This application is intended for submission of exe sample to antivirus scanner.
The program send zip file to the list of adresses in the file avlist.txt .
If 7-zip.dll is present, he can zip the file.
Usage is simple : fill the stringgadget (login, password, mail box, port and select the file sample (in a zip), complete the message and click on Submit File.
Wait for confirmation of message send.
This code x86 = 7 false positive and x64 = 1 false positive.
Dont hésitate to update the adresses list.
Code: Select all
EnableExplicit
;
InitNetwork()
;{- Enumerations / DataSections
;{ Windows
Enumeration
#Window_0
EndEnumeration
;}
Enumeration
#menu_window_0
EndEnumeration
;
Enumeration
#menu_window_0_infos
#menu_window_0_quitter
EndEnumeration
;
Enumeration
#StatusBar_Window_0
EndEnumeration
;{ Gadgets
Enumeration
#Frame3D_0
#String_user
#Frame3D_2
#String_pw
#Frame3D_3
#String_mail
#Frame3D_4
#String_smtp
#Frame3D_6
#String_port
#Frame3D_8
#String_mes
#Frame3D_10
#String_file
#Button_filesel
#button_zip
#button_send
#button_view
EndEnumeration
;}
Global NewList listav.s()
;}
Procedure.s zipfile(fn.s)
Protected path7zip.s, OutputAnsi.s, CmdLine$, s.s, *cmd
Protected namezipfile$, password.s,cp.s,typ.s
;
s=LCase(GetExtensionPart(fn))
If s="zip"
ProcedureReturn
EndIf
;
If fn=""
ProcedureReturn
EndIf
;
CompilerIf #PB_Compiler_Processor=#PB_Processor_x86
path7zip=GetPathPart(ProgramFilename())+"7-zip32.dll"
CompilerElse
path7zip=GetPathPart(ProgramFilename())+"7-zip64.dll"
CompilerEndIf
;
If OpenLibrary(0, Path7Zip)
typ="zip"
namezipfile$=GetPathPart(fn)+GetFilePart(fn,#PB_FileSystem_NoExtension)+".zip"
password="infected"
cp="-mx9"
CmdLine$ = "a -t"+typ+" "+cp+" -p"+password+" -ir!" + #DQUOTE$ + fn + #DQUOTE$ + " " + #DQUOTE$ + namezipfile$+ #DQUOTE$
;
OutputAnsi = Space(1024)
*cmd=Ascii(cmdline$)
CallFunction(0,"SevenZip",WindowID(#Window_0),*cmd,@OutputAnsi,1024)
FreeMemory(*cmd)
;
s=GetPathPart(fn)+GetFilePart(fn,#PB_FileSystem_NoExtension)+".zip"
If FileSize(s)<>-1
SetGadgetText(#String_file,s)
EndIf
s=PeekS(@OutputAnsi,-1,#PB_Ascii)
MessageRequester("FPSubmit",s,#PB_MessageRequester_Info)
;
CloseLibrary(0)
EndIf
EndProcedure
Procedure mail()
Protected progress, result, body.s
Protected mail.s,smtp.s,port,user.s,pw.s, file.s
;
mail=GetGadgetText(#String_mail)
body=GetGadgetText(#String_mes)
smtp=GetGadgetText(#String_smtp)
port=Val(GetGadgetText(#String_port))
user=GetGadgetText(#String_user)
pw=GetGadgetText(#String_pw)
file=GetGadgetText(#String_file)
;
If mail="" Or body="" Or smtp="" Or port=0 Or user="" Or pw="" Or file=""
MessageRequester("FPSubmit","Missing parameter : cant send sample !",#PB_MessageRequester_Error)
ProcedureReturn
EndIf
;
If LCase(GetExtensionPart(file))<>"zip"
