def prepare(self):
"""Prepare env for analysis."""
# Get SeDebugPrivilege for the Python process. It will be needed in
# order to perform the injections.
grant_debug_privilege()
# Create the folders used for storing the results.
create_folders()
# Initialize logging.
init_logging()
# Parse the analysis configuration file generated by the agent.
self.config = Config(cfg="analysis.conf")
# Initialize and start the Pipe Servers. This is going to be used for
# communicating with the injected and monitored processes.
for x in xrange(self.PIPE_SERVER_COUNT):
self.pipes[x] = PipeServer()
self.pipes[x].daemon = True
self.pipes[x].start()
# We update the target according to its category. If it's a file, then
# we store the path.
if self.config.category == "file":
self.target = os.path.join(os.environ["TEMP"] + os.sep,
self.config.file_name)
# If it's a URL, well.. we store the URL.
else:
self.target = self.config.target
def prepare(self):
"""Prepare env for analysis."""
# Get SeDebugPrivilege for the Python process. It will be needed in
# order to perform the injections.
grant_debug_privilege()
# Create the folders used for storing the results.
create_folders()
# Initialize logging.
init_logging()
# Parse the analysis configuration file generated by the agent.
self.config = Config(cfg="analysis.conf")
# Initialize and start the Pipe Servers. This is going to be used for
# communicating with the injected and monitored processes.
for x in xrange(self.PIPE_SERVER_COUNT):
self.pipes[x] = PipeServer()
self.pipes[x].daemon = True
self.pipes[x].start()
# We update the target according to its category. If it's a file, then
# we store the path.
if self.config.category == "file":
self.target = os.path.join(os.environ["TEMP"] + os.sep,
self.config.file_name)
# If it's a URL, well.. we store the URL.
else:
self.target = self.config.target
def prepare(self):
"""Prepare env for analysis."""
# Get SeDebugPrivilege for the Python process. It will be needed in
# order to perform the injections.
grant_debug_privilege()
# Initialize logging.
init_logging()
# Parse the analysis configuration file generated by the agent.
self.config = Config(cfg="analysis.conf")
# Pass the configuration through to the Process class.
Process.set_config(self.config)
# Set virtual machine clock.
set_clock(
datetime.datetime.strptime(self.config.clock, "%Y%m%dT%H:%M:%S"))
# Set the default DLL to be used for this analysis.
self.default_dll = self.config.options.get("dll")
# If a pipe name has not set, then generate a random one.
if "pipe" in self.config.options:
self.config.pipe = "\\\\.\\PIPE\\%s" % self.config.options["pipe"]
else:
self.config.pipe = "\\\\.\\PIPE\\%s" % random_string(16, 32)
# Generate a random name for the logging pipe server.
self.config.logpipe = "\\\\.\\PIPE\\%s" % random_string(16, 32)
# Initialize and start the Command Handler pipe server. This is going
# to be used for communicating with the monitored processes.
self.command_pipe = PipeServer(PipeDispatcher,
self.config.pipe,
message=True,
dispatcher=CommandPipeHandler(self))
self.command_pipe.daemon = True
self.command_pipe.start()
# Initialize and start the Log Pipe Server - the log pipe server will
# open up a pipe that monitored processes will use to send logs to
# before they head off to the host machine.
destination = self.config.ip, self.config.port
self.log_pipe_server = PipeServer(PipeForwarder,
self.config.logpipe,
destination=destination)
self.log_pipe_server.daemon = True
self.log_pipe_server.start()
# We update the target according to its category. If it's a file, then
# we store the target path.
if self.config.category == "file":
self.target = os.path.join(os.environ["TEMP"] + os.sep,
self.config.file_name)
# If it's a URL, well.. we store the URL.
else:
self.target = self.config.target
def prepare(self):
"""Prepare env for analysis."""
