz = 8192
- while True:
- buffer = u.read(block_sz)
- if not buffer:
- break
- file_size_dl += len(buffer)
- f.write(buffer)
- status = r"%10d [%3.2f%%]" % (file_size_dl, file_size_dl * 100. / file_size)
- status = status + chr(8) * (len(status) + 1)
- print status,
- f.close()
- print "\nUpdates the malware DB."
- sys.exit()
-
- # prints version banner on screen
- def versionbanner():
- print ""
- print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
- print "\n\t\t " + appname + ' v' + version + '\n'
- print "Built by:\t\t" + authors
- print "Is licensed under:\t" + licensev
- print "DB version:\t\t" + get_maldb_ver()
- print "\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n"
- print fulllicense
- print useage
-
- # Check if maybe no results have been found
def checkresults(array):
if len(array) == 0:
print "No results found\n\n"
sys.exit(1)
- # Check to needed arguments - left for debugging
def checkargs():
print "Type: " + type_of_mal
print "Lang: " + pl
print "Search: " + search
- print "Platform: " + plat
- print "Architecture: " + arch
- # Sort arrays
def filter_array(array, colum, value):
ret_array = [row for row in array if value in row[colum]]
return ret_array
- # A function to print banner header
- def res_banner():
- print "\nUID\tName\t\tVersion\t\tLocation\t\tTime"
- print "---\t----\t\t-------\t\t--------\t\t----"
-
- # print_results will surprisingly print the results...
def print_results(array):
- answer = array[column_for_uid] + "\t" + array[column_for_name] + "\t" + array[column_for_version] + "\t\t"
- answer += array[column_for_location] + "\t\t" + array[colomn_for_time]
+ # print_results will suprisingly print the results...
+ answer = array[vars.column_for_uid] + "\t" + array[vars.column_for_name]+ "\t" + array[vars.column_for_version] + "\t\t"
+ answer += array[vars.column_for_location] + "\t\t" + array[vars.colomn_for_time]
print answer
- options, remainder = getopt.getopt(sys.argv[1:], 'hwuvs:p:t:l:a:',
- ['type=', 'language=', 'search=', 'help', 'update', 'version', 'dbv', 'platform=', 'arch='])
+
+ # Here actually starts Main()
+
+
+ options, remainder = getopt.getopt(sys.argv[1:], 'hwuvs:p:t:', ['type=', 'language=', 'search=', 'help', 'update', 'version', 'dbv' ])
+
+ # Zeroing everything
+ type_of_mal = ""
+ pl = ""
+ search = ""
+ new =""
+ update=0
+ m=[];
+ f = ""
# Checking for EULA Agreement
- a = check_eula_file()
+ a = eulaHandler.check_eula_file()
if a == 0:
- print appname + ' v' + version
- print 'This program contain live and dangerous malware files'
- print 'This program is intended to be used only for malware analysis and research'
- print 'and by agreeing the EULA you agree to only use it for legal purposes and '
- print 'studying malware.'
- print 'You understand that these file are dangerous and should only be run on VMs'
- print 'you can control and know how to handle. Running them on a live system will'
- print 'infect you machines will live and dangerous malwares!.'
- print ''
- eula_answer = raw_input('Type YES in capital letters to accept this EULA.\n')
- if eula_answer == 'YES':
- print 'you types YES'
- new = open(eula_file, 'a')
- new.write(eula_answer)
- else:
- print 'You need to accept the EULA.\nExiting the program.'
- sys.exit(1)
+ eulaHandler.prompt_eula()
# Get arguments
for opt, arg in options:
if opt in ('-h', '--help'):
- print fulllicense
- print useage
+ print vars.fulllicense
+ print vars.useage
sys.exit(1)
elif opt in ('-u', '--update'):
- #update = 1 # removing the rebuild CSV function. in the move from 0.1 alpha to 0.2 beta
- update_db()
+ updateHandler.update_db()
+ sys.exit(1)
elif opt in ('-v', '--version'):
- versionbanner()
+ bannerHandler.versionbanner()
sys.exit(1)
elif opt in '-w':
- print_license()
+ bannerHandler.print_license()
sys.exit(1)
elif opt in ('-t', '--type'):
type_of_mal = arg
elif opt in ('-p', '--language'):
pl = arg
- elif opt in ('-l', '--platform'):
- plat = arg
- elif opt in ('-a', '--arch'):
- arch = arg
elif opt in ('-s', '--search'):
search = arg
elif opt in '--dbv':
# Getting version of malware-DB's database
- a = get_maldb_ver()
+ a = updateHandler.get_maldb_ver()
if a == 0:
sys.exit(0)
elif len(a) > 0:
@@ -248,46 +114,24 @@ def main():
print "Malware-DB Database's version is: " + a
sys.exit()
- # Rebuild CSV
- if update == 1:
- subprocess.call("./Rebuild_CSV.sh", shell=True)
- sys.exit(1)
-
# Take index.csv and convert into array m
- csvReader = csv.reader(open(main_csv_file, 'rb'), delimiter=',');
+ csvReader = csv.reader(open(vars.main_csv_file, 'rb'), delimiter=',')
for row in csvReader:
m.append(row)
# Filter by type
if len(type_of_mal) > 0:
- m = filter_array(m, column_for_type, type_of_mal)
+ m = filter_array(m, vars.column_for_type, type_of_mal)
# Filter by programming language
if len(pl) > 0:
- m = filter_array(m, column_for_pl, pl)
+ m = filter_array(m, vars.column_for_pl, pl)
- # Filter by arch
- if len(arch) > 0:
- m = filter_array(m, column_for_arch, arch)
-
- # Filter by platform
- if len(plat) > 0:
- m = filter_array(m, column_for_plat, plat)
-
- checkargs()
-
- # Free search handler
- if len(search) > 0:
- res_banner()
- matching = [y for y in m if search in y]
- for line in matching:
- checkresults(matching)
- print_results(line)
-
- if len(search) <= 0:
- res_banner()
- for line in m:
- print_results(line)
+ os.system('clear')
+ print vars.maldb_banner
+ while 1:
+ terminalHandler.MainMenu()
+ sys.exit(1)
if __name__ == "__main__":
diff --git a/Binaries/AndroRat - 6 Dec 2013/AndroRat.pass b/malwares/Binaries/AndroRat_6Dec2013/AndroRat_6Dec2013.pass
similarity index 100%
rename from Binaries/AndroRat - 6 Dec 2013/AndroRat.pass
rename to malwares/Binaries/AndroRat_6Dec2013/AndroRat_6Dec2013.pass
diff --git a/Binaries/AndroRat - 6 Dec 2013/AndroRat.rar b/malwares/Binaries/AndroRat_6Dec2013/AndroRat_6Dec2013.rar
similarity index 100%
rename from Binaries/AndroRat - 6 Dec 2013/AndroRat.rar
rename to malwares/Binaries/AndroRat_6Dec2013/AndroRat_6Dec2013.rar
diff --git a/Binaries/AndroRat - 6 Dec 2013/AndroRat.sha256 b/malwares/Binaries/AndroRat_6Dec2013/AndroRat_6Dec2013.sha256
similarity index 100%
rename from Binaries/AndroRat - 6 Dec 2013/AndroRat.sha256
rename to malwares/Binaries/AndroRat_6Dec2013/AndroRat_6Dec2013.sha256
diff --git a/Binaries/CryptoLocker Ransomware 10th Sep 2013/CryptoLocker_9-10-2013.pass b/malwares/Binaries/CryptoLocker20Nov2013/CryptoLocker20Nov2013.pass
similarity index 100%
rename from Binaries/CryptoLocker Ransomware 10th Sep 2013/CryptoLocker_9-10-2013.pass
rename to malwares/Binaries/CryptoLocker20Nov2013/CryptoLocker20Nov2013.pass
diff --git a/Binaries/CryptoLocker Ransomware 20th Nov 2013/CryptoLocker_11-20-2013.sha256 b/malwares/Binaries/CryptoLocker20Nov2013/CryptoLocker20Nov2013.sha256
similarity index 100%
rename from Binaries/CryptoLocker Ransomware 20th Nov 2013/CryptoLocker_11-20-2013.sha256
rename to malwares/Binaries/CryptoLocker20Nov2013/CryptoLocker20Nov2013.sha256
diff --git a/Binaries/CryptoLocker Ransomware 20th Nov 2013/CryptoLocker_11-20-2013.zip b/malwares/Binaries/CryptoLocker20Nov2013/CryptoLocker20Nov2013.zip
similarity index 100%
rename from Binaries/CryptoLocker Ransomware 20th Nov 2013/CryptoLocker_11-20-2013.zip
rename to malwares/Binaries/CryptoLocker20Nov2013/CryptoLocker20Nov2013.zip
diff --git a/Binaries/CryptoLocker Ransomware 20th Nov 2013/CryptoLocker_11-20-2013.pass b/malwares/Binaries/CryptoLocker_10Sep2013/CryptoLocker_10Sep2013.pass