MessageRequester("FPSubmit","Send only zip file !",#PB_MessageRequester_Error)
ProcedureReturn
EndIf
;
If CreateMail(0, mail, "Suspicious File Submission")
SetMailBody(0,body)
;
If AddMailAttachment(0,"Sample file",file,"application/zip")=0
MessageRequester("FPSubmit","File not find !",#PB_MessageRequester_Error)
FreeMail(0)
ProcedureReturn
EndIf
;
ForEach listav()
AddMailRecipient(0, listav(), #PB_Mail_To)
Next
; Set the SMTP server to use
;
If port=465
Result = SendMail(0, smtp, port,#PB_Mail_Asynchronous|#PB_Mail_UseSSL, user, pw)
Else
Result = SendMail(0, smtp, port,#PB_Mail_Asynchronous)
EndIf
;
Repeat
Progress = MailProgress(0)
Delay(300)
Until Progress = #PB_Mail_Finished Or Progress = #PB_Mail_Error
If Progress = #PB_Mail_Finished
MessageRequester("FPSubmit", "Mail correctly sent !",#PB_MessageRequester_Info)
Else
MessageRequester("FPSubmit", "Can't sent the mail !",#PB_MessageRequester_Error)
EndIf
FreeMail(0)
EndIf
EndProcedure
Procedure saveini()
Protected fnme.s
fnme=GetPathPart(ProgramFilename())+GetFilePart(ProgramFilename(),#PB_FileSystem_NoExtension)+".ini"
If FileSize(fnme)=-1
CreatePreferences(fnme)
Else
OpenPreferences(fnme)
EndIf
;
If GetWindowState(#Window_0)<> #PB_Window_Normal
SetWindowState(#Window_0,#PB_Window_Normal)
EndIf
PreferenceGroup("window")
WritePreferenceInteger("top",WindowX(#window_0))
WritePreferenceInteger("left",WindowY(#window_0))
;
PreferenceGroup("user")
WritePreferenceString("username",GetGadgetText(#String_user))
WritePreferenceString("pw",GetGadgetText(#String_pw))
WritePreferenceString("mail",GetGadgetText(#String_mail))
WritePreferenceString("smtp",GetGadgetText(#String_smtp))
WritePreferenceString("port",GetGadgetText(#String_port))
;
ClosePreferences()
EndProcedure
Procedure loadini()
Protected fnme.s,x.i,y.i,z.s
fnme=GetPathPart(ProgramFilename())+GetFilePart(ProgramFilename(),#PB_FileSystem_NoExtension)+".ini"
;
OpenPreferences(fnme)
;
PreferenceGroup("window")
x=ReadPreferenceInteger("top",-1)
y=ReadPreferenceInteger("left",-1)
If x<>-1 Or y<>-1
ResizeWindow(#window_0,x,y,#PB_Ignore,#PB_Ignore)
EndIf
;
PreferenceGroup("user")
z=ReadPreferenceString("username","")
If z<>""
SetGadgetText(#String_user,z)
EndIf
z=ReadPreferenceString("pw","")
If z<>""
SetGadgetText(#String_pw,z)
EndIf
z=ReadPreferenceString("mail","")
If z<>""
SetGadgetText(#String_mail,z)
EndIf
z=ReadPreferenceString("smtp","")
If z<>""
SetGadgetText(#String_smtp,z)
EndIf
;
z=ReadPreferenceString("port","")
If z<>""
SetGadgetText(#String_port,z)
EndIf
;
ClosePreferences()
;
HideWindow(#window_0,0)
EndProcedure
Procedure selfile()
Protected slf.s,filtre.s
Static fdef.s
Filtre = "Exe (*.exe)|*.exe|All files (*.*)|*.*"
If fdef=""
fdef=GetPathPart(ProgramFilename())
