Skip to content

Instantly share code, notes, and snippets.

View peanalyst4.py
#Python PE Analyst - MD5-SHA256-Size-PE Section-DLLs of .exe
#16/04/2019 - bekabeipa@gmail.com
#DB MySQL structure: id;filename;md5;sha256;filesize;dump;time
import datetime
import time
import pefile
import mmap
import hashlib
import pymysql
pymysql.install_as_MySQLdb()
View peanalyst2.py
#Python PE Analyst - MD5-SHA256-Size-DLLs of .exe
#16/04/2019 - bekabeipa@gmail.com
#DB MySQL structure: id;filename;md5;sha256;filesize;dump
import datetime
import time
import pefile
import mmap
import hashlib
import pymysql
pymysql.install_as_MySQLdb()
View peanalyst1.py
#Python PE Analyst - DLLs of .exe
#16/04/2019 - bekabeipa@gmail.com
#DB MySQL structure: id;filename;md5;sha256;filesize;dump
import datetime
import time
import pefile
import mmap
import pymysql
pymysql.install_as_MySQLdb()
View Wannacrypt0r-FACTSHEET.md

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

@ryanbekabe
ryanbekabe / recursivehash.php
Last active Apr 6, 2019
PHP Hash MD5 SHA256 File Recursive
View recursivehash.php
<?php
//bekabeipa@gmail.com
if(isset($_GET['recursivehash']) AND isset($_GET['rest']))
{
//https://stackoverflow.com/questions/34190464/php-scandir-recursively
//https://stackoverflow.com/questions/15687363/php-access-global-variable-in-function
//global $varrest;
date_default_timezone_set('Asia/Jakarta');
$waktupengiriman=date("YmdHi");
@ryanbekabe
ryanbekabe / unzip_all.py
Created Mar 15, 2019 — forked from kalkulus/unzip_all.py
PYTHON: unzip all files in a directory
View unzip_all.py
#!/usr/bin/python
import os, zipfile
for filename in os.listdir("."):
if filename.endswith(".zip"):
print filename
name = os.path.splitext(os.path.basename(filename))[0]
if not os.path.isdir(name):
try:
zip = zipfile.ZipFile(filename)
You can’t perform that action at this time.