similarity index 100%
rename from Binaries/CryptoLocker Ransomware 20th Nov 2013/CryptoLocker_11-20-2013.pass
rename to malwares/Binaries/CryptoLocker_10Sep2013/CryptoLocker_10Sep2013.pass
diff --git a/Binaries/CryptoLocker Ransomware 10th Sep 2013/CryptoLocker_9-10-2013.sha256 b/malwares/Binaries/CryptoLocker_10Sep2013/CryptoLocker_10Sep2013.sha256
similarity index 100%
rename from Binaries/CryptoLocker Ransomware 10th Sep 2013/CryptoLocker_9-10-2013.sha256
rename to malwares/Binaries/CryptoLocker_10Sep2013/CryptoLocker_10Sep2013.sha256
diff --git a/Binaries/CryptoLocker Ransomware 10th Sep 2013/CryptoLocker_9-10-2013.zip b/malwares/Binaries/CryptoLocker_10Sep2013/CryptoLocker_9-10-2013.zip
similarity index 100%
rename from Binaries/CryptoLocker Ransomware 10th Sep 2013/CryptoLocker_9-10-2013.zip
rename to malwares/Binaries/CryptoLocker_10Sep2013/CryptoLocker_9-10-2013.zip
diff --git a/Binaries/IllusionBot - May 2007/IllusionBot - May 2007.pass b/malwares/Binaries/CryptoLocker_22Jan2014/CryptoLocker_22Jan2014.pass
similarity index 100%
rename from Binaries/IllusionBot - May 2007/IllusionBot - May 2007.pass
rename to malwares/Binaries/CryptoLocker_22Jan2014/CryptoLocker_22Jan2014.pass
diff --git a/malwares/Binaries/CryptoLocker_22Jan2014/CryptoLocker_22Jan2014.sha256 b/malwares/Binaries/CryptoLocker_22Jan2014/CryptoLocker_22Jan2014.sha256
new file mode 100644
index 0000000..511ac30
--- /dev/null
+++ b/malwares/Binaries/CryptoLocker_22Jan2014/CryptoLocker_22Jan2014.sha256
@@ -0,0 +1 @@
+e908dca957b9cb7759feeabef0f2921e3cb236368acc5e124e87af0492308b14
diff --git a/malwares/Binaries/CryptoLocker_22Jan2014/CryptoLocker_22Jan2014.zip b/malwares/Binaries/CryptoLocker_22Jan2014/CryptoLocker_22Jan2014.zip
new file mode 100644
index 0000000..b202ade
Binary files /dev/null and b/malwares/Binaries/CryptoLocker_22Jan2014/CryptoLocker_22Jan2014.zip differ
diff --git a/Binaries/IllusionBot - May 2007/IllusionBot - May 2007.md5 b/malwares/Binaries/IllusionBot_May2007/IllusionBot_May2007.md5
similarity index 100%
rename from Binaries/IllusionBot - May 2007/IllusionBot - May 2007.md5
rename to malwares/Binaries/IllusionBot_May2007/IllusionBot_May2007.md5
diff --git a/Binaries/Zeus Banking Version 26 Nov 2013/Zeus_Zbot_Rootkit_Banking_Trojan.pass b/malwares/Binaries/IllusionBot_May2007/IllusionBot_May2007.pass
similarity index 100%
rename from Binaries/Zeus Banking Version 26 Nov 2013/Zeus_Zbot_Rootkit_Banking_Trojan.pass
rename to malwares/Binaries/IllusionBot_May2007/IllusionBot_May2007.pass
diff --git a/Binaries/IllusionBot - May 2007/IllusionBot - May 2007.rar b/malwares/Binaries/IllusionBot_May2007/IllusionBot_May2007.rar
similarity index 100%
rename from Binaries/IllusionBot - May 2007/IllusionBot - May 2007.rar
rename to malwares/Binaries/IllusionBot_May2007/IllusionBot_May2007.rar
diff --git a/Binaries/njRAT-v0.6.4/njRAT-v0.6.4.pass b/malwares/Binaries/Trojan.Dropper.Gen/Trojan.Dropper.Gen.pass
similarity index 100%
rename from Binaries/njRAT-v0.6.4/njRAT-v0.6.4.pass
rename to malwares/Binaries/Trojan.Dropper.Gen/Trojan.Dropper.Gen.pass
diff --git a/Binaries/Trojan.Dropper.Gen/Trojan.Dropper.Gen.rar b/malwares/Binaries/Trojan.Dropper.Gen/Trojan.Dropper.Gen.rar
similarity index 100%
rename from Binaries/Trojan.Dropper.Gen/Trojan.Dropper.Gen.rar
rename to malwares/Binaries/Trojan.Dropper.Gen/Trojan.Dropper.Gen.rar
diff --git a/malwares/Binaries/Trojan.Dropper.Gen/Trojan.Dropper.Gen.sha256 b/malwares/Binaries/Trojan.Dropper.Gen/Trojan.Dropper.Gen.sha256
new file mode 100644
index 0000000..0f80c30
--- /dev/null
+++ b/malwares/Binaries/Trojan.Dropper.Gen/Trojan.Dropper.Gen.sha256
@@ -0,0 +1 @@
+7e6b66c3fa1c2b86b90c9f4f0e786b3291ac33919369e3f731bfdc050737e50c
diff --git a/Binaries/Trojan.NSIS.Win32/Trojan.NSIS.Win32.rar b/malwares/Binaries/Trojan.NSIS.Win32/Trojan.NSIS.Win32.rar
similarity index 100%
rename from Binaries/Trojan.NSIS.Win32/Trojan.NSIS.Win32.rar
rename to malwares/Binaries/Trojan.NSIS.Win32/Trojan.NSIS.Win32.rar
diff --git a/Binaries/Trojan.Win32.Bechiro.BCD/Trojan.Win32.Bechiro.BCD.rar b/malwares/Binaries/Trojan.Win32.Bechiro.BCD/Trojan.Win32.Bechiro.BCD.rar
similarity index 100%
rename from Binaries/Trojan.Win32.Bechiro.BCD/Trojan.Win32.Bechiro.BCD.rar
rename to malwares/Binaries/Trojan.Win32.Bechiro.BCD/Trojan.Win32.Bechiro.BCD.rar
diff --git a/Source/Original/CyberBot v2.2 - October 2006/CyberBot v2.2 - October 2006.pass b/malwares/Binaries/ZeusBankingVersion_26Nov2013/ZeusBankingVersion_26Nov2013.pass
similarity index 100%
rename from Source/Original/CyberBot v2.2 - October 2006/CyberBot v2.2 - October 2006.pass
rename to malwares/Binaries/ZeusBankingVersion_26Nov2013/ZeusBankingVersion_26Nov2013.pass
diff --git a/Binaries/Zeus Banking Version 26 Nov 2013/Zeus_Zbot_Rootkit_Banking_Trojan.sha256 b/malwares/Binaries/ZeusBankingVersion_26Nov2013/ZeusBankingVersion_26Nov2013.sha256
similarity index 100%
rename from Binaries/Zeus Banking Version 26 Nov 2013/Zeus_Zbot_Rootkit_Banking_Trojan.sha256
rename to malwares/Binaries/ZeusBankingVersion_26Nov2013/ZeusBankingVersion_26Nov2013.sha256
diff --git a/Binaries/Zeus Banking Version 26 Nov 2013/Zeus_Zbot_Rootkit_Banking_Trojan.zip b/malwares/Binaries/ZeusBankingVersion_26Nov2013/ZeusBankingVersion_26Nov2013.zip
similarity index 100%
rename from Binaries/Zeus Banking Version 26 Nov 2013/Zeus_Zbot_Rootkit_Banking_Trojan.zip
rename to malwares/Binaries/ZeusBankingVersion_26Nov2013/ZeusBankingVersion_26Nov2013.zip
diff --git a/malwares/Binaries/njRAT-v0.6.4/njRAT-v0.6.4.pass b/malwares/Binaries/njRAT-v0.6.4/njRAT-v0.6.4.pass
new file mode 100644
index 0000000..cb023ac
--- /dev/null
+++ b/malwares/Binaries/njRAT-v0.6.4/njRAT-v0.6.4.pass
@@ -0,0 +1 @@
+crypted
diff --git a/Binaries/njRAT-v0.6.4/njRAT-v0.6.4.rar b/malwares/Binaries/njRAT-v0.6.4/njRAT-v0.6.4.rar
similarity index 100%
rename from Binaries/njRAT-v0.6.4/njRAT-v0.6.4.rar
rename to malwares/Binaries/njRAT-v0.6.4/njRAT-v0.6.4.rar
diff --git a/Binaries/njRAT-v0.6.4/njRAT-v0.6.4.sha256 b/malwares/Binaries/njRAT-v0.6.4/njRAT-v0.6.4.sha256
similarity index 100%
rename from Binaries/njRAT-v0.6.4/njRAT-v0.6.4.sha256
rename to malwares/Binaries/njRAT-v0.6.4/njRAT-v0.6.4.sha256
diff --git a/Source/Original/CyberBot v2.2 - October 2006/CyberBot v2.2 - October 2006.md5 b/malwares/Source/Original/CyberBotv2.2_October2006/CyberBotv2.2_October2006.md5
similarity index 100%
rename from Source/Original/CyberBot v2.2 - October 2006/CyberBot v2.2 - October 2006.md5
rename to malwares/Source/Original/CyberBotv2.2_October2006/CyberBotv2.2_October2006.md5
diff --git a/Source/Original/DBot v3.1 - March 2007/DBot v3.1 - March 2007.pass b/malwares/Source/Original/CyberBotv2.2_October2006/CyberBotv2.2_October2006.pass
similarity index 100%
rename from Source/Original/DBot v3.1 - March 2007/DBot v3.1 - March 2007.pass
rename to malwares/Source/Original/CyberBotv2.2_October2006/CyberBotv2.2_October2006.pass
diff --git a/Source/Original/CyberBot v2.2 - October 2006/CyberBot v2.2 - October 2006.sha256 b/malwares/Source/Original/CyberBotv2.2_October2006/CyberBotv2.2_October2006.sha256
similarity index 100%
rename from Source/Original/CyberBot v2.2 - October 2006/CyberBot v2.2 - October 2006.sha256
rename to malwares/Source/Original/CyberBotv2.2_October2006/CyberBotv2.2_October2006.sha256
diff --git a/Source/Original/CyberBot v2.2 - October 2006/CyberBot v2.2 - October 2006.zip b/malwares/Source/Original/CyberBotv2.2_October2006/CyberBotv2.2_October2006.zip