EndIf
slf= OpenFileRequester("Select file", fdef, Filtre, 0)
If slf<>""
fdef=GetPathPart(slf)
SetGadgetText(#String_file,slf)
EndIf
EndProcedure
Procedure sizew()
Protected x,y
x=WindowWidth(#Window_0)
y=WindowHeight(#Window_0)
ResizeGadget(#Frame3d_3,#PB_Ignore,#PB_Ignore,x-100,#PB_Ignore)
ResizeGadget(#String_mail,#PB_Ignore,#PB_Ignore,x-120,#PB_Ignore)
ResizeGadget(#Frame3d_10,#PB_Ignore,#PB_Ignore,x-15,#PB_Ignore)
ResizeGadget(#String_file,#PB_Ignore,#PB_Ignore,x-110,#PB_Ignore)
ResizeGadget(#Button_filesel,x-80,#PB_Ignore,#PB_Ignore,#PB_Ignore)
ResizeGadget(#button_zip,x-45,#PB_Ignore,#PB_Ignore,#PB_Ignore)
ResizeGadget(#Frame3d_8,#PB_Ignore,#PB_Ignore,x-15,y-300)
ResizeGadget(#String_mes,#PB_Ignore,#PB_Ignore,x-30,y-325)
ResizeGadget(#button_send,#PB_Ignore,y-70,#PB_Ignore,#PB_Ignore)
EndProcedure
Procedure closew()
If GetWindowState(#Window_0)=#PB_Window_Minimize
PostEvent(#PB_Event_CloseWindow)
EndIf
EndProcedure
Procedure OpenWindow_Window_0()
Protected s.s
If OpenWindow(#Window_0, 421, 192, 400, 450, "FPSubmit 1.0", #PB_Window_SystemMenu|#PB_Window_SizeGadget|#PB_Window_MinimizeGadget|#PB_Window_TitleBar|#PB_Window_ScreenCentered|#PB_Window_Invisible)
If CreateImageMenu(#Menu_Window_0, WindowID(#Window_0),#PB_Menu_ModernLook)
MenuTitle("&Options")
MenuItem(#Menu_Window_0_Infos, "&Infos")
MenuBar()
MenuItem(#Menu_Window_0_Quitter, "&Quit")
EndIf
If CreateStatusBar(#StatusBar_Window_0, WindowID(#Window_0))
AddStatusBarField(100)
EndIf
FrameGadget(#Frame3D_0, 5, 15, 180, 45, "Login")
StringGadget(#String_user, 15, 32, 160, 22, "")
FrameGadget(#Frame3D_2, 190, 15, 200, 45, "Password")
StringGadget(#String_pw, 200, 32, 140, 22, "", #PB_String_Password)
ButtonGadget(#button_view, 350, 30, 30, 25, "^",#PB_Button_Toggle )
GadgetToolTip(#button_view,"Show password")
FrameGadget(#Frame3D_3, 5, 60, 300, 45, "Sender Mail")
StringGadget(#String_mail, 15, 78, 280, 22, "")
FrameGadget(#Frame3D_4, 5, 115, 260, 45, "SMTP")
StringGadget(#String_smtp, 15, 130, 240, 22, "")
FrameGadget(#Frame3D_6, 280, 115, 110, 45, "Port")
StringGadget(#String_port, 290, 130, 90, 22, "", #PB_String_Numeric )
FrameGadget(#Frame3D_8, 5, 220, 385, 155, "Message")
StringGadget(#String_mes, 15, 240, 370, 125, "", #ES_MULTILINE|#WS_VSCROLL|#WS_HSCROLL|#ES_AUTOVSCROLL)
s="The sample is in a password protected ZIP file."+#CRLF$+"The password for the attachment is : infected."+#CRLF$+"This file is FALSE positive !"+#CRLF$+"Sample sender by FPSubmit"
SetGadgetText(#String_mes,s)
FrameGadget(#Frame3D_10, 5, 165, 385, 45, "File to submit")
StringGadget(#String_file, 15, 182, 290, 22, "")
EnableGadgetDrop(#String_file,#PB_Drop_Files, #PB_Drag_Copy)
ButtonGadget(#Button_filesel, 320, 180, 30, 25, "...")