global DEFAULT_DLL
global SERVICES_PID
# Get SeDebugPrivilege for the Python process. It will be needed in
# order to perform the injections.
grant_debug_privilege()
# Create the folders used for storing the results.
create_folders()
add_protected_path(os.getcwd())
add_protected_path(PATHS["root"])
# Initialize logging.
init_logging()
# Parse the analysis configuration file generated by the agent.
self.config = Config(cfg="analysis.conf")
# Set virtual machine clock.
clock = datetime.strptime(self.config.clock, "%Y%m%dT%H:%M:%S")
# Setting date and time.
# NOTE: Windows system has only localized commands with date format
# following localization settings, so these commands for english date
# format cannot work in other localizations.
# In addition DATE and TIME commands are blocking if an incorrect
# syntax is provided, so an echo trick is used to bypass the input
# request and not block analysis.
thedate = clock.strftime("%m-%d-%y")
thetime = clock.strftime("%H:%M:%S")
os.system("echo:|date {0}".format(thedate))
os.system("echo:|time {0}".format(thetime))
log.info("Date set to: {0}, time set to: {1}".format(thedate, thetime))
# Set the default DLL to be used by the PipeHandler.
DEFAULT_DLL = self.config.get_options().get("dll")
# get PID for services.exe for monitoring services
SERVICES_PID = self.pid_from_process_name("services.exe")
# Initialize and start the Pipe Servers. This is going to be used for
# communicating with the injected and monitored processes.
for x in xrange(self.PIPE_SERVER_COUNT):
self.pipes[x] = PipeServer(self.config.get_options())
self.pipes[x].daemon = True
self.pipes[x].start()
# We update the target according to its category. If it's a file, then
# we store the path.
if self.config.category == "file":
self.target = os.path.join(os.environ["TEMP"] + os.sep,
str(self.config.file_name))
# If it's a URL, well.. we store the URL.
else:
self.target = self.config.target
def prepare(self):
"""Prepare env for analysis."""
# Get SeDebugPrivilege for the Python process. It will be needed in
# order to perform the injections.
grant_debug_privilege()
# Initialize logging.
init_logging()
# Parse the analysis configuration file generated by the agent.
self.config = Config(cfg="analysis.conf")
# Pass the configuration through to the Process class.
Process.set_config(self.config)
# Set virtual machine clock.
set_clock(datetime.datetime.strptime(
self.config.clock, "%Y%m%dT%H:%M:%S"
))
# Set the default DLL to be used for this analysis.
self.default_dll = self.config.options.get("dll")
# If a pipe name has not set, then generate a random one.
if "pipe" in self.config.options:
self.config.pipe = "\\\\.\\PIPE\\%s" % self.config.options["pipe"]
else:
self.config.pipe = "\\\\.\\PIPE\\%s" % random_string(16, 32)
# Generate a random name for the logging pipe server.
self.config.logpipe = "\\\\.\\PIPE\\%s" % random_string(16, 32)
# Initialize and start the Command Handler pipe server. This is going
# to be used for communicating with the monitored processes.
self.command_pipe = PipeServer(PipeDispatcher, self.config.pipe,
message=True,
dispatcher=CommandPipeHandler(self))
self.command_pipe.daemon = True
self.command_pipe.start()
# Initialize and start the Log Pipe Server - the log pipe server will
# open up a pipe that monitored processes will use to send logs to
# before they head off to the host machine.
destination = self.config.ip, self.config.port
self.log_pipe_server = PipeServer(PipeForwarder, self.config.logpipe,
destination=destination)
self.log_pipe_server.daemon = True
self.log_pipe_server.start()
# We update the target according to its category. If it's a file, then
# we store the target path.
if self.config.category == "file":
self.target = os.path.join(os.environ["TEMP"] + os.sep,
self.config.file_name)
# If it's a URL, well.. we store the URL.
else:
self.target = self.config.target
def prepare(self):
"""Prepare env for analysis."""
grant_debug_privilege()
create_folders()
init_logging()
self.config = Config(cfg=os.path.join(PATHS["root"], "analysis.conf"))
self.pipe = PipeServer()
self.pipe.daemon = True
self.pipe.start()
self.file_path = os.path.join(os.environ["SYSTEMDRIVE"] + os.sep, self.config.file_name)
def prepare(self):
"""Prepare env for analysis."""
