def get_fileinfo(filename):
strings_info = json.loads(stringstat.get(filename))
all_strings = strings_info["content"]
# file and url
fileurl_info = fileurl.get(filename, strings_match)
file_info = fileurl_info["file"]
url_info = fileurl_info["url"]
ip_info = fileurl_info["ip"]
fuzzing_info = fileurl_info["fuzzing"]
md5, sha1, sha256 = get_hash(filename)
hash_info = {"md5": md5, "sha1": sha1, "sha256": sha256}
# virustotal
virustotal_info = virustotal.get(md5, strings_match)
# json으로 반환
return json.dumps(
{
"peframe_ver": help.VERSION,
"file_type": ftype,
"file_name": fname,
"file_size": fsize,
"hash": hash_info,
"file_found": file_info,
"url_found": url_info,
"ip_found": ip_info,
"virustotal": virustotal_info,
"fuzzing": fuzzing_info,
"pe_info": False
},
indent=4,
separators=(',', ': '))
def get_fileinfo(filename):
strings_info = json.loads(stringstat.get(filename))
all_strings = strings_info["content"]
# file and url
fileurl_info = fileurl.get(filename, strings_match)
file_info = fileurl_info["file"]
url_info = fileurl_info["url"]
ip_info = fileurl_info["ip"]
fuzzing_info = fileurl_info["fuzzing"]
md5, sha1, sha256 = get_hash(filename)
hash_info = {"md5": md5, "sha1": sha1, "sha256": sha256}
# virustotal
virustotal_info = virustotal.get(md5, strings_match)
return json.dumps({"peframe_ver": help.VERSION,
"file_type": ftype,
"file_name": fname,
"file_size": fsize,
"hash": hash_info,
"file_found": file_info,
"url_found": url_info,
"ip_found": ip_info,
"virustotal": virustotal_info,
"fuzzing": fuzzing_info,
"pe_info": False},
indent=4, separators=(',', ': '))
def main():
# 인자 개수가 0개거나 3개이상일떄 help 실행
if len(sys.argv) == 1: # len(sys.argv) > 3: 을 삭제
help.help()
exit(0)
# 인자가 1개이고 -h 나 --help 일때 help 실행
if len(sys.argv) == 2 and sys.argv[1] == "-h" or sys.argv[1] == "--help":
help.help()
exit(0)
# 인자이가 1개이고 -v나 --verionh 일때 version 출력
if len(sys.argv
) == 2 and sys.argv[1] == "-v" or sys.argv[1] == "--version":
print help.VERSION
exit(0)
# 파일이름의 절대경로를 받어 _ROOT에 저장
_ROOT = os.path.abspath(os.path.dirname(__file__))
# 경로 연결후 반환
def get_data(path):
return os.path.join(_ROOT, 'signatures', path)
# Load local file stringsmatch.json
# signatures 폴더에 있는 stringsmatch.json 파일을 load 하여 경로를 저장한다
fn_stringsmatch = get_data('stringsmatch.json')
global strings_match
with open(fn_stringsmatch) as data_file:
strings_match = json.load(data_file)
# Load PEID userdb.txt database
global userdb
userdb = get_data('userdb.txt')
global filename, fname, fsize, ftype, pe
# Auto Analysis
if len(sys.argv) == 2:
filename = sys.argv[1]
isfile(filename)
fname = os.path.basename(filename) #파일 이름
fsize = os.path.getsize(filename) #파일 사이즈
ftype = filetype(filename) # 파일 타입
if re.match(r'^PE[0-9]{2}|^MS-DOS', ftype):
pe = pefile.PE(filename)
stdoutput(get_pe_fileinfo(pe, filename))
exit(0)
else:
stdoutput(get_fileinfo(filename))
exit(0)
# Options
if len(sys.argv) >= 3: #인자가 3개 이상일떄
if sys.argv[1] == "--json" or sys.argv[
1] == "--strings": # 1번째 인자가 해당 옵션일때 실행
option = sys.argv[1] # 옵션변수에 저장
for i in range(2, len(sys.argv)): # 나머지 인자의 개수만큼 반복
filename = sys.argv[i] # 파일 저장
isfile(filename) # 파일인지 확인
fname = os.path.basename(filename) # 파일 이름 저장
fsize = os.path.getsize(filename) # 파일 사이즈 저장
ftype = filetype(filename) # 파일 타입 저장
print('==========%d번째 파일 분석결괴==========' % (i - 1))
if option == "--json": # 옵션이 --json 일때 분석
if re.match(r'^PE[0-9]{2}|^MS-DOS', ftype):
pe = pefile.PE(filename)
print get_pe_fileinfo(pe, filename)
else:
print get_fileinfo(filename)
elif option == "--strings": # 옵션이 --strings 일때 분
print stringstat.get(filename)
else:
help.help()
exit(0) # 끝나면 종료
else: # 해당 옵션이 아닐때
for i in range(1, len(sys.argv)): # 파일 개수만큼 반복
print('==========%d번째 파일 분석결괴==========' % (i))
filename = sys.argv[i]
isfile(filename)
fname = os.path.basename(filename) #파일 이름
fsize = os.path.getsize(filename) #파일 사이즈
