64 lines
1.3 KiB
Ruby
64 lines
1.3 KiB
Ruby
require_relative 'filesUtil'
|
|
|
|
|
|
class Cryptowallfinder
|
|
|
|
attr_accessor :outputFile, :path
|
|
|
|
def initialize
|
|
@filesUtil = Filesutil.new
|
|
end
|
|
|
|
def infectedFiles(decryptFile)
|
|
infectedPath = @filesUtil.getDirectoryNameByFile(decryptFile)
|
|
infectedFiles = @filesUtil.getAllFilesByPath(infectedPath)
|
|
return infectedFiles
|
|
end
|
|
|
|
def infectedFileExpandedPath(file)
|
|
return @filesUtil.getExpandedPathByFileName(file)
|
|
end
|
|
|
|
def decryptFiles(path)
|
|
return @filesUtil.findFilesByFileName(path,'DECRYPT_INSTRUCTION.txt')
|
|
end
|
|
|
|
def writeMyFile(whatToWrite)
|
|
if !isDecryptInstructions(whatToWrite) && !isTorInstructions(whatToWrite)
|
|
whatToWrite = infectedFileExpandedPath(whatToWrite)
|
|
self.outputFile.writeWindowsFilePath(whatToWrite)
|
|
end
|
|
end
|
|
|
|
def deleteInstructions(file)
|
|
if isTorInstructions(file) or isDecryptInstructions(file)
|
|
@filesUtil.removeFile(file)
|
|
end
|
|
end
|
|
|
|
def isTorInstructions(file)
|
|
if file.include? "TOR"
|
|
return true
|
|
else
|
|
return false
|
|
end
|
|
end
|
|
|
|
def isDecryptInstructions(file)
|
|
if file.include? "DECRYPT"
|
|
return true
|
|
else
|
|
return false
|
|
end
|
|
end
|
|
|
|
def findInfectedFiles
|
|
decryptFiles(self.path).each do |f|
|
|
infectedFiles(f).each do |returnedFiles|
|
|
writeMyFile(returnedFiles)
|
|
deleteInstructions(returnedFiles)
|
|
end
|
|
end
|
|
|
|
end
|
|
end |