grant_debug_privilege()
create_folders()
init_logging()
self.config = Config(cfg=os.path.join(PATHS["root"], "analysis.conf"))
self.pipe = PipeServer()
self.pipe.daemon = True
self.pipe.start()
self.file_path = os.path.join(os.environ["SYSTEMDRIVE"] + os.sep,
self.config.file_name)
def prepare(self):
"""Prepare env for analysis."""
global DEFAULT_DLL
global SERVICES_PID
global HIDE_PIDS
# Get SeDebugPrivilege for the Python process. It will be needed in
# order to perform the injections.
grant_debug_privilege()
# randomize cuckoomon DLL and loader executable names
copy("dll\\cuckoomon.dll", CUCKOOMON32_NAME)
copy("dll\\cuckoomon_x64.dll", CUCKOOMON64_NAME)
copy("bin\\loader.exe", LOADER32_NAME)
copy("bin\\loader_x64.exe", LOADER64_NAME)
# Create the folders used for storing the results.
create_folders()
add_protected_path(os.getcwd())
add_protected_path(PATHS["root"])
# Initialize logging.
init_logging()
# Parse the analysis configuration file generated by the agent.
self.config = Config(cfg="analysis.conf")
# Set virtual machine clock.
clock = datetime.strptime(self.config.clock, "%Y%m%dT%H:%M:%S")
# Setting date and time.
# NOTE: Windows system has only localized commands with date format
# following localization settings, so these commands for english date
# format cannot work in other localizations.
# In addition DATE and TIME commands are blocking if an incorrect
# syntax is provided, so an echo trick is used to bypass the input
# request and not block analysis.
thedate = clock.strftime("%m-%d-%y")
thetime = clock.strftime("%H:%M:%S")
os.system("echo:|date {0}".format(thedate))
os.system("echo:|time {0}".format(thetime))
log.info("Date set to: {0}, time set to: {1}".format(thedate, thetime))
# Set the default DLL to be used by the PipeHandler.
DEFAULT_DLL = self.config.get_options().get("dll")
# get PID for services.exe for monitoring services
svcpid = self.pids_from_process_name_list(["services.exe"])
if svcpid:
SERVICES_PID = svcpid[0]
protected_procname_list = [
"vmwareuser.exe",
"vmwareservice.exe",
"vboxservice.exe",
"vboxtray.exe",
"sandboxiedcomlaunch.exe",
"sandboxierpcss.exe",
"procmon.exe",
"regmon.exe",
"filemon.exe",
"wireshark.exe",
"netmon.exe",
"prl_tools_service.exe",
"prl_tools.exe",
"prl_cc.exe",
"sharedintapp.exe",
"vmtoolsd.exe",
"vmsrvc.exe",
"python.exe",
"perl.exe",
]
HIDE_PIDS = set(self.pids_from_process_name_list(protected_procname_list))
# Initialize and start the Pipe Servers. This is going to be used for
# communicating with the injected and monitored processes.
for x in xrange(self.PIPE_SERVER_COUNT):
self.pipes[x] = PipeServer(self.config)
self.pipes[x].daemon = True
self.pipes[x].start()
# We update the target according to its category. If it's a file, then
# we store the path.
if self.config.category == "file":
self.target = os.path.join(os.environ["TEMP"] + os.sep,
str(self.config.file_name))
# If it's a URL, well.. we store the URL.
else:
self.target = self.config.target
def prepare(self):
"""Prepare env for analysis."""
