FPSubmit
Posted: Sun Jul 26, 2020 10:13 am
FPSubmit : false positive sample submit to many virus scanner.
This application is intended for submission of exe sample to antivirus scanner.
The program send zip file to the list of adresses in the file avlist.txt .
If 7-zip.dll is present, he can zip the file.
Usage is simple : fill the stringgadget (login, password, mail box, port and select the file sample (in a zip), complete the message and click on Submit File.
Wait for confirmation of message send.
This code x86 = 7 false positive and x64 = 1 false positive.
Dont hésitate to update the adresses list.
and the list of mail for virus scanner (save as avlist.txt) :
This application is intended for submission of exe sample to antivirus scanner.
The program send zip file to the list of adresses in the file avlist.txt .
If 7-zip.dll is present, he can zip the file.
Usage is simple : fill the stringgadget (login, password, mail box, port and select the file sample (in a zip), complete the message and click on Submit File.
Wait for confirmation of message send.
This code x86 = 7 false positive and x64 = 1 false positive.
Dont hésitate to update the adresses list.
Code: Select all
EnableExplicit
;
InitNetwork()
;{- Enumerations / DataSections
;{ Windows
Enumeration
#Window_0
EndEnumeration
;}
Enumeration
#menu_window_0
EndEnumeration
;
Enumeration
#menu_window_0_infos
#menu_window_0_quitter
EndEnumeration
;
Enumeration
#StatusBar_Window_0
EndEnumeration
;{ Gadgets
Enumeration
#Frame3D_0
#String_user
#Frame3D_2
#String_pw
#Frame3D_3
#String_mail
#Frame3D_4
#String_smtp
#Frame3D_6
#String_port
#Frame3D_8
#String_mes
#Frame3D_10
#String_file
#Button_filesel
#button_zip
#button_send
#button_view
EndEnumeration
;}
Global NewList listav.s()
;}
Procedure.s zipfile(fn.s)
Protected path7zip.s, OutputAnsi.s, CmdLine$, s.s, *cmd
Protected namezipfile$, password.s,cp.s,typ.s
;
s=LCase(GetExtensionPart(fn))
If s="zip"
ProcedureReturn
EndIf
;
If fn=""
ProcedureReturn
EndIf
;
CompilerIf #PB_Compiler_Processor=#PB_Processor_x86
path7zip=GetPathPart(ProgramFilename())+"7-zip32.dll"
CompilerElse
path7zip=GetPathPart(ProgramFilename())+"7-zip64.dll"
CompilerEndIf
;
If OpenLibrary(0, Path7Zip)
typ="zip"
namezipfile$=GetPathPart(fn)+GetFilePart(fn,#PB_FileSystem_NoExtension)+".zip"
password="infected"
cp="-mx9"
CmdLine$ = "a -t"+typ+" "+cp+" -p"+password+" -ir!" + #DQUOTE$ + fn + #DQUOTE$ + " " + #DQUOTE$ + namezipfile$+ #DQUOTE$
;
OutputAnsi = Space(1024)
*cmd=Ascii(cmdline$)
CallFunction(0,"SevenZip",WindowID(#Window_0),*cmd,@OutputAnsi,1024)
FreeMemory(*cmd)
;
s=GetPathPart(fn)+GetFilePart(fn,#PB_FileSystem_NoExtension)+".zip"
If FileSize(s)<>-1
SetGadgetText(#String_file,s)
EndIf
s=PeekS(@OutputAnsi,-1,#PB_Ascii)
MessageRequester("FPSubmit",s,#PB_MessageRequester_Info)
;
CloseLibrary(0)
EndIf
EndProcedure
Procedure mail()
Protected progress, result, body.s
Protected mail.s,smtp.s,port,user.s,pw.s, file.s
;