similarity index 100%
rename from Source/Original/CyberBot v2.2 - October 2006/CyberBot v2.2 - October 2006.zip
rename to malwares/Source/Original/CyberBotv2.2_October2006/CyberBotv2.2_October2006.zip
diff --git a/Source/Original/DBot v3.1 - March 2007/DBot v3.1 - March 2007.md5 b/malwares/Source/Original/DBotv3.1_March2007/DBotv3.1_March2007.md5
similarity index 100%
rename from Source/Original/DBot v3.1 - March 2007/DBot v3.1 - March 2007.md5
rename to malwares/Source/Original/DBotv3.1_March2007/DBotv3.1_March2007.md5
diff --git a/Source/Original/Dokan - Dec 2008/Dokan - Dec 2008.pass b/malwares/Source/Original/DBotv3.1_March2007/DBotv3.1_March2007.pass
similarity index 100%
rename from Source/Original/Dokan - Dec 2008/Dokan - Dec 2008.pass
rename to malwares/Source/Original/DBotv3.1_March2007/DBotv3.1_March2007.pass
diff --git a/Source/Original/DBot v3.1 - March 2007/DBot v3.1 - March 2007.sha256 b/malwares/Source/Original/DBotv3.1_March2007/DBotv3.1_March2007.sha256
similarity index 100%
rename from Source/Original/DBot v3.1 - March 2007/DBot v3.1 - March 2007.sha256
rename to malwares/Source/Original/DBotv3.1_March2007/DBotv3.1_March2007.sha256
diff --git a/Source/Original/DBot v3.1 - March 2007/DBot v3.1 - March 2007.zip b/malwares/Source/Original/DBotv3.1_March2007/DBotv3.1_March2007.zip
similarity index 100%
rename from Source/Original/DBot v3.1 - March 2007/DBot v3.1 - March 2007.zip
rename to malwares/Source/Original/DBotv3.1_March2007/DBotv3.1_March2007.zip
diff --git a/Source/Original/Dokan - Dec 2008/Dokan - Dec 2008.md5 b/malwares/Source/Original/Dokan_Dec2008/Dokan_Dec2008.md5
similarity index 100%
rename from Source/Original/Dokan - Dec 2008/Dokan - Dec 2008.md5
rename to malwares/Source/Original/Dokan_Dec2008/Dokan_Dec2008.md5
diff --git a/Source/Original/DopeBot v0.22 Crippled- Feb 2007/DopeBot v0.22 Crippled- Feb 2007.pass b/malwares/Source/Original/Dokan_Dec2008/Dokan_Dec2008.pass
similarity index 100%
rename from Source/Original/DopeBot v0.22 Crippled- Feb 2007/DopeBot v0.22 Crippled- Feb 2007.pass
rename to malwares/Source/Original/Dokan_Dec2008/Dokan_Dec2008.pass
diff --git a/Source/Original/Dokan - Dec 2008/Dokan - Dec 2008.sha256 b/malwares/Source/Original/Dokan_Dec2008/Dokan_Dec2008.sha256
similarity index 100%
rename from Source/Original/Dokan - Dec 2008/Dokan - Dec 2008.sha256
rename to malwares/Source/Original/Dokan_Dec2008/Dokan_Dec2008.sha256
diff --git a/Source/Original/Dokan - Dec 2008/Dokan - Dec 2008.zip b/malwares/Source/Original/Dokan_Dec2008/Dokan_Dec2008.zip
similarity index 100%
rename from Source/Original/Dokan - Dec 2008/Dokan - Dec 2008.zip
rename to malwares/Source/Original/Dokan_Dec2008/Dokan_Dec2008.zip
diff --git a/Source/Original/DopeBot.A - Dec 2004/DopeBot.A - Dec 2004.md5 b/malwares/Source/Original/DopeBot.A_Dec2004/DopeBot.A_Dec2004.md5
similarity index 100%
rename from Source/Original/DopeBot.A - Dec 2004/DopeBot.A - Dec 2004.md5
rename to malwares/Source/Original/DopeBot.A_Dec2004/DopeBot.A_Dec2004.md5
diff --git a/Source/Original/DopeBot v0.22 UnCrippled- Feb 2007/DopeBot v0.22 UnCrippled- Feb 2007.pass b/malwares/Source/Original/DopeBot.A_Dec2004/DopeBot.A_Dec2004.pass
similarity index 100%
rename from Source/Original/DopeBot v0.22 UnCrippled- Feb 2007/DopeBot v0.22 UnCrippled- Feb 2007.pass
rename to malwares/Source/Original/DopeBot.A_Dec2004/DopeBot.A_Dec2004.pass
diff --git a/Source/Original/DopeBot.A - Dec 2004/DopeBot.A - Dec 2004.sha256 b/malwares/Source/Original/DopeBot.A_Dec2004/DopeBot.A_Dec2004.sha256
similarity index 100%
rename from Source/Original/DopeBot.A - Dec 2004/DopeBot.A - Dec 2004.sha256
rename to malwares/Source/Original/DopeBot.A_Dec2004/DopeBot.A_Dec2004.sha256
diff --git a/Source/Original/DopeBot.A - Dec 2004/DopeBot.A - Dec 2004.zip b/malwares/Source/Original/DopeBot.A_Dec2004/DopeBot.A_Dec2004.zip
similarity index 100%
rename from Source/Original/DopeBot.A - Dec 2004/DopeBot.A - Dec 2004.zip
rename to malwares/Source/Original/DopeBot.A_Dec2004/DopeBot.A_Dec2004.zip
diff --git a/Source/Original/DopeBot.B - Dec 2004/DopeBot.B - Dec 2004.md5 b/malwares/Source/Original/DopeBot.B_Dec2004/DopeBot.B_Dec2004.md5
similarity index 100%
rename from Source/Original/DopeBot.B - Dec 2004/DopeBot.B - Dec 2004.md5
rename to malwares/Source/Original/DopeBot.B_Dec2004/DopeBot.B_Dec2004.md5
diff --git a/Source/Original/DopeBot.A - Dec 2004/DopeBot.A - Dec 2004.pass b/malwares/Source/Original/DopeBot.B_Dec2004/DopeBot.B_Dec2004.pass
similarity index 100%
rename from Source/Original/DopeBot.A - Dec 2004/DopeBot.A - Dec 2004.pass
rename to malwares/Source/Original/DopeBot.B_Dec2004/DopeBot.B_Dec2004.pass
diff --git a/Source/Original/DopeBot.B - Dec 2004/DopeBot.B - Dec 2004.sha256 b/malwares/Source/Original/DopeBot.B_Dec2004/DopeBot.B_Dec2004.sha256
similarity index 100%
rename from Source/Original/DopeBot.B - Dec 2004/DopeBot.B - Dec 2004.sha256
rename to malwares/Source/Original/DopeBot.B_Dec2004/DopeBot.B_Dec2004.sha256
diff --git a/Source/Original/DopeBot.B - Dec 2004/DopeBot.B - Dec 2004.zip b/malwares/Source/Original/DopeBot.B_Dec2004/DopeBot.B_Dec2004.zip
similarity index 100%
rename from Source/Original/DopeBot.B - Dec 2004/DopeBot.B - Dec 2004.zip
rename to malwares/Source/Original/DopeBot.B_Dec2004/DopeBot.B_Dec2004.zip
diff --git a/Source/Original/DopeBot v0.22 Crippled- Feb 2007/DopeBot v0.22 Crippled- Feb 2007.md5 b/malwares/Source/Original/DopeBotv0.22_CrippledFeb2007/DopeBotv0.22_CrippledFeb2007.md5
similarity index 100%
rename from Source/Original/DopeBot v0.22 Crippled- Feb 2007/DopeBot v0.22 Crippled- Feb 2007.md5
rename to malwares/Source/Original/DopeBotv0.22_CrippledFeb2007/DopeBotv0.22_CrippledFeb2007.md5
diff --git a/Source/Original/DopeBot.B - Dec 2004/DopeBot.B - Dec 2004.pass b/malwares/Source/Original/DopeBotv0.22_CrippledFeb2007/DopeBotv0.22_CrippledFeb2007.pass
similarity index 100%
rename from Source/Original/DopeBot.B - Dec 2004/DopeBot.B - Dec 2004.pass
rename to malwares/Source/Original/DopeBotv0.22_CrippledFeb2007/DopeBotv0.22_CrippledFeb2007.pass
diff --git a/Source/Original/DopeBot v0.22 Crippled- Feb 2007/DopeBot v0.22 Crippled- Feb 2007.sha256 b/malwares/Source/Original/DopeBotv0.22_CrippledFeb2007/DopeBotv0.22_CrippledFeb2007.sha256
similarity index 100%
rename from Source/Original/DopeBot v0.22 Crippled- Feb 2007/DopeBot v0.22 Crippled- Feb 2007.sha256
rename to malwares/Source/Original/DopeBotv0.22_CrippledFeb2007/DopeBotv0.22_CrippledFeb2007.sha256
diff --git a/Source/Original/DopeBot v0.22 Crippled- Feb 2007/DopeBot v0.22 Crippled- Feb 2007.zip b/malwares/Source/Original/DopeBotv0.22_CrippledFeb2007/DopeBotv0.22_CrippledFeb2007.zip
similarity index 100%
rename from Source/Original/DopeBot v0.22 Crippled- Feb 2007/DopeBot v0.22 Crippled- Feb 2007.zip
rename to malwares/Source/Original/DopeBotv0.22_CrippledFeb2007/DopeBotv0.22_CrippledFeb2007.zip
diff --git a/Source/Original/DopeBot v0.22 UnCrippled- Feb 2007/DopeBot v0.22 UnCrippled- Feb 2007.md5 b/malwares/Source/Original/DopeBotv0.22_UnCrippled_Feb2007/DopeBotv0.22_UnCrippled_Feb2007.md5
similarity index 100%
rename from Source/Original/DopeBot v0.22 UnCrippled- Feb 2007/DopeBot v0.22 UnCrippled- Feb 2007.md5
rename to malwares/Source/Original/DopeBotv0.22_UnCrippled_Feb2007/DopeBotv0.22_UnCrippled_Feb2007.md5
diff --git a/Source/Original/HellBot v3.0 - 10 June 2005/HellBot v3.0 - 10 June 2005.pass b/malwares/Source/Original/DopeBotv0.22_UnCrippled_Feb2007/DopeBotv0.22_UnCrippled_Feb2007.pass
