68 lines
1.4 KiB
Ruby
68 lines
1.4 KiB
Ruby
require 'FileUtils'
|
|
require_relative 'searchUtil'
|
|
|
|
|
|
class Cryptowallfinder
|
|
|
|
attr_accessor :outputFile, :path
|
|
|
|
@search = Searchutil.new
|
|
|
|
def infectedFiles(decryptFile)
|
|
infectedPath = File.dirname("#{decryptFile}")
|
|
infectedFiles = Dir["#{infectedPath}/*.*"]
|
|
return infectedFiles
|
|
end
|
|
|
|
def infectedFileExpandedPath(file)
|
|
infectedFileExpandedPath = File.expand_path(file.to_s)
|
|
return infectedFileExpandedPath
|
|
end
|
|
|
|
def decryptFiles(path)
|
|
decryptFiles = Dir["#{path}/**/DECRYPT_INSTRUCTION.TXT"]
|
|
return decryptFiles
|
|
end
|
|
|
|
def writeMyFile(whatToWrite)
|
|
if !isDecryptInstructions(whatToWrite) && !isTorInstructions(whatToWrite)
|
|
whatToWrite = infectedFileExpandedPath(whatToWrite)
|
|
whatToWrite = whatToWrite.gsub("/","\\")
|
|
@openFile = self.outputFile.open
|
|
@openFile.puts(whatToWrite)
|
|
@openFile.close
|
|
end
|
|
end
|
|
|
|
def deleteInstructions(file)
|
|
if isTorInstructions(file) or isDecryptInstructions(file)
|
|
FileUtils.rm(File.expand_path(file.to_s))
|
|
end
|
|
end
|
|
|
|
def isTorInstructions(file)
|
|
if file.include? "TOR"
|
|
return true
|
|
else
|
|
return false
|
|
end
|
|
end
|
|
|
|
def isDecryptInstructions(file)
|
|
if file.include? "DECRYPT"
|
|
return true
|
|
else
|
|
return false
|
|
end
|
|
end
|
|
|
|
def findInfectedFiles
|
|
decryptFiles(self.path).each do |f|
|
|
infectedFiles(f).each do |returnedFiles|
|
|
writeMyFile(returnedFiles)
|
|
deleteInstructions(returnedFiles)
|
|
end
|
|
end
|
|
|
|
end
|
|
end |