global DEFAULT_DLL
global SERVICES_PID
global HIDE_PIDS
# Get SeDebugPrivilege for the Python process. It will be needed in
# order to perform the injections.
grant_debug_privilege()
# randomize cuckoomon DLL and loader executable names
copy("dll\\cuckoomon.dll", CUCKOOMON32_NAME)
copy("dll\\cuckoomon_x64.dll", CUCKOOMON64_NAME)
copy("bin\\loader.exe", LOADER32_NAME)
copy("bin\\loader_x64.exe", LOADER64_NAME)
# Create the folders used for storing the results.
create_folders()
add_protected_path(os.getcwd())
add_protected_path(PATHS["root"])
# Initialize logging.
init_logging()
# Parse the analysis configuration file generated by the agent.
self.config = Config(cfg="analysis.conf")
# Set virtual machine clock.
clock = datetime.strptime(self.config.clock, "%Y%m%dT%H:%M:%S")
systime = SYSTEMTIME()
systime.wYear = clock.year
systime.wMonth = clock.month
systime.wDay = clock.day
systime.wHour = clock.hour
systime.wMinute = clock.minute
systime.wSecond = clock.second
systime.wMilliseconds = 0
KERNEL32.SetSystemTime(byref(systime))
thedate = clock.strftime("%m-%d-%y")
thetime = clock.strftime("%H:%M:%S")
log.info("Date set to: {0}, time set to: {1}".format(thedate, thetime))
# Set the default DLL to be used by the PipeHandler.
DEFAULT_DLL = self.config.get_options().get("dll")
# get PID for services.exe for monitoring services
svcpid = self.pids_from_process_name_list(["services.exe"])
if svcpid:
SERVICES_PID = svcpid[0]
protected_procname_list = [
"vmwareuser.exe",
"vmwareservice.exe",
"vboxservice.exe",
"vboxtray.exe",
"sandboxiedcomlaunch.exe",
"sandboxierpcss.exe",
"procmon.exe",
"regmon.exe",
"filemon.exe",
"wireshark.exe",
"netmon.exe",
"prl_tools_service.exe",
"prl_tools.exe",
"prl_cc.exe",
"sharedintapp.exe",
"vmtoolsd.exe",
"vmsrvc.exe",
"python.exe",
"perl.exe",
]
HIDE_PIDS = set(self.pids_from_process_name_list(protected_procname_list))
# Initialize and start the Pipe Servers. This is going to be used for
# communicating with the injected and monitored processes.
for x in xrange(self.PIPE_SERVER_COUNT):
self.pipes[x] = PipeServer(self.config)
self.pipes[x].daemon = True
self.pipes[x].start()
# We update the target according to its category. If it's a file, then
# we store the path.
if self.config.category == "file":
self.target = os.path.join(os.environ["TEMP"] + os.sep,
str(self.config.file_name))
# If it's a URL, well.. we store the URL.
else:
self.target = self.config.target
def prepare(self):
"""Prepare env for analysis."""
global DEFAULT_DLL
global SERVICES_PID
# Get SeDebugPrivilege for the Python process. It will be needed in
# order to perform the injections.
grant_debug_privilege()
# Create the folders used for storing the results.
create_folders()
add_protected_path(os.getcwd())
add_protected_path(PATHS["root"])
# Initialize logging.
init_logging()
# Parse the analysis configuration file generated by the agent.
self.config = Config(cfg="analysis.conf")
# Set virtual machine clock.
clock = datetime.strptime(self.config.clock, "%Y%m%dT%H:%M:%S")
# Setting date and time.
# NOTE: Windows system has only localized commands with date format
# following localization settings, so these commands for english date
# format cannot work in other localizations.
# In addition DATE and TIME commands are blocking if an incorrect
# syntax is provided, so an echo trick is used to bypass the input
# request and not block analysis.
os.system("echo:|date {0}".format(clock.strftime("%m-%d-%y")))
os.system("echo:|time {0}".format(clock.strftime("%H:%M:%S")))