similarity index 100%
rename from Source/Original/HellBot v3.0 - 10 June 2005/HellBot v3.0 - 10 June 2005.pass
rename to malwares/Source/Original/DopeBotv0.22_UnCrippled_Feb2007/DopeBotv0.22_UnCrippled_Feb2007.pass
diff --git a/Source/Original/DopeBot v0.22 UnCrippled- Feb 2007/DopeBot v0.22 UnCrippled- Feb 2007.sha256 b/malwares/Source/Original/DopeBotv0.22_UnCrippled_Feb2007/DopeBotv0.22_UnCrippled_Feb2007.sha256
similarity index 100%
rename from Source/Original/DopeBot v0.22 UnCrippled- Feb 2007/DopeBot v0.22 UnCrippled- Feb 2007.sha256
rename to malwares/Source/Original/DopeBotv0.22_UnCrippled_Feb2007/DopeBotv0.22_UnCrippled_Feb2007.sha256
diff --git a/Source/Original/DopeBot v0.22 UnCrippled- Feb 2007/DopeBot v0.22 UnCrippled- Feb 2007.zip b/malwares/Source/Original/DopeBotv0.22_UnCrippled_Feb2007/DopeBotv0.22_UnCrippled_Feb2007.zip
similarity index 100%
rename from Source/Original/DopeBot v0.22 UnCrippled- Feb 2007/DopeBot v0.22 UnCrippled- Feb 2007.zip
rename to malwares/Source/Original/DopeBotv0.22_UnCrippled_Feb2007/DopeBotv0.22_UnCrippled_Feb2007.zip
diff --git a/Source/Original/HellBot v3.0 - 10 June 2005/HellBot v3.0 - 10 June 2005.md5 b/malwares/Source/Original/HellBotv3.0_10June2005/HellBotv3.0_10June2005.md5
similarity index 100%
rename from Source/Original/HellBot v3.0 - 10 June 2005/HellBot v3.0 - 10 June 2005.md5
rename to malwares/Source/Original/HellBotv3.0_10June2005/HellBotv3.0_10June2005.md5
diff --git a/Source/Original/LiquidBot - May 2005/LiquidBot - May 2005.pass b/malwares/Source/Original/HellBotv3.0_10June2005/HellBotv3.0_10June2005.pass
similarity index 100%
rename from Source/Original/LiquidBot - May 2005/LiquidBot - May 2005.pass
rename to malwares/Source/Original/HellBotv3.0_10June2005/HellBotv3.0_10June2005.pass
diff --git a/Source/Original/HellBot v3.0 - 10 June 2005/HellBot v3.0 - 10 June 2005.sha256 b/malwares/Source/Original/HellBotv3.0_10June2005/HellBotv3.0_10June2005.sha256
similarity index 100%
rename from Source/Original/HellBot v3.0 - 10 June 2005/HellBot v3.0 - 10 June 2005.sha256
rename to malwares/Source/Original/HellBotv3.0_10June2005/HellBotv3.0_10June2005.sha256
diff --git a/Source/Original/HellBot v3.0 - 10 June 2005/HellBot v3.0 - 10 June 2005.zip b/malwares/Source/Original/HellBotv3.0_10June2005/HellBotv3.0_10June2005.zip
similarity index 100%
rename from Source/Original/HellBot v3.0 - 10 June 2005/HellBot v3.0 - 10 June 2005.zip
rename to malwares/Source/Original/HellBotv3.0_10June2005/HellBotv3.0_10June2005.zip
diff --git a/Source/Original/LiquidBot - May 2005/LiquidBot - May 2005.md5 b/malwares/Source/Original/LiquidBot_May2005/LiquidBot_May2005.md5
similarity index 100%
rename from Source/Original/LiquidBot - May 2005/LiquidBot - May 2005.md5
rename to malwares/Source/Original/LiquidBot_May2005/LiquidBot_May2005.md5
diff --git a/Source/Original/LoexBot1.3 - Sep 2008/LoexBot1.3 - Sep 2008.pass b/malwares/Source/Original/LiquidBot_May2005/LiquidBot_May2005.pass
similarity index 100%
rename from Source/Original/LoexBot1.3 - Sep 2008/LoexBot1.3 - Sep 2008.pass
rename to malwares/Source/Original/LiquidBot_May2005/LiquidBot_May2005.pass
diff --git a/Source/Original/LiquidBot - May 2005/LiquidBot - May 2005.sha256 b/malwares/Source/Original/LiquidBot_May2005/LiquidBot_May2005.sha256
similarity index 100%
rename from Source/Original/LiquidBot - May 2005/LiquidBot - May 2005.sha256
rename to malwares/Source/Original/LiquidBot_May2005/LiquidBot_May2005.sha256
diff --git a/Source/Original/LiquidBot - May 2005/LiquidBot - May 2005.zip b/malwares/Source/Original/LiquidBot_May2005/LiquidBot_May2005.zip
similarity index 100%
rename from Source/Original/LiquidBot - May 2005/LiquidBot - May 2005.zip
rename to malwares/Source/Original/LiquidBot_May2005/LiquidBot_May2005.zip
diff --git a/Source/Original/LoexBot1.3 - Sep 2008/LoexBot1.3 - Sep 2008.md5 b/malwares/Source/Original/LoexBot1.3_Sep2008/LoexBot1.3_Sep2008.md5
similarity index 100%
rename from Source/Original/LoexBot1.3 - Sep 2008/LoexBot1.3 - Sep 2008.md5
rename to malwares/Source/Original/LoexBot1.3_Sep2008/LoexBot1.3_Sep2008.md5
diff --git a/Source/Original/MyDoom.A - Jan 2004/MyDoom.A - Jan 2004.pass b/malwares/Source/Original/LoexBot1.3_Sep2008/LoexBot1.3_Sep2008.pass
similarity index 100%
rename from Source/Original/MyDoom.A - Jan 2004/MyDoom.A - Jan 2004.pass
rename to malwares/Source/Original/LoexBot1.3_Sep2008/LoexBot1.3_Sep2008.pass
diff --git a/Source/Original/LoexBot1.3 - Sep 2008/LoexBot1.3 - Sep 2008.sha256 b/malwares/Source/Original/LoexBot1.3_Sep2008/LoexBot1.3_Sep2008.sha256
similarity index 100%
rename from Source/Original/LoexBot1.3 - Sep 2008/LoexBot1.3 - Sep 2008.sha256
rename to malwares/Source/Original/LoexBot1.3_Sep2008/LoexBot1.3_Sep2008.sha256
diff --git a/Source/Original/LoexBot1.3 - Sep 2008/LoexBot1.3 - Sep 2008.zip b/malwares/Source/Original/LoexBot1.3_Sep2008/LoexBot1.3_Sep2008.zip
similarity index 100%
rename from Source/Original/LoexBot1.3 - Sep 2008/LoexBot1.3 - Sep 2008.zip
rename to malwares/Source/Original/LoexBot1.3_Sep2008/LoexBot1.3_Sep2008.zip
diff --git a/Source/Original/MyDoom.A - Jan 2004/MyDoom.A - Jan 2004.md5 b/malwares/Source/Original/MyDoom.A_Jan2004/MyDoom.A_Jan2004.md5
similarity index 100%
rename from Source/Original/MyDoom.A - Jan 2004/MyDoom.A - Jan 2004.md5
rename to malwares/Source/Original/MyDoom.A_Jan2004/MyDoom.A_Jan2004.md5
diff --git a/Source/Original/NBot - July 2008/NBot - July 2008.pass b/malwares/Source/Original/MyDoom.A_Jan2004/MyDoom.A_Jan2004.pass
similarity index 100%
rename from Source/Original/NBot - July 2008/NBot - July 2008.pass
rename to malwares/Source/Original/MyDoom.A_Jan2004/MyDoom.A_Jan2004.pass
diff --git a/Source/Original/MyDoom.A - Jan 2004/MyDoom.A - Jan 2004.sha256 b/malwares/Source/Original/MyDoom.A_Jan2004/MyDoom.A_Jan2004.sha256
similarity index 100%
rename from Source/Original/MyDoom.A - Jan 2004/MyDoom.A - Jan 2004.sha256
rename to malwares/Source/Original/MyDoom.A_Jan2004/MyDoom.A_Jan2004.sha256
diff --git a/Source/Original/MyDoom.A - Jan 2004/MyDoom.A - Jan 2004.zip b/malwares/Source/Original/MyDoom.A_Jan2004/MyDoom.A_Jan2004.zip
similarity index 100%
rename from Source/Original/MyDoom.A - Jan 2004/MyDoom.A - Jan 2004.zip
rename to malwares/Source/Original/MyDoom.A_Jan2004/MyDoom.A_Jan2004.zip
diff --git a/Source/Original/NBot - July 2008/NBot - July 2008.md5 b/malwares/Source/Original/NBot_July2008/NBot_July2008.md5
similarity index 100%
rename from Source/Original/NBot - July 2008/NBot - July 2008.md5
rename to malwares/Source/Original/NBot_July2008/NBot_July2008.md5
diff --git a/Source/Original/NullBot - Dec 2006/NullBot - Dec 2006.pass b/malwares/Source/Original/NBot_July2008/NBot_July2008.pass
similarity index 100%
rename from Source/Original/NullBot - Dec 2006/NullBot - Dec 2006.pass
rename to malwares/Source/Original/NBot_July2008/NBot_July2008.pass
diff --git a/Source/Original/NBot - July 2008/NBot - July 2008.sha256 b/malwares/Source/Original/NBot_July2008/NBot_July2008.sha256
similarity index 100%
rename from Source/Original/NBot - July 2008/NBot - July 2008.sha256
rename to malwares/Source/Original/NBot_July2008/NBot_July2008.sha256
diff --git a/Source/Original/NBot - July 2008/NBot - July 2008.zip b/malwares/Source/Original/NBot_July2008/NBot_July2008.zip
similarity index 100%
rename from Source/Original/NBot - July 2008/NBot - July 2008.zip
