def _get_start_command(self, extension, sample, file_path):
if extension == 'dll':
start_command = self.current_task.payload.get("start_command", self._get_dll_run_command(sample.content))
elif extension == 'exe':
start_command = 'start %f'
elif d_office.is_office_file(extension):
start_command = self._get_office_file_run_command(extension, file_path)
else:
self.log.error("Unknown file extension - %s", extension)
start_command = None
return start_command
def _get_start_command(self, extension, sample, file_path):
if extension == 'dll':
start_command = self.current_task.payload.get(
"start_command", self._get_dll_run_command(sample.content))
elif extension in ['exe', 'vbs']:
start_command = '%f'
elif d_office.is_office_file(extension):
start_command = self._get_office_file_run_command(
extension, file_path)
elif extension == 'ps1':
start_command = 'powershell.exe -executionpolicy bypass -File %f'
else:
self.log.error("Unknown file extension - %s", extension)
start_command = None
return start_command