felmoltor/gist:01e732dd1375f96114ed

## gistfile1.sh
# With this two lines of bash you will donwload the last malware samples extracted from the public lists of www.malwaredomainlist.com
# and you'll submit automatically the alive samples (check if the response was an executable or not) to totalhash.com (contribute to
# the community) and obtain the detection rate of the sample # from Virus Total (virustotal.com).
# As a result you'll get a bunch of executable files and their detection rate in the log "output.virustotal.txt"

# Download all the samples detected and listed in the public CSV of mdl.com
$ curl -s http://www.malwaredomainlist.com/mdlcsv.php | awk 'BEGIN {FS="\",\""} {print $2}' | strings -n 3 | grep -E "\.exe$|\.so$|\.bin$|\.src$|\.pdf$|\.docx$|\.vb$|\.sh$" | xargs -I% bash -c 'echo "Downloading: %" && curl -s -O %' | tee $(date +%Y%m%d_%H%M)_malware_download.log

# Upload the downloaded samples to totalhash.com and query virustotal.com with it MD5 checksum to obtain the detection ratio
$ ls *_malware_download.log -ltr | tail -n1 | cat $(awk '{print $9}') | awk 'BEGIN {FS="/"} {print $(NF)}' | xargs -I% file % --mime-type | grep "application" | cut -f1 -d: | xargs -I% bash -c 'echo -n "%:" && curl -s -T % http://totalhash.com/upload.php' | xargs -I% bash -c 'echo -n "%:" && curl -o %.virustotal.html -s --location --data "query=$(echo % | cut -f2 -d:)" https://www.virustotal.com/es/search/ && grep -A3 -E "Archivo no encontrado|Detecciones:" %.virustotal.html | grep -E "Archivo no encontrado| / " ' | tee $(date +%Y%m%d_%H%M)_output.virustotal.txt

# Delete the HTML responses (error and default pages) from the servers where the sample were not present
$ ls *_malware_download.log -ltr | tail -n1 | cat $(awk '{print $9}') | awk 'BEGIN {FS="/"} {print $(NF)}' | xargs -I% file % --mime-type | grep "text/html"  | cut -f1 -d: | xargs -I% rm %

# ---------------------------------#
# Sample output will be like this: #
#----------------------------------#

$ curl -s http://www.malwaredomainlist.com/mdlcsv.php | awk 'BEGIN {FS="\",\""} {print $2}' | strings -n 3 | grep -E "\.exe$|\.so$|\.bin$|\.src$|\.pdf$|\.docx$|\.vb$|\.sh$" | xargs -I% bash -c 'echo "Downloading: %" && curl -s -O %' | tee $(date +%Y%m%d_%H%M)_malware_download.log
Downloading: img001.com/business/qiji.exe
Downloading: root.mcs-katwijk.nl/ws/amd.exe
Downloading: root.mcs-katwijk.nl/ws/nvm.exe
Downloading: root.mcs-katwijk.nl/ws/cpu.exe
Downloading: root.mcs-katwijk.nl/ws/ws.exe
Downloading: root.mcs-katwijk.nl/ws/kl.exe
Downloading: oprahsearch.com/scripts/net19.exe
Downloading: oprahsearch.com/scripts/brez251.exe
Downloading: www.doctor-alex.com/files/SetupDrAlex.exe
Downloading: appline.ieguide.co.kr/e1guide/popguide/E1PopGuide_20080619_Update.exe
Downloading: appline.ieguide.co.kr/e1guide/lineguide/e1lineguide_20080619_update2.exe
Downloading: afa15.com.ne.kr/media/videoxxx.avi.exe
Downloading: fgawegwr.chez.com/images/1273471091.exe
Downloading: update.onescan.co.kr/setupa/onescansetup.exe
[...]

$ ls *_malware_download.log -ltr | tail -n1 | cat $(awk '{print $9}') | awk 'BEGIN {FS="/"} {print $(NF)}' | xargs -I% file % --mime-type | grep "application" | cut -f1 -d: | xargs -I% bash -c 'echo -n "%:" && curl -s -T % http://totalhash.com/upload.php' | xargs -I% bash -c 'echo -n "%:" && curl -o %.virustotal.html -s --location --data "query=$(echo % | cut -f2 -d:)" https://www.virustotal.com/es/search/ && grep -A3 -E "Archivo no encontrado|Detecciones:" %.virustotal.html | grep -E "Archivo no encontrado| / " ' | tee $(date +%Y%m%d_%H%M)_output.virustotal.txt
qiji.exe:8c4144589bd542046aca7229dded3e99:            5 / 54
amd.exe:0c1b2bb3a808301c87f02970dfdf828f:            30 / 53
nvm.exe:7b438e71aac0224766f4e6e9d04147e3:            27 / 54
cpu.exe:24799bae20df7850e81bb36adf13cef1:            39 / 54
ws.exe:5fae317760cf61c9b40201c790decd33:            34 / 53
kl.exe:851a3d758e2aa621fbab184e802e2d38:            38 / 54
SetupDrAlex.exe:7b1e81bfd59e2d74f0477df2e24aaf2a:            6 / 53
videoxxx.avi.exe:d063231de7971de04f2e77c337eaee7a:            46 / 54
1273471091.exe:b38b466361fda8b62122cab856fba490:            49 / 53
onescansetup.exe:3354003da992fcc19cd60322ed2b612f:            31 / 54
	# With this two lines of bash you will donwload the last malware samples extracted from the public lists of www.malwaredomainlist.com
	# and you'll submit automatically the alive samples (check if the response was an executable or not) to totalhash.com (contribute to
	# the community) and obtain the detection rate of the sample # from Virus Total (virustotal.com).
	# As a result you'll get a bunch of executable files and their detection rate in the log "output.virustotal.txt"

