VT_Analyzer.py

#!/usr/bin/env python3

import os
import json

# Print the sha1 value of the file that is not considered safe, in this case it will be deleted.
def analyze():
    file_path = os.path.expanduser("~/Desktop/Thesis/Malware-Early-Detection/VT_Reports.json")
    
    samples_path = "/media/cape/NewSamples/Thesis/Real_Safe_"

    with open(file_path, 'r') as file:
        json_text = file.read()

        data = json.loads(json_text)

    sha1_values = []

    for object in data:
        stats = (object['data']['attributes']['stats'])
        if is_sus_greater(stats):
            sha1_values.append(object['meta']['file_info']['sha1'])

    for sample in os.listdir(samples_path):
        if get_sha1(os.path.join(samples_path, sample)) in sha1_values:
            try:
                print(f"Removing {sample} because it can't be considered safe.")
                os.remove(os.path.join(samples_path, sample))
            except Exception as ex:
                print(str(ex))


# Returns true if the value of suspicious activities detected are 5% more than safe activities detected.
def is_sus_greater(stats):
    THRESHOLD = 5
    safe_value = stats.get('undetected', 0) + stats.get('harmless', 0)
    sus_value = stats.get('suspicious', 0) + stats.get('malicious', 0)
    return sus_value > (THRESHOLD / 100) * safe_value

if __name__ == "__main__":
    analyze()