Back to index

9. Virusshare.com

This analyzer enables searching for md5 hashes in Virusshare.com hash list. It does not download samples for you nor links directly to the sample - the author of virusshare prohibits the automatic download/site scraping and I respect that. It provides a button to start the virusshare search, though, but you need an account for that. You can request an invitation to the platform through contacting the admin via mail, directly.

9.1. Configuration

In order to check md5-hashes against the hash lists, a directory containing the lists must be provided in cortex config:

Virusshare {
   path="/path/to/download/directory"
}

9.2. Download the newest hash lists

9.2.1. Usage

In order to download the newest available hash lists from virusshare.com, you can run the download_hashes.py script.

./download_hashes.py /path/to/your/download/directory

It takes a lot of time to download. The files are names 000.md5 - xxx.md5 and already available files are skipped.

9.2.2. Documentation

This script downloads all available Virusshare.com hash files. The user-agent is set to Chrome 57.

download_hashes.run(path, quiet=False)[source]

Downloads all available hash files to a given path.

Parameters:
  • path (str) – Path to download directory
  • quiet – If set to True, no progressbar is displayed
Return type:

None

9.3. Virusshare Analyzer

class virusshare.VirusshareAnalyzer[source]

This analyzer allows searching through a previously downloaded hash list of virusshare. If the hash has not the length of 32 characters (md5), search is skipped and the isonvs report parameter is set to unknown. In the report, a button is placed for redirecting to virusshare.com. As parameter this analyzer takes path which contains the path (obviously...) to the virusshare hash lists. To be able to downloads the lists in an easier way, download_hashes.py was provided. More info in the documentation.