We can use the idc.GetInputMD5() to retrieve the store MD5 value.
#Virus totals by state pro
md5sum: when IDA Pro loads a file, it stores the input file’s MD5 in the database.The other configuration fields are computed during runtime: The persistent information we need to store are the apikey and the plugin dialog options. It resolves to “%APPDATA%\Hex-Rays\IDA Pro” on MS Windows and to “~/.idapro” on Linux or Mac OS. The data store location will be determined using the idaapi.get_user_idadir(). We need a simple class to store persistent data. The plugin: A plugin class that will orchestrate all of the above components.A form control: It will allow us to take input information and display the results.This control should function in embedded or standalone modes. A chooser control: This control will store the VT report result in a nice ListView with two columns (AV Vender/Malware name).A configuration utility: A simple utility class to save persistent information (like the API key or the reporting options).A Python wrapper for the VT API: We will use the module mentioned above.Let us first breakdown the plugin requirements into small and simple steps and then at the end we can glue everything together.
Our plugin is going to use the get_file_report() to get a report given a file’s MD5 and the scan_file() to submit a new file to VT Writing the plugin The resulting changes can be found in the BboeVt module as part of this article’s files. In this article, we are going to borrow some code from Bryce Boe’s blog entry “ Submitting Binaries to VirusTotal” and modify it a bit.
To work with it you need an API key (get one by creating a VT Community account) and a programming language/library that can make HTTP POST requests and is able to parse JSON strings. The VirusTotal API is web-service that uses HTTP POST requests with JSON object responses. The plugin will offer to upload the file if the file was not analyzed before. The plugin will allow you to get reports from VirusTotal based on the input file MD5 or a file of your choice.
#Virus totals by state how to
In this blog post, we are going to illustrate how to use some of the new UI features introduced in IDA Pro 6.1 ( embedded choosers, custom icons, etc…) by writing a VirusTotal reporting and file submission plugin for IDA Pro.
0 kommentar(er)