# Set the default DLL to be used by the PipeHandler.
DEFAULT_DLL = self.config.get_options().get("dll")
# get PID for services.exe for monitoring services
# tasklist sometimes fails under high-load (http://support.microsoft.com/kb/2732840)
# We can retry a few times to hopefully work around failures
retries = 4
while retries > 0:
stdin, stdout, stderr = os.popen3("tasklist /V /FI \"IMAGENAME eq services.exe\"")
s = stdout.read()
err = stderr.read()
if 'services.exe' not in s:
log.warning('tasklist failed with error "%s"' % (err))
else:
# it worked
break
retries -= 1
if 'services.exe' not in s:
# All attempts failed
log.error('Unable to retreive services.exe PID')
SERVICES_PID = None
else:
servidx = s.index("services.exe")
servstr = s[servidx + 12:].strip()
SERVICES_PID = int(servstr[:servstr.index(' ')], 10)
log.debug('services.exe PID is %s' % (SERVICES_PID))
# Initialize and start the Pipe Servers. This is going to be used for
# communicating with the injected and monitored processes.
for x in xrange(self.PIPE_SERVER_COUNT):
self.pipes[x] = PipeServer()
self.pipes[x].daemon = True
self.pipes[x].start()
# We update the target according to its category. If it's a file, then
# we store the path.
if self.config.category == "file":
self.target = os.path.join(os.environ["TEMP"] + os.sep,
str(self.config.file_name))
# If it's a URL, well.. we store the URL.
else:
self.target = self.config.target
def prepare(self):
"""Prepare env for analysis."""
# Get SeDebugPrivilege for the Python process. It will be needed in
# order to perform the injections.
grant_debug_privilege()
# Create the folders used for storing the results.
create_folders()
# Initialize logging.
init_logging()
# Parse the analysis configuration file generated by the agent.
self.config = Config(cfg="analysis.conf")
# Pass the configuration through to the Process class.
Process.set_config(self.config)
# Set virtual machine clock.
clock = datetime.strptime(self.config.clock, "%Y%m%dT%H:%M:%S")
# Setting date and time.
# NOTE: Windows system has only localized commands with date format
# following localization settings, so these commands for english date
# format cannot work in other localizations.
# In addition DATE and TIME commands are blocking if an incorrect
# syntax is provided, so an echo trick is used to bypass the input
# request and not block analysis.
os.system("echo:|date {0}".format(clock.strftime("%m-%d-%y")))
os.system("echo:|time {0}".format(clock.strftime("%H:%M:%S")))
# Set the default DLL to be used for this analysis.
self.default_dll = self.config.options.get("dll")
# If a pipe name has not set, then generate a random one.
if "pipe" in self.config.options:
self.config.pipe = "\\\\.\\PIPE\\%s" % self.config.options["pipe"]
else:
self.config.pipe = "\\\\.\\PIPE\\%s" % random_string(16, 32)
# Generate a random name for the logging pipe server.
self.config.logpipe = "\\\\.\\PIPE\\%s" % random_string(16, 32)
# Initialize and start the Command Handler pipe server. This is going
# to be used for communicating with the monitored processes.
self.command_pipe = PipeServer(PipeDispatcher,
self.config.pipe,
message=True,
dispatcher=CommandPipeHandler(self))
self.command_pipe.daemon = True
self.command_pipe.start()
# Initialize and start the Log Pipe Server - the log pipe server will
# open up a pipe that monitored processes will use to send logs to
# before they head off to the host machine.
destination = self.config.ip, self.config.port
self.log_pipe_server = PipeServer(PipeForwarder,
self.config.logpipe,
destination=destination)
self.log_pipe_server.daemon = True
self.log_pipe_server.start()
# We update the target according to its category. If it's a file, then
# we store the target path.
if self.config.category == "file":
self.target = os.path.join(os.environ["TEMP"] + os.sep,
self.config.file_name)
# If it's a URL, well.. we store the URL.
else:
self.target = self.config.target
def prepare(self):
"""Prepare env for analysis."""
