VirusTotal Threat Intelligence Analyzer

A Python tool that analyzes file hashes using VirusTotal's API and provides both basic threat summaries and AI-powered analysis using OpenAI GPT-4.

Features

• 🔍 VirusTotal Integration: Query file reports using SHA256 hashes
• 📊 Basic Threat Summary: Display detection rates, threat levels, and top detections
• 🤖 AI-Powered Analysis: Use GPT-4 to provide plain English threat intelligence summaries
• 🎯 Interactive Mode: Command-line interface for easy analysis
• 📋 Multiple Usage Options: Use as a library or standalone tool

Setup

1. Install Dependencies

pip install -r requirements.txt

2. Get API Keys

VirusTotal API Key

1. Go to VirusTotal
2. Create an account or sign in
3. Go to your profile and get your API key

OpenAI API Key (Optional - for AI analysis)

1. Go to OpenAI Platform
2. Create an account or sign in
3. Generate an API key

3. Set Environment Variables

# Required for VirusTotal
export VT_API_KEY="your_virustotal_api_key_here"

# Optional for AI analysis
export OPENAI_API_KEY="your_openai_api_key_here"

Windows (Command Prompt):

set VT_API_KEY=your_virustotal_api_key_here
set OPENAI_API_KEY=your_openai_api_key_here

Windows (PowerShell):

$env:VT_API_KEY="your_virustotal_api_key_here"
$env:OPENAI_API_KEY="your_openai_api_key_here"

Usage

Method 1: Interactive Mode (Recommended)

Run the script directly:

python main.py

This will start an interactive session where you can:

• Enter SHA256 hashes to analyze
• Get both basic and AI-powered summaries
• Exit with 'quit', 'exit', or 'q'

Method 2: As a Python Library

from main import get_file_report, print_threat_summary, summarize_with_gpt4, get_file_report_with_ai_summary

# Basic usage
file_hash = "your_sha256_hash_here"
result = get_file_report(file_hash)
print_threat_summary(result)

# AI-powered analysis
ai_summary = summarize_with_gpt4(result)
print(ai_summary)

# Or use the combined function
result = get_file_report_with_ai_summary(file_hash)

Method 3: Command Line with Hash

python -c "
from main import get_file_report_with_ai_summary
get_file_report_with_ai_summary('your_sha256_hash_here')
"

Example Output

🔍 VirusTotal Threat Intelligence Analyzer
==================================================

=== VirusTotal Threat Summary ===
📅 Scan Date: 2024-01-15 10:30:45
🔍 Detection Rate: 15/70 (21.4%)
🚨 Status: Medium Risk - Multiple detections

🔍 Top Detections:
  • Kaspersky: Trojan.Win32.Generic
  • Avast: Win32:Trojan-gen
  • Bitdefender: Trojan.Generic.123456
  • Malwarebytes: Trojan.Malware
  • Norton: Suspicious.Cloud.5

🔗 Full Report: https://www.virustotal.com/file/...

🤖 AI-Powered Threat Analysis:
========================================
This file shows a medium-risk threat profile with 15 out of 70 antivirus engines detecting it as malicious (21.4% detection rate). The threat appears to be a generic Trojan targeting Windows systems, as indicated by multiple major antivirus vendors detecting it as "Trojan.Win32.Generic" or similar variants.

**Severity Assessment:** Medium Risk
**Malware Family:** Generic Trojan
**Key Insights:** This is likely a polymorphic or generic trojan that may perform various malicious activities such as data theft, system compromise, or backdoor functionality.

**Recommended Actions:**
1. Quarantine the file immediately
2. Run a full system scan
3. Monitor for unusual network activity
4. Check for unauthorized system changes
========================================

Available Functions

get_file_report(file_hash)

• Purpose: Get raw VirusTotal report
• Returns: JSON response from VirusTotal API
• Requires: VT_API_KEY

print_threat_summary(vt_response)

• Purpose: Display formatted threat summary
• Input: VirusTotal API response
• Output: Printed summary to console

summarize_with_gpt4(vt_response)

• Purpose: Generate AI-powered threat analysis
• Input: VirusTotal API response
• Returns: Plain English summary
• Requires: OPENAI_API_KEY

get_file_report_with_ai_summary(file_hash)

• Purpose: Complete analysis with both basic and AI summaries
• Returns: VirusTotal API response
• Requires: VT_API_KEY (OPENAI_API_KEY optional)

Getting SHA256 Hashes

From a File (Linux/Mac):

sha256sum filename

From a File (Windows PowerShell):

Get-FileHash -Algorithm SHA256 filename

From a File (Windows Command Prompt):

certutil -hashfile filename SHA256

Error Handling

The tool includes comprehensive error handling for:

• Missing API keys
• Invalid file hashes
• Network connectivity issues
• API rate limiting
• Invalid responses

Rate Limits

• VirusTotal: 4 requests per minute for public API
• OpenAI: Depends on your plan (typically 3-10 requests per minute for GPT-4)

Troubleshooting

"VT_API_KEY environment variable is not set"

• Make sure you've set the environment variable correctly
• Restart your terminal after setting the variable

"OPENAI_API_KEY environment variable is not set"

• This is optional - the tool will work without AI analysis
• Set the variable if you want AI-powered summaries

"Failed to get file report from VirusTotal"

• Check your internet connection
• Verify your VirusTotal API key is correct
• Check if you've hit the rate limit

"Error generating GPT-4 summary"

• Verify your OpenAI API key is correct
• Check your OpenAI account balance
• Ensure you have access to GPT-4 model

License

This project is open source and available under the MIT License.