#!/bin/bash
DSTDIR=/sdb1
rm -f ${DSTDIR}/check_ransomware.txt
for i in $(find ${DSTDIR} -type f -name "*.zip")
do
retval=$(xxd -u -l 32 "$i" | grep "9B7A 3800 0000 0000")
echo $i
if [[ -n $retval ]]
then
rm -f $i
echo "DELETED: $i" >> ${DSTDIR}/check_ransomware.txt
fi
if [ -f "/break.txt" ]
then
exit 1
fi
done