	# Download all the samples detected and listed in the public CSV of mdl.com
	$ curl -s http://www.malwaredomainlist.com/mdlcsv.php \| awk 'BEGIN {FS="\",\""} {print $2}' \| strings -n 3 \| grep -E "\.exe$\|\.so$\|\.bin$\|\.src$\|\.pdf$\|\.docx$\|\.vb$\|\.sh$" \| xargs -I% bash -c 'echo "Downloading: %" && curl -s -O %' \| tee $(date +%Y%m%d_%H%M)_malware_download.log

	# Upload the downloaded samples to totalhash.com and query virustotal.com with it MD5 checksum to obtain the detection ratio
	$ ls *_malware_download.log -ltr \| tail -n1 \| cat $(awk '{print $9}') \| awk 'BEGIN {FS="/"} {print $(NF)}' \| xargs -I% file % --mime-type \| grep "application" \| cut -f1 -d: \| xargs -I% bash -c 'echo -n "%:" && curl -s -T % http://totalhash.com/upload.php' \| xargs -I% bash -c 'echo -n "%:" && curl -o %.virustotal.html -s --location --data "query=$(echo % \| cut -f2 -d:)" https://www.virustotal.com/es/search/ && grep -A3 -E "Archivo no encontrado\|Detecciones:" %.virustotal.html \| grep -E "Archivo no encontrado\| / " ' \| tee $(date +%Y%m%d_%H%M)_output.virustotal.txt

	# Delete the HTML responses (error and default pages) from the servers where the sample were not present
	$ ls *_malware_download.log -ltr \| tail -n1 \| cat $(awk '{print $9}') \| awk 'BEGIN {FS="/"} {print $(NF)}' \| xargs -I% file % --mime-type \| grep "text/html" \| cut -f1 -d: \| xargs -I% rm %

	# ---------------------------------#
	# Sample output will be like this: #
	#----------------------------------#

	$ curl -s http://www.malwaredomainlist.com/mdlcsv.php \| awk 'BEGIN {FS="\",\""} {print $2}' \| strings -n 3 \| grep -E "\.exe$\|\.so$\|\.bin$\|\.src$\|\.pdf$\|\.docx$\|\.vb$\|\.sh$" \| xargs -I% bash -c 'echo "Downloading: %" && curl -s -O %' \| tee $(date +%Y%m%d_%H%M)_malware_download.log
	Downloading: img001.com/business/qiji.exe
	Downloading: root.mcs-katwijk.nl/ws/amd.exe
	Downloading: root.mcs-katwijk.nl/ws/nvm.exe
	Downloading: root.mcs-katwijk.nl/ws/cpu.exe
	Downloading: root.mcs-katwijk.nl/ws/ws.exe
	Downloading: root.mcs-katwijk.nl/ws/kl.exe
	Downloading: oprahsearch.com/scripts/net19.exe
	Downloading: oprahsearch.com/scripts/brez251.exe
	Downloading: www.doctor-alex.com/files/SetupDrAlex.exe
	Downloading: appline.ieguide.co.kr/e1guide/popguide/E1PopGuide_20080619_Update.exe
	Downloading: appline.ieguide.co.kr/e1guide/lineguide/e1lineguide_20080619_update2.exe
	Downloading: afa15.com.ne.kr/media/videoxxx.avi.exe
	Downloading: fgawegwr.chez.com/images/1273471091.exe
	Downloading: update.onescan.co.kr/setupa/onescansetup.exe
	[...]

	$ ls *_malware_download.log -ltr \| tail -n1 \| cat $(awk '{print $9}') \| awk 'BEGIN {FS="/"} {print $(NF)}' \| xargs -I% file % --mime-type \| grep "application" \| cut -f1 -d: \| xargs -I% bash -c 'echo -n "%:" && curl -s -T % http://totalhash.com/upload.php' \| xargs -I% bash -c 'echo -n "%:" && curl -o %.virustotal.html -s --location --data "query=$(echo % \| cut -f2 -d:)" https://www.virustotal.com/es/search/ && grep -A3 -E "Archivo no encontrado\|Detecciones:" %.virustotal.html \| grep -E "Archivo no encontrado\| / " ' \| tee $(date +%Y%m%d_%H%M)_output.virustotal.txt
	qiji.exe:8c4144589bd542046aca7229dded3e99: 5 / 54
	amd.exe:0c1b2bb3a808301c87f02970dfdf828f: 30 / 53
	nvm.exe:7b438e71aac0224766f4e6e9d04147e3: 27 / 54
	cpu.exe:24799bae20df7850e81bb36adf13cef1: 39 / 54
	ws.exe:5fae317760cf61c9b40201c790decd33: 34 / 53
	kl.exe:851a3d758e2aa621fbab184e802e2d38: 38 / 54
	SetupDrAlex.exe:7b1e81bfd59e2d74f0477df2e24aaf2a: 6 / 53
	videoxxx.avi.exe:d063231de7971de04f2e77c337eaee7a: 46 / 54
	1273471091.exe:b38b466361fda8b62122cab856fba490: 49 / 53
	onescansetup.exe:3354003da992fcc19cd60322ed2b612f: 31 / 54