ftype = filetype(filename) # 파일 타입
if re.match(r'^PE[0-9]{2}|^MS-DOS', ftype):
pe = pefile.PE(filename)
stdoutput(get_pe_fileinfo(pe, filename))
else:
stdoutput(get_fileinfo(filename))
exit(0)
def main():
if len(sys.argv) == 1 or len(sys.argv) > 3:
help.help()
exit(0)
if len(sys.argv) == 2 and sys.argv[1] == "-h" or sys.argv[1] == "--help":
help.help()
exit(0)
if len(sys.argv) == 2 and sys.argv[1] == "-v" or sys.argv[1] == "--version":
print help.VERSION
exit(0)
_ROOT = os.path.abspath(os.path.dirname(__file__))
def get_data(path):
return os.path.join(_ROOT, 'signatures', path)
# Load local file stringsmatch.json
fn_stringsmatch = get_data('stringsmatch.json')
global strings_match
with open(fn_stringsmatch) as data_file:
strings_match = json.load(data_file)
# Load PEID userdb.txt database
global userdb
userdb = get_data('userdb.txt')
global filename, fname, fsize, ftype, pe
# Auto Analysis
if len(sys.argv) == 2:
filename = sys.argv[1]
isfile(filename)
fname = os.path.basename(filename)
fsize = os.path.getsize(filename)
ftype = filetype(filename)
if re.match(r'^PE[0-9]{2}|^MS-DOS', ftype):
pe = pefile.PE(filename)
stdoutput(get_pe_fileinfo(pe, filename)); exit(0)
else:
stdoutput(get_fileinfo(filename)); exit(0)
# Options
if len(sys.argv) == 3:
option = sys.argv[1]
filename = sys.argv[2]
isfile(filename)
fname = os.path.basename(filename)
fsize = os.path.getsize(filename)
ftype = filetype(filename)
if option == "--json":
if re.match(r'^PE[0-9]{2}|^MS-DOS', ftype):
pe = pefile.PE(filename)
print get_pe_fileinfo(pe, filename); exit(0)
else:
print get_fileinfo(filename); exit(0)
elif option == "--strings":
print stringstat.get(filename); exit(0)
else:
help.help()
else:
help.help()
def main():
if len(sys.argv) == 1 or len(sys.argv) > 3:
help.help()
exit(0)
if len(sys.argv) == 2 and sys.argv[1] == "-h" or sys.argv[1] == "--help":
help.help()
exit(0)
if len(sys.argv
) == 2 and sys.argv[1] == "-v" or sys.argv[1] == "--version":
print help.VERSION
exit(0)
_ROOT = os.path.abspath(os.path.dirname(__file__))
def get_data(path):
return os.path.join(_ROOT, 'signatures', path)
# Load local file stringsmatch.json
fn_stringsmatch = get_data('stringsmatch.json')
global strings_match
with open(fn_stringsmatch) as data_file:
strings_match = json.load(data_file)
# Load PEID userdb.txt database
global userdb
userdb = get_data('userdb.txt')
global filename, fname, fsize, ftype, pe
# Auto Analysis
if len(sys.argv) == 2:
filename = sys.argv[1]
isfile(filename)
fname = os.path.basename(filename)
fsize = os.path.getsize(filename)
ftype = filetype(filename)
if re.match(r'^PE[0-9]{2}|^MS-DOS', ftype):
pe = pefile.PE(filename)
stdoutput(get_pe_fileinfo(pe, filename))
exit(0)
else:
stdoutput(get_fileinfo(filename))
exit(0)
# Options
if len(sys.argv) == 3:
option = sys.argv[1]
filename = sys.argv[2]
isfile(filename)
fname = os.path.basename(filename)
fsize = os.path.getsize(filename)
ftype = filetype(filename)
if option == "--json":
if re.match(r'^PE[0-9]{2}|^MS-DOS', ftype):
pe = pefile.PE(filename)
print get_pe_fileinfo(pe, filename)
exit(0)
else:
print get_fileinfo(filename)
exit(0)
elif option == "--strings":
print stringstat.get(filename)
exit(0)
else:
help.help()
else:
help.help()
def main():
if len(sys.argv) == 1 or len(sys.argv) > 3:
help.help()
exit(0)
if len(sys.argv) == 2 and sys.argv[1] == "-h" or sys.argv[1] == "--help":
help.help()
exit(0)
if len(sys.argv
) == 2 and sys.argv[1] == "-v" or sys.argv[1] == "--version":
print help.VERSION
exit(0)
_ROOT = os.path.abspath(os.path.dirname(__file__))
def get_data(path):
return os.path.join(_ROOT, 'signatures', path)
# Load local file stringsmatch.json
fn_stringsmatch = get_data('stringsmatch.json')
global strings_match
with open(fn_stringsmatch) as data_file:
strings_match = json.load(data_file)