GadgetToolTip(#Button_filesel,"File selector")
ButtonGadget(#Button_zip, 355, 180, 30, 25, "ZIP")
GadgetToolTip(#Button_zip,"Zip file")
ButtonGadget(#button_send, 15, 380, 100, 25, "Submit File")
GadgetToolTip(#Button_send,"Send mail")
;
WindowBounds(#Window_0,400,440,#PB_Ignore,#PB_Ignore)
BindEvent(#PB_Event_SizeWindow,@sizew())
BindEvent(#PB_Event_CloseWindow,@closew())
EndIf
EndProcedure
Procedure readadd()
If ReadFile(0, "avlist.txt")
While Eof(0) = 0
AddElement(listav())
listav()=ReadString(0)
Wend
CloseFile(0)
StatusBarText(#StatusBar_Window_0,0,"AV list : "+Str(ListSize(listav())),#PB_StatusBar_Center)
Else
MessageRequester("FPSubmit","File avlist.txt missing !",#PB_MessageRequester_Error)
DisableGadget(#button_send,#True)
EndIf
;
EndProcedure
;- begin loop
Define s.s
OpenWindow_Window_0()
loadini()
readadd()
;
CompilerIf #PB_Compiler_Processor=#PB_Processor_x86
s=GetPathPart(ProgramFilename())+"7-zip32.dll"
CompilerElse
s=GetPathPart(ProgramFilename())+"7-zip64.dll"
CompilerEndIf
If FileSize(s)=-1
DisableGadget(#button_zip,#True)
EndIf
;
;{- Event loop
Repeat
Select WaitWindowEvent()
; ///////////////////
Case #PB_Event_GadgetDrop
If EventDropType()=#PB_Drop_Files
SetGadgetText(#String_file,StringField(EventDropFiles(),1,Chr(10)))
EndIf
Case #PB_Event_Gadget
Select EventGadget()
Case #button_send
mail()
Case #Button_filesel
selfile()
Case #button_zip
zipfile(GetGadgetText(#String_file))
Case #button_view
StringGadget(#String_pw, 200, 32, 140, 22, GetGadgetText(#String_pw),#PB_String_Password-GetGadgetState(#button_view)<<5)
EndSelect
; ////////////////////////
Case #PB_Event_Menu
Select EventMenu()
Case #menu_window_0_infos
s="FP Submit "+#pb_editor_fileversion
CompilerIf #PB_Compiler_Processor= #PB_Processor_x64
s+" - x64"
CompilerElse
s+" - x86"
CompilerEndIf
s+" - PB :"+#PB_Compiler_Version
s+#CRLF$+"False positive sample submit"+#CRLF$
s+#CRLF$+"by DrGolf @"+Year(Date())+#CRLF$
s+#CRLF$+"FREEWare"
MessageRequester("FPSubmit",s,#MB_ICONINFORMATION)
Case #menu_window_0_quitter
PostEvent(#PB_Event_CloseWindow)
EndSelect
;
Case #PB_Event_CloseWindow
Select EventWindow()
Case #Window_0
FreeList(listav())
saveini()
CloseWindow(#Window_0)
Break
EndSelect
EndSelect
ForEver
;
;}
- v3sos@ahnlab.com
virus@avast.com
virus@avira.com
virus_submission@bitdefender.com
samples@bluepointsecurity.com
malwaresubmit@avlab.comodo.com
vms@drweb.com
malware@emcosoftware.com
submit@emsisoft.com
virus@esafe.com
samples@escanav.com
submitvirus@fortinet.com
research@spy-emergency.com
viruslab@f-prot.com
labs@fsb-antivirus.com
vsamples@f-secure.com
samples@ikarus.at
submit@samples.immunet.com
newvirus@kaspersky.com
support@jiangmin.com
research@lavasoft.com
virus_research@avertlabs.com
virus@micropoint.com.cn
avsubmit@submit.microsoft.com
virus@nanoav.ru
samples@eset.com
support@noralabs.com
support@norman.com
virus_info@inca.co.kr
virus@pandasecurity.com
psafe@psafe.com
kefu@360.cn
support@rubus.co.in
newvirus@s-cop.com
samples@sophos.com
detections@spybot.info
vlab@srnmicro.com
avsubmit@symantec.com
virus@hacksoft.com.pe
virus@thirtyseven4.com
virus@ca.com
submit@trojanhunter.com
support@simplysup.com
virus@filseclab.com
malware-cruncher@sunbelt-software.com
viruslab@hauri.co.kr
newvirus@anti-virus.by
virus@zillya.com
huangruimin@kingsoft.com
pomoc@mks.com.pl
support@aegislab.com
viruslab@quickheal.com
trojans@agnitum.com
bav@baidu.com
bkav@bkav.com.vn
huangruimin@kingsoft.com
samples@mysecuritywin.com