These Python scripts were created to automatically check if multiple apks are malicious by uploading them on the VirusTotal website.This requires two steps: 1) upload them (upload_apks.py), and 2) check the reports (retrieve_reports.py).

To upload the apks the former script requires a csv that contains the names of the apks together with their MD5s (VirusTotal identifies apks through their MD5). In our case it's md5sums.csv --- hardcoded (doh! :-P). You also need to have the apks in the same directory. The same csv can be used to retrieve the results by the latter script.

In addition, to perform massive requests from VirusTotal you need to register and get a Publik API key which you must provide as an argument in all the scripts.

The script "check_apk.py" can be used to check the results for one given apk. Usage:

check_apk.py vercoop.bautifulch.app-116.apk your_API_key

Note that VirusTotal does not accept upload requests (via its Public API) for large apks (> 32 MB). In such cases we register which files were not uploaded in another .csv file (large_ones_not_up.csv).

Finally, we use the formdata script that encodes multipart form data to upload files via POST requests, and it was obtaind from here.