mail=GetGadgetText(#String_mail)
body=GetGadgetText(#String_mes)
smtp=GetGadgetText(#String_smtp)
port=Val(GetGadgetText(#String_port))
user=GetGadgetText(#String_user)
pw=GetGadgetText(#String_pw)
file=GetGadgetText(#String_file)
;
If mail="" Or body="" Or smtp="" Or port=0 Or user="" Or pw="" Or file=""
MessageRequester("FPSubmit","Missing parameter : cant send sample !",#PB_MessageRequester_Error)
ProcedureReturn
EndIf
;
If LCase(GetExtensionPart(file))<>"zip"
MessageRequester("FPSubmit","Send only zip file !",#PB_MessageRequester_Error)
ProcedureReturn
EndIf
;
If CreateMail(0, mail, "Suspicious File Submission")
SetMailBody(0,body)
;
If AddMailAttachment(0,"Sample file",file,"application/zip")=0
MessageRequester("FPSubmit","File not find !",#PB_MessageRequester_Error)
FreeMail(0)
ProcedureReturn
EndIf
;
ForEach listav()
AddMailRecipient(0, listav(), #PB_Mail_To)
Next
; Set the SMTP server to use
;
If port=465
Result = SendMail(0, smtp, port,#PB_Mail_Asynchronous|#PB_Mail_UseSSL, user, pw)
Else
Result = SendMail(0, smtp, port,#PB_Mail_Asynchronous)
EndIf
;
Repeat
Progress = MailProgress(0)
Delay(300)
Until Progress = #PB_Mail_Finished Or Progress = #PB_Mail_Error
If Progress = #PB_Mail_Finished
MessageRequester("FPSubmit", "Mail correctly sent !",#PB_MessageRequester_Info)
Else
MessageRequester("FPSubmit", "Can't sent the mail !",#PB_MessageRequester_Error)
EndIf
FreeMail(0)
EndIf
EndProcedure
Procedure saveini()
Protected fnme.s
fnme=GetPathPart(ProgramFilename())+GetFilePart(ProgramFilename(),#PB_FileSystem_NoExtension)+".ini"
If FileSize(fnme)=-1
CreatePreferences(fnme)
Else
OpenPreferences(fnme)
EndIf
;
If GetWindowState(#Window_0)<> #PB_Window_Normal
SetWindowState(#Window_0,#PB_Window_Normal)
EndIf
PreferenceGroup("window")
WritePreferenceInteger("top",WindowX(#window_0))
WritePreferenceInteger("left",WindowY(#window_0))
;
PreferenceGroup("user")
WritePreferenceString("username",GetGadgetText(#String_user))
WritePreferenceString("pw",GetGadgetText(#String_pw))
WritePreferenceString("mail",GetGadgetText(#String_mail))
WritePreferenceString("smtp",GetGadgetText(#String_smtp))
WritePreferenceString("port",GetGadgetText(#String_port))
;
ClosePreferences()
EndProcedure
Procedure loadini()
Protected fnme.s,x.i,y.i,z.s
fnme=GetPathPart(ProgramFilename())+GetFilePart(ProgramFilename(),#PB_FileSystem_NoExtension)+".ini"
;
OpenPreferences(fnme)
;
PreferenceGroup("window")
x=ReadPreferenceInteger("top",-1)
y=ReadPreferenceInteger("left",-1)
If x<>-1 Or y<>-1
ResizeWindow(#window_0,x,y,#PB_Ignore,#PB_Ignore)
EndIf
;
PreferenceGroup("user")
z=ReadPreferenceString("username","")
If z<>""
SetGadgetText(#String_user,z)
EndIf
z=ReadPreferenceString("pw","")
If z<>""
SetGadgetText(#String_pw,z)
EndIf
z=ReadPreferenceString("mail","")
If z<>""
SetGadgetText(#String_mail,z)
EndIf
z=ReadPreferenceString("smtp","")
If z<>""
SetGadgetText(#String_smtp,z)
EndIf
;
z=ReadPreferenceString("port","")
If z<>""
SetGadgetText(#String_port,z)
