def processFile(self, filename):
print "[+] Analyzing file %s" % filename
pyew = CPyew(batch=True)
pyew.deepcodeanalysis = self.deep
pyew.analysis_timeout = 0
pyew.loadFile(filename)
if pyew.format in ["PE", "ELF"]:
hash = sha256(pyew.getBuffer()).hexdigest()
self.data.append({hash:pyew})
else:
print "Not a PE/ELF file"
def processFile(self, filename):
#print "[+] Analyzing file %s" % filename
pyew = CPyew(batch=True)
pyew.deepcodeanalysis = self.deep
pyew.analysis_timeout = 0
pyew.loadFile(filename)
if pyew.format in ["PE", "ELF"]:
hash = sha256(pyew.getBuffer()).hexdigest()
self.data.append({hash: pyew})
else:
sys.stderr.writelines("Not a PE/ELF file")
sys.stderr.flush()
def processFile(self, filename):
sys.stderr.write("[+] Analyzing file %s\n" % filename)
sys.stderr.flush()
pyew = CPyew(batch=True)
pyew.deepcodeanalysis = self.deep
pyew.analysis_timeout = 0
pyew.loadFile(filename)
if pyew.format in ["PE", "ELF"]:
hash = sha256(pyew.getBuffer()).hexdigest()
self.data.append({hash:pyew})
else:
sys.stderr.writelines("Not a PE/ELF file")
sys.stderr.flush()
def analyse(self, path):
filename = path
t = time.time()
buf = open(filename, "rb").read()
sha1_hash = sha1(buf).hexdigest()
if self.file_exists(sha1_hash):
log("Already existing file %s..." % sha1_hash)
return ANALYSIS_ALREADY
pyew = CPyew(batch=True)
pyew.analysis_timeout = 300
pyew.codeanalysis = True
pyew.deepcodeanalysis = True
try:
pyew.loadFile(path)
load_error = False
except KeyboardInterrupt:
log("Abort")
return ANALYSIS_FAILED
except:
log("ERROR loading file %s" % path)
load_error = True
if not load_error:
if pyew.format not in ["PE", "ELF", "bootsector"]:
if pyew.format not in ["PDF", "OLE2"]:
log("Not a known executable/document format")
load_error = True
if load_error:
return ANALYSIS_FAILED
primes = []
total_functions = len(pyew.function_stats)
if not load_error and total_functions > 0:
nodes = []
edges = []
ccs = []
callgraph = 1
for x in pyew.function_stats:
nodes.append(pyew.function_stats[x][0])
edges.append(pyew.function_stats[x][1])
cc = pyew.function_stats[x][2]
ccs.append(cc)
prime = self.primes_table[cc]
callgraph *= prime
primes.append(prime)
avg_nodes = abs(sum(nodes) / total_functions)
avg_edges = abs(sum(edges) / total_functions)
avg_ccs = abs(sum(ccs) / total_functions)
elif load_error:
total_functions = avg_nodes = avg_edges = avg_ccs = -1
callgraph = -1
msg = "%d-%d-%d-%d" % (total_functions, avg_nodes, avg_edges, avg_ccs)
log("File analysed %s, callgraph signature %s" % (msg, callgraph))
log("Time to analyze %f" % (time.time() - t))
callgraph = str(callgraph)
primes = ",".join(map(str, primes))
desc = self.get_description(buf)
self.db.insert("samples", filename=filename, callgraph=callgraph, \
hash=sha1_hash, total_functions=total_functions, \
format=pyew.format, primes=primes, description=desc,\
analysis_date=time.asctime())
return ANALYSIS_SUCCESS
