shadowbrokers-exploits/windows/Resources/Ep/Scripts/PSP/nod32.eps

99 lines
2.5 KiB
PostScript
Raw Normal View History

@include "PSPHelpers.epm";
@include "PerlFunctions.epm";
string $version;
string $versionnumber;
echo "Starting Nod32 configuration change check";
@echo off;
@record on;
if(`log processlist`) {
int $ids = GetCmdData("id");
string $names = GetCmdData("name");
int $i=0;
while ($i < sizeof($ids)) {
if($names[$i] == "nod32krn.exe" || $names[$i] == "nod32kui.exe") {
echo "Current Version: ESET Nod32 Anti Virus 2.7";
$version = "Anti Virus 2.7";
break;
}
if($names[$i] == "ekrn.exe" || $names[$i] == "egui.exe") {
$version = "Anti Virus 3.0";
break;
}
$i++;
}
}
if($version == "Anti Virus 3.0"){
if(`regquery -hive L -subkey "software\\eset\\eset security\\currentversion\\info" -value productname`) {
string $value = getCmdData("value_data");
if($value == "ESET Smart Security"){
$version = "Smart Security 3.0";
# echo "Current Version: ESET Nod32 Smart Security";
}else if($value == "ESET NOD32 Antivirus") {
# echo "Current Version: ESET Nod32 Anti Virus ";
}else {
$version = "UNKNOWN";
}
if(`regquery -hive L -subkey "software\\eset\\eset security\\currentversion\\info" -value productversion`) {
string $versionnumber = getCmdData("value_data");
echo "Version: $value $versionnumber";
}
}
}
if($version == "Anti Virus 2.7" || $version == "Anti Virus 3.0" || $version == "Smart Security 3.0") {
nod($version);
}else {
echo "Current Version: Unknown!";
# We don't know what it is lets default to safe mode
safety();
if (prompt "Pulling ESET registry information?") {
`background regquery -hive L -subkey "software\\eset" -recursive`;
} else {
echo "Please reconsider so we can fingerprint this...";
}
}
sub safety() {
SetEnv("NOPROCINFO", "TRUE");
}
sub nod(IN string $version) {
@record on;
#The struct is defined in PSPHelpers.epm
metaData @metaData;
#initialize the struct
init(@metaData);
if(@metaData.$history){
if(checkConfig("nod32:$version",@metaData)){
echo "\r\rNo change in PSP configs.\r\r";
}else{
echo "\r\r!!!Changed PSP configs since last time!!!\r\r";
}
}
echo "Writing PSP Metadata information to pspInformation.txt";
# Don't have much to put here at the moment...
@metaData.$vendor = "ESET";
@metaData.$product = "NOD32";
@metaData.$version = $version;
@record off;
if(writeMetaData(@metaData)) {
echo "Wrote meta data to disk";
} else {
echo "ERROR: Could not write meta data to disk.";
}
# echo "Current Version: @metaData.$product (@metaData.$version)";
}