rename to malwares/Source/Original/NBot_July2008/NBot_July2008.zip
diff --git a/Source/Original/NullBot - Dec 2006/NullBot - Dec 2006.md5 b/malwares/Source/Original/NullBot_Dec2006/NullBot_Dec2006.md5
similarity index 100%
rename from Source/Original/NullBot - Dec 2006/NullBot - Dec 2006.md5
rename to malwares/Source/Original/NullBot_Dec2006/NullBot_Dec2006.md5
diff --git a/Source/Original/ShadowBot - Sep 2008/ShadowBot - Sep 2008.pass b/malwares/Source/Original/NullBot_Dec2006/NullBot_Dec2006.pass
similarity index 100%
rename from Source/Original/ShadowBot - Sep 2008/ShadowBot - Sep 2008.pass
rename to malwares/Source/Original/NullBot_Dec2006/NullBot_Dec2006.pass
diff --git a/Source/Original/NullBot - Dec 2006/NullBot - Dec 2006.sha256 b/malwares/Source/Original/NullBot_Dec2006/NullBot_Dec2006.sha256
similarity index 100%
rename from Source/Original/NullBot - Dec 2006/NullBot - Dec 2006.sha256
rename to malwares/Source/Original/NullBot_Dec2006/NullBot_Dec2006.sha256
diff --git a/Source/Original/NullBot - Dec 2006/NullBot - Dec 2006.zip b/malwares/Source/Original/NullBot_Dec2006/NullBot_Dec2006.zip
similarity index 100%
rename from Source/Original/NullBot - Dec 2006/NullBot - Dec 2006.zip
rename to malwares/Source/Original/NullBot_Dec2006/NullBot_Dec2006.zip
diff --git a/Source/Original/ShadowBot - Sep 2008/ShadowBot - Sep 2008.md5 b/malwares/Source/Original/ShadowBot_Sep2008/ShadowBot_Sep2008.md5
similarity index 100%
rename from Source/Original/ShadowBot - Sep 2008/ShadowBot - Sep 2008.md5
rename to malwares/Source/Original/ShadowBot_Sep2008/ShadowBot_Sep2008.md5
diff --git a/Source/Original/ShadowBot v3 - March 2007/ShadowBot v3 - March 2007.pass b/malwares/Source/Original/ShadowBot_Sep2008/ShadowBot_Sep2008.pass
similarity index 100%
rename from Source/Original/ShadowBot v3 - March 2007/ShadowBot v3 - March 2007.pass
rename to malwares/Source/Original/ShadowBot_Sep2008/ShadowBot_Sep2008.pass
diff --git a/Source/Original/ShadowBot - Sep 2008/ShadowBot - Sep 2008.sha256 b/malwares/Source/Original/ShadowBot_Sep2008/ShadowBot_Sep2008.sha256
similarity index 100%
rename from Source/Original/ShadowBot - Sep 2008/ShadowBot - Sep 2008.sha256
rename to malwares/Source/Original/ShadowBot_Sep2008/ShadowBot_Sep2008.sha256
diff --git a/Source/Original/ShadowBot - Sep 2008/ShadowBot - Sep 2008.zip b/malwares/Source/Original/ShadowBot_Sep2008/ShadowBot_Sep2008.zip
similarity index 100%
rename from Source/Original/ShadowBot - Sep 2008/ShadowBot - Sep 2008.zip
rename to malwares/Source/Original/ShadowBot_Sep2008/ShadowBot_Sep2008.zip
diff --git a/Source/Original/ShadowBot v3 - March 2007/ShadowBot v3 - March 2007.md5 b/malwares/Source/Original/ShadowBotv3_March2007/ShadowBotv3_March2007.md5
similarity index 100%
rename from Source/Original/ShadowBot v3 - March 2007/ShadowBot v3 - March 2007.md5
rename to malwares/Source/Original/ShadowBotv3_March2007/ShadowBotv3_March2007.md5
diff --git a/Source/Original/SpazBot 2.12 - June 2007/SpazBot 2.12 - June 2007.pass b/malwares/Source/Original/ShadowBotv3_March2007/ShadowBotv3_March2007.pass
similarity index 100%
rename from Source/Original/SpazBot 2.12 - June 2007/SpazBot 2.12 - June 2007.pass
rename to malwares/Source/Original/ShadowBotv3_March2007/ShadowBotv3_March2007.pass
diff --git a/Source/Original/ShadowBot v3 - March 2007/ShadowBot v3 - March 2007.sha256 b/malwares/Source/Original/ShadowBotv3_March2007/ShadowBotv3_March2007.sha256
similarity index 100%
rename from Source/Original/ShadowBot v3 - March 2007/ShadowBot v3 - March 2007.sha256
rename to malwares/Source/Original/ShadowBotv3_March2007/ShadowBotv3_March2007.sha256
diff --git a/Source/Original/ShadowBot v3 - March 2007/ShadowBot v3 - March 2007.zip b/malwares/Source/Original/ShadowBotv3_March2007/ShadowBotv3_March2007.zip
similarity index 100%
rename from Source/Original/ShadowBot v3 - March 2007/ShadowBot v3 - March 2007.zip
rename to malwares/Source/Original/ShadowBotv3_March2007/ShadowBotv3_March2007.zip
diff --git a/Source/Original/SpazBot 2.12 - June 2007/SpazBot 2.12 - June 2007.md5 b/malwares/Source/Original/SpazBot2.12_June2007/SpazBot2.12_June2007.md5
similarity index 100%
rename from Source/Original/SpazBot 2.12 - June 2007/SpazBot 2.12 - June 2007.md5
rename to malwares/Source/Original/SpazBot2.12_June2007/SpazBot2.12_June2007.md5
diff --git a/Source/Original/VBS.Win32.Vabian - Unknown/VBS.Win32.Vabian - Unknown.pass b/malwares/Source/Original/SpazBot2.12_June2007/SpazBot2.12_June2007.pass
similarity index 100%
rename from Source/Original/VBS.Win32.Vabian - Unknown/VBS.Win32.Vabian - Unknown.pass
rename to malwares/Source/Original/SpazBot2.12_June2007/SpazBot2.12_June2007.pass
diff --git a/Source/Original/SpazBot 2.12 - June 2007/SpazBot 2.12 - June 2007.sha256 b/malwares/Source/Original/SpazBot2.12_June2007/SpazBot2.12_June2007.sha256
similarity index 100%
rename from Source/Original/SpazBot 2.12 - June 2007/SpazBot 2.12 - June 2007.sha256
rename to malwares/Source/Original/SpazBot2.12_June2007/SpazBot2.12_June2007.sha256
diff --git a/Source/Original/SpazBot 2.12 - June 2007/SpazBot 2.12 - June 2007.zip b/malwares/Source/Original/SpazBot2.12_June2007/SpazBot2.12_June2007.zip
similarity index 100%
rename from Source/Original/SpazBot 2.12 - June 2007/SpazBot 2.12 - June 2007.zip
rename to malwares/Source/Original/SpazBot2.12_June2007/SpazBot2.12_June2007.zip
diff --git a/Source/Original/VBS.Win32.Vabian - Unknown/VBS.Win32.Vabian - Unknown.md5 b/malwares/Source/Original/VBS.Win32.Vabian/VBS.Win32.Vabian.md5
similarity index 100%
rename from Source/Original/VBS.Win32.Vabian - Unknown/VBS.Win32.Vabian - Unknown.md5
rename to malwares/Source/Original/VBS.Win32.Vabian/VBS.Win32.Vabian.md5
diff --git a/Source/Original/Win32.MiniPig - Nov 2006/Win32.MiniPig - Nov 2006.pass b/malwares/Source/Original/VBS.Win32.Vabian/VBS.Win32.Vabian.pass
similarity index 100%
rename from Source/Original/Win32.MiniPig - Nov 2006/Win32.MiniPig - Nov 2006.pass
rename to malwares/Source/Original/VBS.Win32.Vabian/VBS.Win32.Vabian.pass
diff --git a/Source/Original/VBS.Win32.Vabian - Unknown/VBS.Win32.Vabian - Unknown.sha256 b/malwares/Source/Original/VBS.Win32.Vabian/VBS.Win32.Vabian.sha256
similarity index 100%
rename from Source/Original/VBS.Win32.Vabian - Unknown/VBS.Win32.Vabian - Unknown.sha256
rename to malwares/Source/Original/VBS.Win32.Vabian/VBS.Win32.Vabian.sha256
diff --git a/Source/Original/VBS.Win32.Vabian - Unknown/VBS.Win32.Vabian - Unknown.zip b/malwares/Source/Original/VBS.Win32.Vabian/VBS.Win32.Vabian.zip
similarity index 100%
rename from Source/Original/VBS.Win32.Vabian - Unknown/VBS.Win32.Vabian - Unknown.zip
rename to malwares/Source/Original/VBS.Win32.Vabian/VBS.Win32.Vabian.zip
diff --git a/Source/Original/Win32.MiniPig - Nov 2006/Win32.MiniPig - Nov 2006.md5 b/malwares/Source/Original/Win32.MiniPig_Nov2006/Win32.MiniPig_Nov2006.md5
similarity index 100%
rename from Source/Original/Win32.MiniPig - Nov 2006/Win32.MiniPig - Nov 2006.md5
rename to malwares/Source/Original/Win32.MiniPig_Nov2006/Win32.MiniPig_Nov2006.md5
diff --git a/Source/Original/Win32.ogw0rm - Nov 2008/Win32.ogw0rm - Nov 2008.pass b/malwares/Source/Original/Win32.MiniPig_Nov2006/Win32.MiniPig_Nov2006.pass
similarity index 100%
rename from Source/Original/Win32.ogw0rm - Nov 2008/Win32.ogw0rm - Nov 2008.pass
rename to malwares/Source/Original/Win32.MiniPig_Nov2006/Win32.MiniPig_Nov2006.pass
