Extract Collected Samples, and Show Statistics

[rothoma2]

Can we look if the API for Malware Bazaar and other Backends gives us any control, on the extension files we collect?

For example when I unzip all samples, I get a list of files like this.

-rw-r--r-- 1 robert robert 310272 Sep 25 04:32 f008899dac52a14491523f997279392bfe562bcd17aa478313e1b627e43d682d.exe
-rw-r--r-- 1 robert robert 413224 Sep 25 04:32 f083e21b36dd20620436ee2fa9a7f8f98dd7ca182ed5e1cd19d05455a0b4ab68.exe
-rw-r--r-- 1 robert robert 747952 Sep 25 04:33 f3243a385c52c660c7c590a7ef77324199c3ccdd8fb70ed3292028afc2583c82.rar
-rw-r--r-- 1 robert robert 2043904 Sep 25 04:32 f5a2e5a6ece95c0a197bc2273fee3e32d165d925a60a742f9a2299228345ff10.exe
-rw-r--r-- 1 robert robert 722944 Sep 25 04:33 f8bfbbc7c1156606fba8fb13003d71ac8273a9ec621e4cce0ad5b3f32fc41b42.xls
-rw-r--r-- 1 robert robert 329783 Sep 25 04:32 fc80cb0479aa75176137ece45d778fb4631b7aaaf294e9bd2640b56c686643bb.ps1

It would be nice if I could have a flag to indicate I only want to collect .exe samples, or ps1 samples, or .xls samples.

Alternatively if that is not possible, we could do the following:

• After download, read with a zip library open all the files, and collect the file extensions.
• print a summary table using tabulate or another library, the extensions of the libraries downloaded.
• As an option, if the user specified a flag, delete all other samples that are not of that file extension.