# Get SeDebugPrivilege for the Python process. It will be needed in
# order to perform the injections.
grant_debug_privilege()
# Initialize logging.
init_logging()
# Parse the analysis configuration file generated by the agent.
self.config = Config(cfg="analysis.conf")
# Pass the configuration through to the Process class.
Process.set_config(self.config)
# Set virtual machine clock.
clock = datetime.strptime(self.config.clock, "%Y%m%dT%H:%M:%S")
# Setting date and time.
# NOTE: Windows system has only localized commands with date format
# following localization settings, so these commands for english date
# format cannot work in other localizations.
# In addition DATE and TIME commands are blocking if an incorrect
# syntax is provided, so an echo trick is used to bypass the input
# request and not block analysis.
os.system("echo:|date {0}".format(clock.strftime("%m-%d-%y")))
os.system("echo:|time {0}".format(clock.strftime("%H:%M:%S")))
# Set the default DLL to be used for this analysis.
self.default_dll = self.config.options.get("dll")
# If a pipe name has not set, then generate a random one.
if "pipe" in self.config.options:
self.config.pipe = "\\\\.\\PIPE\\%s" % self.config.options["pipe"]
else:
self.config.pipe = "\\\\.\\PIPE\\%s" % random_string(16, 32)
# Generate a random name for the logging pipe server.
self.config.logpipe = "\\\\.\\PIPE\\%s" % random_string(16, 32)
# Initialize and start the Command Handler pipe server. This is going
# to be used for communicating with the monitored processes.
self.command_pipe = PipeServer(PipeDispatcher, self.config.pipe,
message=True,
dispatcher=CommandPipeHandler(self))
self.command_pipe.daemon = True
self.command_pipe.start()
# Initialize and start the Log Pipe Server - the log pipe server will
# open up a pipe that monitored processes will use to send logs to
# before they head off to the host machine.
destination = self.config.ip, self.config.port
self.log_pipe_server = PipeServer(PipeForwarder, self.config.logpipe,
destination=destination)
self.log_pipe_server.daemon = True
self.log_pipe_server.start()
# We update the target according to its category. If it's a file, then
# we store the target path.
if self.config.category == "file":
self.target = os.path.join(os.environ["TEMP"] + os.sep,
self.config.file_name)
# If it's a URL, well.. we store the URL.
else:
self.target = self.config.target
def prepare(self):
"""Prepare env for analysis."""
global DEFAULT_DLL
global SERVICES_PID
global HIDE_PIDS
# Get SeDebugPrivilege for the Python process. It will be needed in
# order to perform the injections.
grant_debug_privilege()
# randomize cuckoomon DLL and loader executable names
copy("dll\\cuckoomon.dll", CUCKOOMON32_NAME)
copy("dll\\cuckoomon_x64.dll", CUCKOOMON64_NAME)
copy("bin\\loader.exe", LOADER32_NAME)
copy("bin\\loader_x64.exe", LOADER64_NAME)
# Create the folders used for storing the results.
create_folders()
add_protected_path(os.getcwd())
add_protected_path(PATHS["root"])
# Initialize logging.
init_logging()
# Parse the analysis configuration file generated by the agent.
self.config = Config(cfg="analysis.conf")
# Set virtual machine clock.
clock = datetime.strptime(self.config.clock, "%Y%m%dT%H:%M:%S")
systime = SYSTEMTIME()
systime.wYear = clock.year
systime.wMonth = clock.month
systime.wDay = clock.day
systime.wHour = clock.hour
systime.wMinute = clock.minute
systime.wSecond = clock.second
systime.wMilliseconds = 0
KERNEL32.SetSystemTime(byref(systime))
thedate = clock.strftime("%m-%d-%y")
thetime = clock.strftime("%H:%M:%S")
log.info("Date set to: {0}, time set to: {1}".format(thedate, thetime))
