Ejemplo n.º 1
0
    def run(self, objfile):
        self.key = "Yara"
        self.score = 0
        rulepath = self.options.get("rulepath")
        results = []
        resultOrginalFile = commonutils.processYara(
            rulepath, filepath=objfile.file.temp_file)

        # Run YARA for unpacked file
        if objfile.unpacked_file:
            resultUnpackedFile = commonutils.processYara(
                rulepath,
                filepath=objfile.unpacked_file.temp_file,
                prefix="UnpackedFile")

            # Update Meta-description -> set marker UnpackedFile
            for res in resultUnpackedFile:
                desc = res.get("meta").get("description")
                desc = "UnpackedFile - %s" % desc
                res["meta"]["description"] = desc
                results.append(res)

        results = results + resultOrginalFile

        return results
Ejemplo n.º 2
0
 def run(self, objfile):
     self.key = "Yara"
     self.score = 0
     rulepath = self.options.get("rulepath")
     results = []
     resultOrginalFile = commonutils.processYara(rulepath, filepath=objfile.file.temp_file) 
     
     # Run YARA for unpacked file
     if objfile.unpacked_file:
         resultUnpackedFile = commonutils.processYara(rulepath, filepath=objfile.unpacked_file.temp_file, 
                                                      prefix="UnpackedFile") 
         
         # Update Meta-description -> set marker UnpackedFile
         for res in resultUnpackedFile:
             desc = res.get("meta").get("description")
             desc = "UnpackedFile - %s" % desc
             res["meta"]["description"] = desc
             results.append(res)
         
     results = results + resultOrginalFile  
         
     return results
Ejemplo n.º 3
0
    def __runYara(self, results):
        # Check Yara Support
        try:
            import yara
        except ImportError:
            return None

        yaraHits = commonutils.processYara(YARA_RULEPATH, data=str(results))

        # concatenate yarahits from sample file and result
        if results.get('Yara'):
            yaraHits = yaraHits + results['Yara']

        if yaraHits:
            yaraHits = {"Yara": yaraHits}

        return yaraHits
Ejemplo n.º 4
0
    def __runYara(self, results):
        # Check Yara Support
        try:
            import yara
        except ImportError:
            return None
        
        yaraHits = commonutils.processYara(YARA_RULEPATH, data=str(results))

        # concatenate yarahits from sample file and result
        if results.get('Yara'):
            yaraHits = yaraHits + results['Yara']
            
        if yaraHits:
            yaraHits = {"Yara" : yaraHits}
        
        return yaraHits