Monday, 8 August 2011

Mass upload on VirusTotal without API

Exploiting the official VT Uploader for fun.
The EULA of VT Uploader 2.0 don't allow distribution or packing without permission of Hispasec Sistemas, but there is nothing regarding reverse enginnering/bin modification.

The idea is to use the binary for upload on VT a complete folder. but there is no feature for do that.
luckily by command-line we can send one or more files as arguments, it will facilitate the task.

Now we can make a program who each 'x' time will send a file by argument.
Boring things: the automatic Browser launch when an upload is finished or when a hash is found.
Well, one more time i will need a debugger.
A simple bpx ShellExecuteW (CommandBar plugin), return 2 breakpoints and what a chance all related to the automatic browser launch.


When a file was successfully uploaded we don't care of what happens next, and for avoid 'x' process of VirusTotalUploader2.exe, we can call an API like ExitProcess (0x4022DA)
Now for the window problem a simple SW_HIDE, can fix the issue.
Using a rest from some other projects it's just 10/15 mins of recode.



i release that more for the patch feature in vb6 than the rest :þ

 https://sourceforge.net/projects/malwareautodown/files/MAD%201.7/VT%20Upload%20Mass.zip/download

2 comments:

  1. you should make a set of tools for VT

    ReplyDelete
  2. look here http://share.xoxmodav.net/VT_Checker/VT_Checker.rar

    ReplyDelete