def create_spora_mutex():
"""
Creates a mutex just like the notorious Spora ransomware
This prevents the execution of known Spora variants
Based on Minerva's blog post:
https://www.minerva-labs.com/post/vaccinating-against-spora-ransomware-a-proof-of-concept-tool-by-minerva
"""
try:
vol_serial = int(subprocess.check_output(['cmd', '/c', 'vol'])[-11:-2].replace("-", ""), 16)
spora_mutex = 'm' + str(vol_serial)
_CreateMutex = ctypes.windll.kernel32.CreateMutexA
_CreateMutex.argtypes = [wintypes.LPCVOID, wintypes.BOOL, wintypes.LPCSTR]
_CreateMutex.restype = wintypes.HANDLE
ret = _CreateMutex(None, False, spora_mutex)
except Exception as e:
print "Got exception {0} while creating {1}".format(e, "Spora mutex")
评论列表
文章目录