EndIf
;
ClosePreferences()
;
HideWindow(#window_0,0)
EndProcedure
Procedure selfile()
Protected slf.s,filtre.s
Static fdef.s
Filtre = "Exe (*.exe)|*.exe|All files (*.*)|*.*"
If fdef=""
fdef=GetPathPart(ProgramFilename())
EndIf
slf= OpenFileRequester("Select file", fdef, Filtre, 0)
If slf<>""
fdef=GetPathPart(slf)
SetGadgetText(#String_file,slf)
EndIf
EndProcedure
Procedure sizew()
Protected x,y
x=WindowWidth(#Window_0)
y=WindowHeight(#Window_0)
ResizeGadget(#Frame3d_3,#PB_Ignore,#PB_Ignore,x-100,#PB_Ignore)
ResizeGadget(#String_mail,#PB_Ignore,#PB_Ignore,x-120,#PB_Ignore)
ResizeGadget(#Frame3d_10,#PB_Ignore,#PB_Ignore,x-15,#PB_Ignore)
ResizeGadget(#String_file,#PB_Ignore,#PB_Ignore,x-110,#PB_Ignore)
ResizeGadget(#Button_filesel,x-80,#PB_Ignore,#PB_Ignore,#PB_Ignore)
ResizeGadget(#button_zip,x-45,#PB_Ignore,#PB_Ignore,#PB_Ignore)
ResizeGadget(#Frame3d_8,#PB_Ignore,#PB_Ignore,x-15,y-300)
ResizeGadget(#String_mes,#PB_Ignore,#PB_Ignore,x-30,y-325)
ResizeGadget(#button_send,#PB_Ignore,y-70,#PB_Ignore,#PB_Ignore)
EndProcedure
Procedure closew()
If GetWindowState(#Window_0)=#PB_Window_Minimize
PostEvent(#PB_Event_CloseWindow)
EndIf
EndProcedure
Procedure OpenWindow_Window_0()
Protected s.s
If OpenWindow(#Window_0, 421, 192, 400, 450, "FPSubmit 1.0", #PB_Window_SystemMenu|#PB_Window_SizeGadget|#PB_Window_MinimizeGadget|#PB_Window_TitleBar|#PB_Window_ScreenCentered|#PB_Window_Invisible)
If CreateImageMenu(#Menu_Window_0, WindowID(#Window_0),#PB_Menu_ModernLook)
MenuTitle("&Options")
MenuItem(#Menu_Window_0_Infos, "&Infos")
MenuBar()
MenuItem(#Menu_Window_0_Quitter, "&Quit")
EndIf
If CreateStatusBar(#StatusBar_Window_0, WindowID(#Window_0))
AddStatusBarField(100)
EndIf
FrameGadget(#Frame3D_0, 5, 15, 180, 45, "Login")
StringGadget(#String_user, 15, 32, 160, 22, "")
FrameGadget(#Frame3D_2, 190, 15, 200, 45, "Password")
StringGadget(#String_pw, 200, 32, 140, 22, "", #PB_String_Password)
ButtonGadget(#button_view, 350, 30, 30, 25, "^",#PB_Button_Toggle )
GadgetToolTip(#button_view,"Show password")
FrameGadget(#Frame3D_3, 5, 60, 300, 45, "Sender Mail")
StringGadget(#String_mail, 15, 78, 280, 22, "")
FrameGadget(#Frame3D_4, 5, 115, 260, 45, "SMTP")
StringGadget(#String_smtp, 15, 130, 240, 22, "")
FrameGadget(#Frame3D_6, 280, 115, 110, 45, "Port")
StringGadget(#String_port, 290, 130, 90, 22, "", #PB_String_Numeric )
FrameGadget(#Frame3D_8, 5, 220, 385, 155, "Message")
StringGadget(#String_mes, 15, 240, 370, 125, "", #ES_MULTILINE|#WS_VSCROLL|#WS_HSCROLL|#ES_AUTOVSCROLL)
s="The sample is in a password protected ZIP file."+#CRLF$+"The password for the attachment is : infected."+#CRLF$+"This file is FALSE positive !"+#CRLF$+"Sample sender by FPSubmit"
SetGadgetText(#String_mes,s)
FrameGadget(#Frame3D_10, 5, 165, 385, 45, "File to submit")
StringGadget(#String_file, 15, 182, 290, 22, "")
EnableGadgetDrop(#String_file,#PB_Drop_Files, #PB_Drag_Copy)
ButtonGadget(#Button_filesel, 320, 180, 30, 25, "...")