diff --git a/Source/Original/Win32.MiniPig - Nov 2006/Win32.MiniPig - Nov 2006.sha256 b/malwares/Source/Original/Win32.MiniPig_Nov2006/Win32.MiniPig_Nov2006.sha256
similarity index 100%
rename from Source/Original/Win32.MiniPig - Nov 2006/Win32.MiniPig - Nov 2006.sha256
rename to malwares/Source/Original/Win32.MiniPig_Nov2006/Win32.MiniPig_Nov2006.sha256
diff --git a/Source/Original/Win32.MiniPig - Nov 2006/Win32.MiniPig - Nov 2006.zip b/malwares/Source/Original/Win32.MiniPig_Nov2006/Win32.MiniPig_Nov2006.zip
similarity index 100%
rename from Source/Original/Win32.MiniPig - Nov 2006/Win32.MiniPig - Nov 2006.zip
rename to malwares/Source/Original/Win32.MiniPig_Nov2006/Win32.MiniPig_Nov2006.zip
diff --git a/Source/Original/Win32.ogw0rm - Nov 2008/Win32.ogw0rm - Nov 2008.md5 b/malwares/Source/Original/Win32.ogw0rm_Nov2008/Win32.ogw0rm_Nov2008.md5
similarity index 100%
rename from Source/Original/Win32.ogw0rm - Nov 2008/Win32.ogw0rm - Nov 2008.md5
rename to malwares/Source/Original/Win32.ogw0rm_Nov2008/Win32.ogw0rm_Nov2008.md5
diff --git a/Source/Original/X0R-USB - Virus Version - Jan 2009/X0R-USB - Virus Version - Jan 2009.pass b/malwares/Source/Original/Win32.ogw0rm_Nov2008/Win32.ogw0rm_Nov2008.pass
similarity index 100%
rename from Source/Original/X0R-USB - Virus Version - Jan 2009/X0R-USB - Virus Version - Jan 2009.pass
rename to malwares/Source/Original/Win32.ogw0rm_Nov2008/Win32.ogw0rm_Nov2008.pass
diff --git a/Source/Original/Win32.ogw0rm - Nov 2008/Win32.ogw0rm - Nov 2008.sha256 b/malwares/Source/Original/Win32.ogw0rm_Nov2008/Win32.ogw0rm_Nov2008.sha256
similarity index 100%
rename from Source/Original/Win32.ogw0rm - Nov 2008/Win32.ogw0rm - Nov 2008.sha256
rename to malwares/Source/Original/Win32.ogw0rm_Nov2008/Win32.ogw0rm_Nov2008.sha256
diff --git a/Source/Original/Win32.ogw0rm - Nov 2008/Win32.ogw0rm - Nov 2008.zip b/malwares/Source/Original/Win32.ogw0rm_Nov2008/Win32.ogw0rm_Nov2008.zip
similarity index 100%
rename from Source/Original/Win32.ogw0rm - Nov 2008/Win32.ogw0rm - Nov 2008.zip
rename to malwares/Source/Original/Win32.ogw0rm_Nov2008/Win32.ogw0rm_Nov2008.zip
diff --git a/Source/Original/X0R-USB - Virus Version - Jan 2009/X0R-USB - Virus Version - Jan 2009.md5 b/malwares/Source/Original/X0R-USB_Jan2009/X0R-USB_Jan2009.md5
similarity index 100%
rename from Source/Original/X0R-USB - Virus Version - Jan 2009/X0R-USB - Virus Version - Jan 2009.md5
rename to malwares/Source/Original/X0R-USB_Jan2009/X0R-USB_Jan2009.md5
diff --git a/Source/Original/ZeuS 2.0.8.9 - Feb 2013/ZeuS 2.0.8.9 - Feb 2013.pass b/malwares/Source/Original/X0R-USB_Jan2009/X0R-USB_Jan2009.pass
similarity index 100%
rename from Source/Original/ZeuS 2.0.8.9 - Feb 2013/ZeuS 2.0.8.9 - Feb 2013.pass
rename to malwares/Source/Original/X0R-USB_Jan2009/X0R-USB_Jan2009.pass
diff --git a/Source/Original/X0R-USB - Virus Version - Jan 2009/X0R-USB - Virus Version - Jan 2009.sha256 b/malwares/Source/Original/X0R-USB_Jan2009/X0R-USB_Jan2009.sha256
similarity index 100%
rename from Source/Original/X0R-USB - Virus Version - Jan 2009/X0R-USB - Virus Version - Jan 2009.sha256
rename to malwares/Source/Original/X0R-USB_Jan2009/X0R-USB_Jan2009.sha256
diff --git a/Source/Original/X0R-USB - Virus Version - Jan 2009/X0R-USB - Virus Version - Jan 2009.zip b/malwares/Source/Original/X0R-USB_Jan2009/X0R-USB_Jan2009.zip
similarity index 100%
rename from Source/Original/X0R-USB - Virus Version - Jan 2009/X0R-USB - Virus Version - Jan 2009.zip
rename to malwares/Source/Original/X0R-USB_Jan2009/X0R-USB_Jan2009.zip
diff --git a/Source/Original/ZeuS 2.0.8.9 - Feb 2013/ZeuS 2.0.8.9 - Feb 2013.md5 b/malwares/Source/Original/ZeuS2.0.8.9_Feb2013/ZeuS2.0.8.9_Feb2013.md5
similarity index 100%
rename from Source/Original/ZeuS 2.0.8.9 - Feb 2013/ZeuS 2.0.8.9 - Feb 2013.md5
rename to malwares/Source/Original/ZeuS2.0.8.9_Feb2013/ZeuS2.0.8.9_Feb2013.md5
diff --git a/Source/Original/ZunkerBot 1.4.5 - Sep 2007/ZunkerBot 1.4.5 - Sep 2007.pass b/malwares/Source/Original/ZeuS2.0.8.9_Feb2013/ZeuS2.0.8.9_Feb2013.pass
similarity index 100%
rename from Source/Original/ZunkerBot 1.4.5 - Sep 2007/ZunkerBot 1.4.5 - Sep 2007.pass
rename to malwares/Source/Original/ZeuS2.0.8.9_Feb2013/ZeuS2.0.8.9_Feb2013.pass
diff --git a/Source/Original/ZeuS 2.0.8.9 - Feb 2013/ZeuS 2.0.8.9 - Feb 2013.sha256 b/malwares/Source/Original/ZeuS2.0.8.9_Feb2013/ZeuS2.0.8.9_Feb2013.sha256
similarity index 100%
rename from Source/Original/ZeuS 2.0.8.9 - Feb 2013/ZeuS 2.0.8.9 - Feb 2013.sha256
rename to malwares/Source/Original/ZeuS2.0.8.9_Feb2013/ZeuS2.0.8.9_Feb2013.sha256
diff --git a/Source/Original/ZeuS 2.0.8.9 - Feb 2013/ZeuS 2.0.8.9 - Feb 2013.zip b/malwares/Source/Original/ZeuS2.0.8.9_Feb2013/ZeuS2.0.8.9_Feb2013.zip
similarity index 100%
rename from Source/Original/ZeuS 2.0.8.9 - Feb 2013/ZeuS 2.0.8.9 - Feb 2013.zip
rename to malwares/Source/Original/ZeuS2.0.8.9_Feb2013/ZeuS2.0.8.9_Feb2013.zip
diff --git a/Source/Original/ZunkerBot 1.4.5 - Sep 2007/ZunkerBot 1.4.5 - Sep 2007.md5 b/malwares/Source/Original/ZunkerBot1.4.5_Sep2007/ZunkerBot1.4.5_Sep2007.md5
similarity index 100%
rename from Source/Original/ZunkerBot 1.4.5 - Sep 2007/ZunkerBot 1.4.5 - Sep 2007.md5
rename to malwares/Source/Original/ZunkerBot1.4.5_Sep2007/ZunkerBot1.4.5_Sep2007.md5
diff --git a/Source/Original/nBot 0.32 - May 2008/nBot 0.32 - May 2008.pass b/malwares/Source/Original/ZunkerBot1.4.5_Sep2007/ZunkerBot1.4.5_Sep2007.pass
similarity index 100%
rename from Source/Original/nBot 0.32 - May 2008/nBot 0.32 - May 2008.pass
rename to malwares/Source/Original/ZunkerBot1.4.5_Sep2007/ZunkerBot1.4.5_Sep2007.pass
diff --git a/Source/Original/ZunkerBot 1.4.5 - Sep 2007/ZunkerBot 1.4.5 - Sep 2007.sha256 b/malwares/Source/Original/ZunkerBot1.4.5_Sep2007/ZunkerBot1.4.5_Sep2007.sha256
similarity index 100%
rename from Source/Original/ZunkerBot 1.4.5 - Sep 2007/ZunkerBot 1.4.5 - Sep 2007.sha256
rename to malwares/Source/Original/ZunkerBot1.4.5_Sep2007/ZunkerBot1.4.5_Sep2007.sha256
diff --git a/Source/Original/ZunkerBot 1.4.5 - Sep 2007/ZunkerBot 1.4.5 - Sep 2007.zip b/malwares/Source/Original/ZunkerBot1.4.5_Sep2007/ZunkerBot1.4.5_Sep2007.zip
similarity index 100%
rename from Source/Original/ZunkerBot 1.4.5 - Sep 2007/ZunkerBot 1.4.5 - Sep 2007.zip
rename to malwares/Source/Original/ZunkerBot1.4.5_Sep2007/ZunkerBot1.4.5_Sep2007.zip
diff --git a/Source/Original/rBot 0.3.3 - May 2004/rBot 0.3.3 - May 2004.md5 b/malwares/Source/Original/rBot0.3.3_May2004/rBot0.3.3_May2004.md5
similarity index 100%
rename from Source/Original/rBot 0.3.3 - May 2004/rBot 0.3.3 - May 2004.md5
rename to malwares/Source/Original/rBot0.3.3_May2004/rBot0.3.3_May2004.md5
diff --git a/Source/Original/rBot 0.3.3 - May 2004/rBot 0.3.3 - May 2004.pass b/malwares/Source/Original/rBot0.3.3_May2004/rBot0.3.3_May2004.pass
similarity index 100%
rename from Source/Original/rBot 0.3.3 - May 2004/rBot 0.3.3 - May 2004.pass
rename to malwares/Source/Original/rBot0.3.3_May2004/rBot0.3.3_May2004.pass
diff --git a/Source/Original/rBot 0.3.3 - May 2004/rBot 0.3.3 - May 2004.sha256 b/malwares/Source/Original/rBot0.3.3_May2004/rBot0.3.3_May2004.sha256
similarity index 100%
rename from Source/Original/rBot 0.3.3 - May 2004/rBot 0.3.3 - May 2004.sha256
rename to malwares/Source/Original/rBot0.3.3_May2004/rBot0.3.3_May2004.sha256
diff --git a/Source/Original/rBot 0.3.3 - May 2004/rBot 0.3.3 - May 2004.zip b/malwares/Source/Original/rBot0.3.3_May2004/rBot0.3.3_May2004.zip
similarity index 100%
rename from Source/Original/rBot 0.3.3 - May 2004/rBot 0.3.3 - May 2004.zip
