Ejemplo n.º 1
0
# PEframe is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with PEframe. If not, see <http://www.gnu.org/licenses/>.
# ----------------------------------------------------------------------

import os
import pefile
import peutils
from peframe import get_data


# Load PEID userdb.txt database
fn_userdb 	= get_data('userdb.txt')

def get(pe):
	signatures = peutils.SignatureDatabase(fn_userdb)
	matches = signatures.match_all(pe,ep_only = True)
	array = []
	if matches:
		for item in matches:
			# remove duplicate
			if item[0] not in array:
				array.append(item[0])

	return array

Ejemplo n.º 2
0
# along with PEframe. If not, see <http://www.gnu.org/licenses/>.
# ----------------------------------------------------------------------

import os
import loadfile
from peframe import get_data

try:
	import pefile
	import peutils
except ImportError:
	print 'Error: import pefile or peutils modules failed.'
	exit(0)

# Load array by file antidbg.txt - Suspicious Functions Anti Debug
antidbgs	= loadfile.get_apilist(get_data('antidbg.txt'))

def get(pe):
	array = []
	DEI   = hasattr(pe, 'DIRECTORY_ENTRY_IMPORT')
	if DEI:
		for lib in pe.DIRECTORY_ENTRY_IMPORT:
			for imp in lib.imports:
				for antidbg in antidbgs:
					if antidbg:
						if str(imp.name).startswith(antidbg):
							array.append(imp.name)
							
		return sorted(set(array))

Ejemplo n.º 3
0
# along with PEframe. If not, see <http://www.gnu.org/licenses/>.
# ----------------------------------------------------------------------

import os
import loadfile
from peframe import get_data

try:
    import pefile
    import peutils
except ImportError:
    print 'Error: import pefile or peutils modules failed.'
    exit(0)

# Load array by file antidbg.txt - Suspicious Functions Anti Debug
antidbgs = loadfile.get_apilist(get_data('antidbg.txt'))


def get(pe):
    array = []
    DEI = hasattr(pe, 'DIRECTORY_ENTRY_IMPORT')
    if DEI:
        for lib in pe.DIRECTORY_ENTRY_IMPORT:
            for imp in lib.imports:
                for antidbg in antidbgs:
                    if antidbg:
                        if str(imp.name).startswith(antidbg):
                            array.append(imp.name)

        return sorted(set(array))
Ejemplo n.º 4
0
#
# You should have received a copy of the GNU General Public License
# along with PEframe. If not, see <http://www.gnu.org/licenses/>.
# ----------------------------------------------------------------------

import os
import loadfile
from peframe import get_data

try:
	import pefile
	import peutils
except ImportError:
	print 'Error: import pefile or peutils modules failed.'
	exit(0)

# Load array by file alerts.txt
alerts 		= loadfile.get(get_data('alerts.txt'))

def get(pe):
	apialert_found = []
	if hasattr(pe, 'DIRECTORY_ENTRY_IMPORT'):
		for lib in pe.DIRECTORY_ENTRY_IMPORT:
			for imp in lib.imports:
				for alert in alerts:
					if alert: # remove 'null'
						if str(imp.name).startswith(alert):
							apialert_found.append(imp.name)

	return sorted(set(apialert_found))
Ejemplo n.º 5
0
#
# PEframe is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with PEframe. If not, see <http://www.gnu.org/licenses/>.
# ----------------------------------------------------------------------

import os
import pefile
import peutils
from peframe import get_data

# Load PEID userdb.txt database
fn_userdb = get_data('userdb.txt')


def get(pe):
    signatures = peutils.SignatureDatabase(fn_userdb)
    matches = signatures.match_all(pe, ep_only=True)
    array = []
    if matches:
        for item in matches:
            # remove duplicate
            if item[0] not in array:
                array.append(item[0])

    return array