GadgetToolTip(#Button_filesel,"File selector")
ButtonGadget(#Button_zip, 355, 180, 30, 25, "ZIP")
GadgetToolTip(#Button_zip,"Zip file")
ButtonGadget(#button_send, 15, 380, 100, 25, "Submit File")
GadgetToolTip(#Button_send,"Send mail")
;
WindowBounds(#Window_0,400,440,#PB_Ignore,#PB_Ignore)
BindEvent(#PB_Event_SizeWindow,@sizew())
BindEvent(#PB_Event_CloseWindow,@closew())
EndIf
EndProcedure
Procedure readadd()
If ReadFile(0, "avlist.txt")
While Eof(0) = 0
AddElement(listav())
listav()=ReadString(0)
Wend
CloseFile(0)
StatusBarText(#StatusBar_Window_0,0,"AV list : "+Str(ListSize(listav())),#PB_StatusBar_Center)
Else
MessageRequester("FPSubmit","File avlist.txt missing !",#PB_MessageRequester_Error)
DisableGadget(#button_send,#True)
EndIf
;
EndProcedure
;- begin loop
Define s.s
OpenWindow_Window_0()
loadini()
readadd()
;
CompilerIf #PB_Compiler_Processor=#PB_Processor_x86
s=GetPathPart(ProgramFilename())+"7-zip32.dll"
CompilerElse
s=GetPathPart(ProgramFilename())+"7-zip64.dll"
CompilerEndIf
If FileSize(s)=-1
DisableGadget(#button_zip,#True)
EndIf
;
;{- Event loop
Repeat
Select WaitWindowEvent()
; ///////////////////
Case #PB_Event_GadgetDrop
If EventDropType()=#PB_Drop_Files
SetGadgetText(#String_file,StringField(EventDropFiles(),1,Chr(10)))
EndIf
Case #PB_Event_Gadget
Select EventGadget()
Case #button_send
mail()
Case #Button_filesel
selfile()
Case #button_zip
zipfile(GetGadgetText(#String_file))
Case #button_view
StringGadget(#String_pw, 200, 32, 140, 22, GetGadgetText(#String_pw),#PB_String_Password-GetGadgetState(#button_view)<<5)
EndSelect
; ////////////////////////
Case #PB_Event_Menu
Select EventMenu()
Case #menu_window_0_infos
s="FP Submit "+#pb_editor_fileversion
CompilerIf #PB_Compiler_Processor= #PB_Processor_x64
s+" - x64"
CompilerElse
s+" - x86"
CompilerEndIf
s+" - PB :"+#PB_Compiler_Version
s+#CRLF$+"False positive sample submit"+#CRLF$
s+#CRLF$+"by DrGolf @"+Year(Date())+#CRLF$
s+#CRLF$+"FREEWare"
MessageRequester("FPSubmit",s,#MB_ICONINFORMATION)
Case #menu_window_0_quitter
PostEvent(#PB_Event_CloseWindow)
EndSelect
;
Case #PB_Event_CloseWindow
Select EventWindow()
Case #Window_0
FreeList(listav())
saveini()
CloseWindow(#Window_0)
Break
EndSelect
EndSelect
ForEver
;
;}
- v3sos@ahnlab.com
virus@avast.com
virus@avira.com
virus_submission@bitdefender.com
samples@bluepointsecurity.com
malwaresubmit@avlab.comodo.com
vms@drweb.com
malware@emcosoftware.com
submit@emsisoft.com
virus@esafe.com
samples@escanav.com
submitvirus@fortinet.com
research@spy-emergency.com
viruslab@f-prot.com
labs@fsb-antivirus.com
vsamples@f-secure.com
samples@ikarus.at
submit@samples.immunet.com
newvirus@kaspersky.com
support@jiangmin.com
research@lavasoft.com
virus_research@avertlabs.com
virus@micropoint.com.cn
avsubmit@submit.microsoft.com
virus@nanoav.ru
samples@eset.com
support@noralabs.com
support@norman.com
virus_info@inca.co.kr
virus@pandasecurity.com
psafe@psafe.com
kefu@360.cn
support@rubus.co.in
newvirus@s-cop.com
samples@sophos.com
detections@spybot.info
vlab@srnmicro.com
avsubmit@symantec.com
virus@hacksoft.com.pe
virus@thirtyseven4.com
virus@ca.com
submit@trojanhunter.com
support@simplysup.com
virus@filseclab.com
malware-cruncher@sunbelt-software.com
viruslab@hauri.co.kr
newvirus@anti-virus.by
virus@zillya.com
huangruimin@kingsoft.com
pomoc@mks.com.pl
support@aegislab.com
viruslab@quickheal.com
trojans@agnitum.com
bav@baidu.com
bkav@bkav.com.vn
huangruimin@kingsoft.com
samples@mysecuritywin.com