rename to malwares/Source/Original/rBot0.3.3_May2004/rBot0.3.3_May2004.zip
diff --git a/Source/Original/vbBot - Jan 2007/vbBot - Jan 2007.zip b/malwares/Source/Original/vbBot_Jan2007/vbBot - Jan 2007.zip
similarity index 100%
rename from Source/Original/vbBot - Jan 2007/vbBot - Jan 2007.zip
rename to malwares/Source/Original/vbBot_Jan2007/vbBot - Jan 2007.zip
diff --git a/Source/Original/vbBot - Jan 2007/vbBot - Jan 2007.md5 b/malwares/Source/Original/vbBot_Jan2007/vbBot_Jan2007.md5
similarity index 100%
rename from Source/Original/vbBot - Jan 2007/vbBot - Jan 2007.md5
rename to malwares/Source/Original/vbBot_Jan2007/vbBot_Jan2007.md5
diff --git a/Source/Original/vbBot - Jan 2007/vbBot - Jan 2007.pass b/malwares/Source/Original/vbBot_Jan2007/vbBot_Jan2007.pass
similarity index 100%
rename from Source/Original/vbBot - Jan 2007/vbBot - Jan 2007.pass
rename to malwares/Source/Original/vbBot_Jan2007/vbBot_Jan2007.pass
diff --git a/Source/Original/vbBot - Jan 2007/vbBot - Jan 2007.sha256 b/malwares/Source/Original/vbBot_Jan2007/vbBot_Jan2007.sha256
similarity index 100%
rename from Source/Original/vbBot - Jan 2007/vbBot - Jan 2007.sha256
rename to malwares/Source/Original/vbBot_Jan2007/vbBot_Jan2007.sha256
diff --git a/Source/Original/xTBot 0.0.2 - 2 Feb 2002/xTBot 0.0.2 - 2 Feb 2002.md5 b/malwares/Source/Original/xTBot0.0.2_2Feb2002/xTBot0.0.2_2Feb2002.md5
similarity index 100%
rename from Source/Original/xTBot 0.0.2 - 2 Feb 2002/xTBot 0.0.2 - 2 Feb 2002.md5
rename to malwares/Source/Original/xTBot0.0.2_2Feb2002/xTBot0.0.2_2Feb2002.md5
diff --git a/Source/Original/xTBot 0.0.2 - 2 Feb 2002/xTBot 0.0.2 - 2 Feb 2002.pass b/malwares/Source/Original/xTBot0.0.2_2Feb2002/xTBot0.0.2_2Feb2002.pass
similarity index 100%
rename from Source/Original/xTBot 0.0.2 - 2 Feb 2002/xTBot 0.0.2 - 2 Feb 2002.pass
rename to malwares/Source/Original/xTBot0.0.2_2Feb2002/xTBot0.0.2_2Feb2002.pass
diff --git a/Source/Original/xTBot 0.0.2 - 2 Feb 2002/xTBot 0.0.2 - 2 Feb 2002.sha256 b/malwares/Source/Original/xTBot0.0.2_2Feb2002/xTBot0.0.2_2Feb2002.sha256
similarity index 100%
rename from Source/Original/xTBot 0.0.2 - 2 Feb 2002/xTBot 0.0.2 - 2 Feb 2002.sha256
rename to malwares/Source/Original/xTBot0.0.2_2Feb2002/xTBot0.0.2_2Feb2002.sha256
diff --git a/Source/Original/xTBot 0.0.2 - 2 Feb 2002/xTBot 0.0.2 - 2 Feb 2002.zip b/malwares/Source/Original/xTBot0.0.2_2Feb2002/xTBot0.0.2_2Feb2002.zip
similarity index 100%
rename from Source/Original/xTBot 0.0.2 - 2 Feb 2002/xTBot 0.0.2 - 2 Feb 2002.zip
rename to malwares/Source/Original/xTBot0.0.2_2Feb2002/xTBot0.0.2_2Feb2002.zip
diff --git a/Source/Reversed/Win32.Anthrax - Nov 2008/Win32.Anthrax - Nov 2008.md5 b/malwares/Source/Reversed/Win32.Anthrax - Nov 2008/Win32.Anthrax - Nov 2008.md5
similarity index 100%
rename from Source/Reversed/Win32.Anthrax - Nov 2008/Win32.Anthrax - Nov 2008.md5
rename to malwares/Source/Reversed/Win32.Anthrax - Nov 2008/Win32.Anthrax - Nov 2008.md5
diff --git a/Source/Reversed/Win32.Anthrax - Nov 2008/Win32.Anthrax - Nov 2008.pass b/malwares/Source/Reversed/Win32.Anthrax - Nov 2008/Win32.Anthrax - Nov 2008.pass
similarity index 100%
rename from Source/Reversed/Win32.Anthrax - Nov 2008/Win32.Anthrax - Nov 2008.pass
rename to malwares/Source/Reversed/Win32.Anthrax - Nov 2008/Win32.Anthrax - Nov 2008.pass
diff --git a/Source/Reversed/Win32.Anthrax - Nov 2008/Win32.Anthrax - Nov 2008.sha256 b/malwares/Source/Reversed/Win32.Anthrax - Nov 2008/Win32.Anthrax - Nov 2008.sha256
similarity index 100%
rename from Source/Reversed/Win32.Anthrax - Nov 2008/Win32.Anthrax - Nov 2008.sha256
rename to malwares/Source/Reversed/Win32.Anthrax - Nov 2008/Win32.Anthrax - Nov 2008.sha256
diff --git a/Source/Reversed/Win32.Anthrax - Nov 2008/Win32.Anthrax - Nov 2008.zip b/malwares/Source/Reversed/Win32.Anthrax - Nov 2008/Win32.Anthrax - Nov 2008.zip
similarity index 100%
rename from Source/Reversed/Win32.Anthrax - Nov 2008/Win32.Anthrax - Nov 2008.zip
rename to malwares/Source/Reversed/Win32.Anthrax - Nov 2008/Win32.Anthrax - Nov 2008.zip
diff --git a/Source/Reversed/Win32.Relock - October 2007/Win32.Relock - October 2007.md5 b/malwares/Source/Reversed/Win32.Relock - October 2007/Win32.Relock - October 2007.md5
similarity index 100%
rename from Source/Reversed/Win32.Relock - October 2007/Win32.Relock - October 2007.md5
rename to malwares/Source/Reversed/Win32.Relock - October 2007/Win32.Relock - October 2007.md5
diff --git a/Source/Reversed/Win32.Relock - October 2007/Win32.Relock - October 2007.pass b/malwares/Source/Reversed/Win32.Relock - October 2007/Win32.Relock - October 2007.pass
similarity index 100%
rename from Source/Reversed/Win32.Relock - October 2007/Win32.Relock - October 2007.pass
rename to malwares/Source/Reversed/Win32.Relock - October 2007/Win32.Relock - October 2007.pass
diff --git a/Source/Reversed/Win32.Relock - October 2007/Win32.Relock - October 2007.sha256 b/malwares/Source/Reversed/Win32.Relock - October 2007/Win32.Relock - October 2007.sha256
similarity index 100%
rename from Source/Reversed/Win32.Relock - October 2007/Win32.Relock - October 2007.sha256
rename to malwares/Source/Reversed/Win32.Relock - October 2007/Win32.Relock - October 2007.sha256
diff --git a/Source/Reversed/Win32.Relock - October 2007/Win32.Relock - October 2007.zip b/malwares/Source/Reversed/Win32.Relock - October 2007/Win32.Relock - October 2007.zip
similarity index 100%
rename from Source/Reversed/Win32.Relock - October 2007/Win32.Relock - October 2007.zip
rename to malwares/Source/Reversed/Win32.Relock - October 2007/Win32.Relock - October 2007.zip
diff --git a/Source/Reversed/Win32.Whore.Feb.2006/Win32.Whore.Feb.2006.md5 b/malwares/Source/Reversed/Win32.Whore.Feb.2006/Win32.Whore.Feb.2006.md5
similarity index 100%
rename from Source/Reversed/Win32.Whore.Feb.2006/Win32.Whore.Feb.2006.md5
rename to malwares/Source/Reversed/Win32.Whore.Feb.2006/Win32.Whore.Feb.2006.md5
diff --git a/Source/Reversed/Win32.Whore.Feb.2006/Win32.Whore.Feb.2006.pass b/malwares/Source/Reversed/Win32.Whore.Feb.2006/Win32.Whore.Feb.2006.pass
similarity index 100%
rename from Source/Reversed/Win32.Whore.Feb.2006/Win32.Whore.Feb.2006.pass
rename to malwares/Source/Reversed/Win32.Whore.Feb.2006/Win32.Whore.Feb.2006.pass
diff --git a/Source/Reversed/Win32.Whore.Feb.2006/Win32.Whore.Feb.2006.sha256 b/malwares/Source/Reversed/Win32.Whore.Feb.2006/Win32.Whore.Feb.2006.sha256
similarity index 100%
rename from Source/Reversed/Win32.Whore.Feb.2006/Win32.Whore.Feb.2006.sha256
rename to malwares/Source/Reversed/Win32.Whore.Feb.2006/Win32.Whore.Feb.2006.sha256
diff --git a/Source/Reversed/Win32.Whore.Feb.2006/Win32.Whore.Feb.2006.zip b/malwares/Source/Reversed/Win32.Whore.Feb.2006/Win32.Whore.Feb.2006.zip
similarity index 100%
rename from Source/Reversed/Win32.Whore.Feb.2006/Win32.Whore.Feb.2006.zip
rename to malwares/Source/Reversed/Win32.Whore.Feb.2006/Win32.Whore.Feb.2006.zip
diff --git a/mdbv0.2/maldb_0.2.py b/mdbv0.2/maldb_0.2.py
new file mode 100644
index 0000000..e85c6eb
--- /dev/null
+++ b/mdbv0.2/maldb_0.2.py
@@ -0,0 +1,255 @@
+#!/usr/bin/env python
+
+ #Malware DB - the most awesome free malware database on the air
+ #Copyright (C) 2014, Yuval Nativ, Lahad Ludar, 5fingers
+
+ #This program is free software: you can redistribute it and/or modify
+ #it under the terms of the GNU General Public License as published by
+ #the Free Software Foundation, either version 3 of the License, or
+ #(at your option) any later version.