# Load PEID userdb.txt database
global userdb
userdb = get_data('userdb.txt')
global filename, fname, fsize, ftype, pe
# Auto Analysis
if len(sys.argv) == 2:
filename = sys.argv[1]
isfile(filename)
fname = os.path.basename(filename)
fsize = os.path.getsize(filename)
ftype = filetype(filename)
num_of_sections = 0
num_of_antidebug = 0
num_of_antivm = 0
num_of_meta = 0
if re.match(r'^PE[0-9]{2}|^MS-DOS', ftype):
pe = pefile.PE(filename)
num_of_sections = Sections.get(pe)
num_of_antivm = AntiVM.get(filename)
num_of_antidebug = AntiDebug.get(pe, strings_match)
num_of_meta = Meta.get(pe)
data = [
1, num_of_antidebug, num_of_antivm, num_of_sections,
num_of_meta
]
with open(
'dataset.csv',
'a') as fp: # if using Test or user data, change file name
for item in data:
item = str(item) + ','
fp.write(item)
fp.write('1\n') # When normalfile, set label 0
exit(0)
else:
numb_of_antivm = AntiVM.get(filename)
data = [
1, num_of_antidebug, num_of_antivm, num_of_sections,
num_of_meta
]
with open(
'dataset.csv',
'a') as fp: # if using Test or user data, change file name
for item in data:
item = str(item) + ','
fp.write(item)
fp.write('1\n') # When normalfile, set label 0
exit(0)
# Options
if len(sys.argv) == 3:
option = sys.argv[1]
filename = sys.argv[2]
isfile(filename)
fname = os.path.basename(filename)
fsize = os.path.getsize(filename)
ftype = filetype(filename)
if option == "--json":
if re.match(r'^PE[0-9]{2}|^MS-DOS', ftype):
pe = pefile.PE(filename)
print get_pe_fileinfo(pe, filename)
exit(0)
else:
print get_fileinfo(filename)
exit(0)
elif option == "--strings":
print stringstat.get(filename)
exit(0)
else:
help.help()
else:
help.help()
def main():
if len(sys.argv) == 1 or len(sys.argv) > 3:
help.help()
exit(0)
if len(sys.argv) == 2 and sys.argv[1] == "-h" or sys.argv[1] == "--help":
help.help()
exit(0)
if len(sys.argv
) == 2 and sys.argv[1] == "-v" or sys.argv[1] == "--version":
print help.VERSION
exit(0)
_ROOT = os.path.abspath(os.path.dirname(__file__))
def get_data(path):
return os.path.join(_ROOT, 'signatures', path)
# Load local file stringsmatch.json
fn_stringsmatch = get_data('stringsmatch.json')
global strings_match
with open(fn_stringsmatch) as data_file:
strings_match = json.load(data_file)
# Load PEID userdb.txt database
global userdb
userdb = get_data('userdb.txt')
global filename, fname, fsize, ftype, pe
# Auto Analysis
if len(sys.argv) == 2:
filename = sys.argv[1]
isfile(filename)
fname = os.path.basename(filename)
fsize = os.path.getsize(filename)
ftype = filetype(filename)
NumberOfSections = 0
NumberOfAntiDebug = 0
NumberOfAntiVM = 0
if re.match(r'^PE[0-9]{2}|^MS-DOS', ftype):
pe = pefile.PE(filename)
#__________________________________ 수정부분 _____________________________________
with open("dataset01.csv", "w") as target:
NumberOfSections = Sections.get(pe)
NumberOfAntiVM = AntiVM.get(filename)
NumberOfAntiDebug = AntiDebug.get(pe, strings_match)
data = [NumberOfAntiDebug, NumberOfAntiVM, NumberOfSections]
for item in data:
item + str(item) + ","
target.write(item)
target.write("1")
exit(0)
else:
with open("dataset01.csv", "w") as target:
NumberOfAntiVM = AntiVM.get(filename)
data = [NumberOfAntiDebug, NumberOfAntiVM, NumberOfSections]
for item in data:
item = str(item) + ","
target.write(item)
target.write("1") # label
exit(0)
##################################################################################
# Options
if len(sys.argv) == 3:
option = sys.argv[1]
filename = sys.argv[2]
isfile(filename)
fname = os.path.basename(filename)
fsize = os.path.getsize(filename)
ftype = filetype(filename)
if option == "--json":
if re.match(r'^PE[0-9]{2}|^MS-DOS', ftype):
pe = pefile.PE(filename)
print get_pe_fileinfo(pe, filename)
exit(0)
else:
print get_fileinfo(filename)
exit(0)
elif option == "--strings":
print stringstat.get(filename)
exit(0)
else:
help.help()
else:
help.help()