def analyze(self, data, parsed):
'''
start analyzing exe logic, add descriptions and get words and wordsstripped from array
'''
Streams = []
Parts = []
Mixed = []
Headers = []
data["EMAIL"] = deepcopy(self.datastruct)
f = data["FilesDumps"][data["Location"]["File"]]
message = message_from_bytes(f)
Headers = self.get_headers(data["EMAIL"]["General"], message)
self.get_content(data["EMAIL"], data["Location"]["File"])
Parts = self.get_content_multi(data, message)
if self.check_attachment_and_make_dir(data, message):
Streams = self.get_attachment(data, message)
else:
pass
Mixed = Streams + Parts + Headers
if len(Mixed) > 0:
get_words_multi_filesarray(
data, Mixed) #have to be bytes < will check this later on
else:
get_words(data, data["Location"]["File"])
parsed.type = "email"
def analyze(self, data):
'''
start analyzing pdf logic, get pdf objects,
get words and wordsstripped from buffers if streams exist
otherwise get words and wordsstripped from file
'''
_Streams = []
data["PDF"] = deepcopy(self.datastruct)
f = data["FilesDumps"][data["Location"]["File"]]
objlen, objs = self.get_object(f)
strlen, strs, _Streams = self.get_stream(f)
jslen, jslist = self.get_js(f)
jalen, jaslist = self.get_javascript(f)
oalen, oalist = self.get_openaction(f)
llen, llist = self.get_lunch(f)
ulen, ulist = self.get_uri(f)
alen, alist = self.get_action(f)
gtrlen, gtrlist = self.get_gotor(f)
rmlen, rmlist = self.get_richmedia(f)
aalen, aalist = self.get_aa(f)
data["PDF"]["Count"] = {
"Object": objlen,
"Stream": strlen,
"JS": jslen,
"Javascript": jalen,
"OpenAction": oalen,
"Launch": llen,
"URI": ulen,
"Action": alen,
"GoTo": gtrlen,
"RichMedia": rmlen,
"AA": aalen
}
data["PDF"]["Object"] = objs
data["PDF"]["JS"] = jslist
data["PDF"]["Javascript"] = jaslist
data["PDF"]["OpenAction"] = oalist
data["PDF"]["Launch"] = llist
data["PDF"]["URI"] = ulist
data["PDF"]["Action"] = alist
data["PDF"]["GoTo"] = gtrlist
data["PDF"]["RichMedia"] = rmlist
data["PDF"]["AA"] = aalist
data["PDF"]["Stream"] = strs
if len(_Streams) > 0:
get_words_multi_filesarray(data, _Streams)
else:
get_words(data, _Streams)
def analyze(self, data):
'''
start analyzing ole logic
'''
data["OLE"] = self.datastruct
f = data["FilesDumps"][data["Location"]["File"]]
self.get_general(data["OLE"]["General"], f)
data["OLE"]["Objects"], objects = self.get_streams(f)
data["OLE"]["Macro"] = self.extract_macros(data["Location"]["File"])
#data["OLE"]["Objects"],objects = self.get_objects(data,f)
if len(objects) > 0:
get_words_multi_filesarray(data, objects)
else:
get_words(data, data["Location"]["File"])
def analyze(self, data, parsed):
'''
start analyzing exe logic, add descriptions and get words and wordsstripped from array (need to implement from extract_msg.dev_classes import Message)
'''
streams = []
parts = []
mixed = []
headers = []
data["MSG"] = deepcopy(self.datastruct)
message = Message(data["Location"]["File"])
headers = self.get_headers(data["MSG"]["General"], message)
self.get_content(data["MSG"], message)
if self.check_attachment_and_make_dir(data, message):
streams = self.get_attachment(data, message)
else:
pass
mixed = streams + parts + headers
if len(mixed) > 0:
get_words_multi_filesarray(
data, mixed) # have to be bytes < will check this later on
else:
get_words(data, data["Location"]["File"])
parsed.type = "msg"