Lukket

Python search for Windows Executables

I NEED THIS IN 48 HOURS.

Create a tool to scan and detect malicious executables in Windows persistence mechanisms.

Some of these locations may not exist on certain systems.... the program should check if key exists before trying to read from it, and handle failures gracefully.

Some of these paths are Registry "folders" and some are Keys for "Key/Value" pairs

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\*\ImagePath

So each Key under HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\, if that key has a Key named key/value named ImagePath, then hash that target

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler (XP, NT, W2k only)

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

-------------------------------------------------------------------------------------------------

The goal is to scan and find the target .exe, .dll & .sys files and hash the files.

Then, we want to compare the the hashes from a source of malicious file hashes and alert if any match.

--- I think it makes sense on some of these, like "Shell" where it may be set to "[login to view URL]" with no path, to just check c:\windows\[login to view URL] and c:\windows\system32\[login to view URL] for the file, and otherwise report that file could not be found.

For testing, make sure to actually put a hash in your hash dataset that matches something to make sure it actually catches things.

Evner: Linux, Python, Windows Skrivebord

Se mere: add pip to path windows 10, install pip windows, python path windows, python find executable, where is python installed windows anaconda, where is python installed windows, add python to path windows 10, how to check if python is installed on windows 10, need report writer, things need modified, search engine optimization company need programmer, things need able videochat, dbus python search mac address bluetooth, need report written, simple python crawler windows, unpack packed windows executables, python search engine, python obex windows linux, python browser windows, regular expression java python search engine

Om arbejdsgiveren:
( 2 bedømmelser ) huntsville, United States

Projekt ID: #19308428

3 freelancere byder i gennemsnit $155 på dette job

TakaAlex

Hello Very interested in your project I can do it in 48 hours. Review my work on my profile Let's have a talk for more detail Thanks

$222 USD på 1 dag
(8 bedømmelser)
4.7
dany3j

hello Mr I can help you with this project. I have big experience with windows api and Python I also have experience search virus. let me help you with this project contact me by chat to get more information. best rega Flere

$133 USD in 2 dage
(9 bedømmelser)
3.6
rajattomar1301

Hey, I have prior experience in this type of program, can deliver in a day without any errors. I am just starting out here on freelancer but have more than 4 years of experience in coding using python.

$111 USD på 1 dag
(0 bedømmelser)
0.0