# Set the default DLL to be used by the PipeHandler.
DEFAULT_DLL = self.config.get_options().get("dll")
# get PID for services.exe for monitoring services
svcpid = self.pids_from_process_name_list(["services.exe"])
if svcpid:
SERVICES_PID = svcpid[0]
protected_procname_list = [
"vmwareuser.exe",
"vmwareservice.exe",
"vboxservice.exe",
"vboxtray.exe",
"sandboxiedcomlaunch.exe",
"sandboxierpcss.exe",
"procmon.exe",
"regmon.exe",
"filemon.exe",
"wireshark.exe",
"netmon.exe",
"prl_tools_service.exe",
"prl_tools.exe",
"prl_cc.exe",
"sharedintapp.exe",
"vmtoolsd.exe",
"vmsrvc.exe",
"python.exe",
"perl.exe",
]
HIDE_PIDS = set(self.pids_from_process_name_list(protected_procname_list))
# Initialize and start the Pipe Servers. This is going to be used for
# communicating with the injected and monitored processes.
for x in xrange(self.PIPE_SERVER_COUNT):
self.pipes[x] = PipeServer(self.config)
self.pipes[x].daemon = True
self.pipes[x].start()
# We update the target according to its category. If it's a file, then
# we store the path.
if self.config.category == "file":
self.target = os.path.join(os.environ["TEMP"] + os.sep,
str(self.config.file_name))
# If it's a URL, well.. we store the URL.
else:
self.target = self.config.target
def prepare(self):
"""Prepare env for analysis."""
global DEFAULT_DLL
global SERVICES_PID
global HIDE_PIDS
# Get SeDebugPrivilege for the Python process. It will be needed in
# order to perform the injections.
grant_debug_privilege()
# randomize cuckoomon DLL and loader executable names
copy("dll\\cuckoomon.dll", CUCKOOMON32_NAME)
copy("dll\\cuckoomon_x64.dll", CUCKOOMON64_NAME)
copy("bin\\loader.exe", LOADER32_NAME)
copy("bin\\loader_x64.exe", LOADER64_NAME)
# Create the folders used for storing the results.
create_folders()
add_protected_path(os.getcwd())
add_protected_path(PATHS["root"])
# Initialize logging.
init_logging()
# Parse the analysis configuration file generated by the agent.
self.config = Config(cfg="analysis.conf")
# Set virtual machine clock.
clock = datetime.strptime(self.config.clock, "%Y%m%dT%H:%M:%S")
# Setting date and time.
# NOTE: Windows system has only localized commands with date format
# following localization settings, so these commands for english date
# format cannot work in other localizations.
# In addition DATE and TIME commands are blocking if an incorrect
# syntax is provided, so an echo trick is used to bypass the input
# request and not block analysis.
thedate = clock.strftime("%m-%d-%y")
thetime = clock.strftime("%H:%M:%S")
os.system("echo:|date {0}".format(thedate))
os.system("echo:|time {0}".format(thetime))
log.info("Date set to: {0}, time set to: {1}".format(thedate, thetime))
# Set the default DLL to be used by the PipeHandler.
DEFAULT_DLL = self.config.get_options().get("dll")
# get PID for services.exe for monitoring services
svcpid = self.pids_from_process_name_list(["services.exe"])
if svcpid:
SERVICES_PID = svcpid[0]
protected_procname_list = [
"vmwareuser.exe",
"vmwareservice.exe",
"vboxservice.exe",
"vboxtray.exe",
"sandboxiedcomlaunch.exe",
"sandboxierpcss.exe",
"procmon.exe",
"regmon.exe",
"filemon.exe",
"wireshark.exe",
"netmon.exe",
"prl_tools_service.exe",
"prl_tools.exe",
"prl_cc.exe",
"sharedintapp.exe",
"vmtoolsd.exe",
"vmsrvc.exe",
"python.exe",
"perl.exe",
]
HIDE_PIDS = set(self.pids_from_process_name_list(protected_procname_list))
# Initialize and start the Pipe Servers. This is going to be used for
# communicating with the injected and monitored processes.
for x in xrange(self.PIPE_SERVER_COUNT):
self.pipes[x] = PipeServer(self.config)
self.pipes[x].daemon = True
self.pipes[x].start()
# We update the target according to its category. If it's a file, then
# we store the path.
if self.config.category == "file":
self.target = os.path.join(os.environ["TEMP"] + os.sep,
str(self.config.file_name))
# If it's a URL, well.. we store the URL.
else:
self.target = self.config.target