+
+ #This program is distributed in the hope that it will be useful,
+ #but WITHOUT ANY WARRANTY; without even the implied warranty of
+ #MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ #GNU General Public License for more details.
+
+ #You should have received a copy of the GNU General Public License
+ #along with this program. If not, see .
+
+__version__ = "0.2 Beta"
+__appname__ = "Malware DB"
+__authors__ = ["Yuval Nativ","Lahad Ludar","5fingers"]
+__licensev__ = "GPL v3.0"
+__maintainer__ = "Yuval Nativ"
+__status__ = "Development"
+
+import sys
+import getopt
+import subprocess
+import csv
+import urllib2
+# import git
+#import os
+#import inspect
+
+
+def main():
+
+ # Set general variables.
+ version = __version__
+ appname = __appname__
+ licensev = __licensev__
+ authors = "Yuval Nativ, Lahad Ludar, 5fingers"
+ fulllicense = appname + " Copyright (C) 2014 " + authors + "\n"
+ fulllicense += "This program comes with ABSOLUTELY NO WARRANTY; for details type '" + sys.argv[0] +" -w'.\n"
+ fulllicense += "This is free software, and you are welcome to redistribute it."
+
+ useage='\nUsage: ' + sys.argv[0] + ' -s search_query -t trojan -p vb\n\n'
+ useage += 'The search engine can search by regular search or using specified arguments:\n\nOPTIONS:\n -h --help\t\tShow this message\n -t --type\t\tMalware type, can be virus/trojan/botnet/spyware/ransomeware.\n -p --language\tProgramming language, can be c/cpp/vb/asm/bin/java.\n -u --update\t\tUpdate malware index. Rebuilds main CSV file. \n -s --search\t\tSearch query for name or anything. \n -v --version\tPrint the version information.\n -w\t\t\tPrint GNU license.\n'
+
+ column_for_pl = 6
+ column_for_type = 2
+ column_for_location = 1
+ colomn_for_time = 7
+ column_for_version = 4
+ column_for_name = 3
+ column_for_uid = 0
+ column_for_arch = 8
+ column_for_plat = 9
+ conf_folder = 'conf'
+ eula_file = conf_folder + '/eula_run.conf'
+ maldb_ver_file = conf_folder + '/db.ver'
+ main_csv_file = conf_folder + '/index.csv'
+ giturl = 'https://raw.github.com/ytisf/theZoo/master/'
+
+ # Function to print license of malware-db
+ def print_license():
+ print ""
+ print fulllicense
+ print ""
+
+ # Check if EULA file has been created
+ def check_eula_file():
+ try:
+ with open(eula_file):
+ return 1
+ except IOError:
+ return 0
+
+ def get_maldb_ver():
+ try:
+ with file(maldb_ver_file) as f:
+ return f.read()
+ except IOError:
+ print("No malware DB version file found.\nPlease try to git clone the repository again.\n")
+ return 0
+
+ def update_db():
+ curr_maldb_ver = get_maldb_ver()
+ response = urllib2.urlopen(giturl+maldb_ver_file)
+ new_maldb_ver = response.read()
+ if new_maldb_ver == curr_maldb_ver:
+ print "No need for an update.\nYou are at " + new_maldb_ver + " which is the latest version."
+ sys.exit(1)
+ # Write the new DB version into the file
+ f = open(maldb_ver_file, 'w')
+ f.write(new_maldb_ver)
+ f.close()
+
+ # Get the new CSV and update it
+ csvurl = giturl + main_csv_file
+ u = urllib2.urlopen(csvurl)
+ f = open(main_csv_file, 'wb')
+ meta = u.info()
+ file_size = int(meta.getheaders("Content-Length")[0])
+ print "Downloading: %s Bytes: %s" % (main_csv_file, file_size)
+ file_size_dl = 0
+ block_sz = 8192
+ while True:
+ buffer = u.read(block_sz)
+ if not buffer:
+ break
+ file_size_dl += len(buffer)
+ f.write(buffer)
+ status = r"%10d [%3.2f%%]" % (file_size_dl, file_size_dl * 100. / file_size)
+ status = status + chr(8)*(len(status)+1)
+ print status,
+ f.close()
+
+ # prints version banner on screen
+ def versionbanner():
+ print ""
+ print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
+ print "\t\t " + appname + ' v' + version
+ print "Built by:\t\t" + authors
+ print "Is licensed under:\t" + licensev
+ print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
+ print fulllicense
+ print useage
+
+ # Check if maybe no results have been found
+ def checkresults(array):
+ if len(array) == 0:
+ print "No results found\n\n"
+ sys.exit(1)
+
+ # Check to needed arguments - left for debugging
+ def checkargs():
+ print "Type: " + type_of_mal
+ print "Lang: " + pl
+ print "Search: " + search
+
+ # Sort arrays
+ def filter_array(array,colum,value):
+ ret_array = [row for row in array if value in row[colum]]
+ return ret_array
+
+ # A function to print banner header
+ def res_banner():
+ print "\nUID\tName\t\tVersion\t\tLocation\t\tTime"
+ print "---\t----\t\t-------\t\t--------\t\t----"
+
+ # print_results will surprisingly print the results...
+ def print_results(array):
+ answer = array[column_for_uid] + "\t" + array[column_for_name]+ "\t" + array[column_for_version] + "\t\t"
+ answer += array[column_for_location] + "\t\t" + array[colomn_for_time]
+ print answer
+
+ options, remainder = getopt.getopt(sys.argv[1:], 'hwuvs:p:t:', ['type=', 'language=', 'search=', 'help', 'update', 'version', 'dbv' ])
+
+ # Zeroing everything
+ type_of_mal = ""
+ pl = ""
+ search = ""
+ new =""
+ update=0
+ m=[];
+ a=0
+ eula_answer='no'
+ f = ""
+
+ # Checking for EULA Agreement
+ a = check_eula_file()
+ if a == 0:
+ print appname + ' v' + version
+ print 'This program contain live and dangerous malware files'
+ print 'This program is intended to be used only for malware analysis and research'
+ print 'and by agreeing the EULA you agree to only use it for legal purposes and '
+ print 'studying malware.'
+ print 'You understand that these file are dangerous and should only be run on VMs'
+ print 'you can control and know how to handle. Running them on a live system will'
+ print 'infect you machines will live and dangerous malwares!.'
+ print ''
+ eula_answer = raw_input('Type YES in captial letters to accept this EULA.\n')
+ if eula_answer == 'YES':
+ print 'you types YES'
+ new = open(eula_file, 'a')
+ new.write(eula_answer)
+ else:
+ print 'You need to accept the EULA.\nExiting the program.'
+ sys.exit(1)
+
+ # Get arguments
+ for opt, arg in options:
+ if opt in ('-h', '--help'):
+ print fulllicense
+ print useage
+ sys.exit(1)
+ elif opt in ('-u', '--update'):
+ update=1
+ update_db()
+ elif opt in ('-v', '--version'):
+ versionbanner()
+ sys.exit(1)
+ elif opt in '-w':
+ print_license()
+ sys.exit(1)
+ elif opt in ('-t', '--type'):
+ type_of_mal = arg
+ elif opt in ('-p', '--language'):
+ pl = arg
+ elif opt in ('-s', '--search'):
+ search = arg
+ elif opt in '--dbv':
+ # Getting version of malware-DB's database
+ a = get_maldb_ver()
+ if a == 0:
+ sys.exit(0)
+ elif len(a) > 0:
+ print ''
+ print "Malware-DB Database's version is: " + a
+ sys.exit()
+
+ # Rebuild CSV
+ if update == 1:
+ subprocess.call("./Rebuild_CSV.sh", shell=True)
+ sys.exit(1)
+
+ # Take index.csv and convert into array m
+ csvReader = csv.reader(open(main_csv_file, 'rb'), delimiter=',');
+ for row in csvReader:
+ m.append(row)
+
+ # Filter by type
+ if len(type_of_mal) > 0:
+ m = filter_array(m,column_for_type,type_of_mal)
+
+ # Filter by programming language
+ if len(pl) > 0:
+ m = filter_array(m,column_for_pl,pl)
+
+ # Free search handler
+ if len(search) > 0:
+ res_banner()
+ matching = [y for y in m if search in y]
+ for line in matching:
+ checkresults(matching)
+ print_results(line)
+
+ if len(search) <= 0:
+ res_banner()
+ for line in m:
+ print_results(line)
+
+if __name__ == "__main__":
+ main()
\ No newline at end of file