def do_aaa(self, args): """Analyze absolutely all: Show a collection of stats about the current sample""" print("\x1b[31mFile analysis:\x1b[0m") print_cols([ ("YARA:", ", ".join(map(str, self.sample.yara_matches))), ("Chosen unpacker:", self.sample.unpacker.__class__.__name__), ("Allowed sections:", ', '.join(self.sample.unpacker.allowed_sections)), ("End of unpacking stub:", f"0x{self.sample.unpacker.endaddr:02x}" if self.sample.unpacker.endaddr != sys.maxsize else "unknown"), ("Section hopping detection:", "active" if self.sample.unpacker.section_hopping_control else "inactive"), ("Write+Exec detection:", "active" if self.sample.unpacker.write_execute_control else "inactive") ]) print("\n\x1b[31mPE stats:\x1b[0m") print_cols([ ("Declared virtual memory size:", f"0x{self.sample.virtualmemorysize:02x}", "", ""), ("Actual loaded image size:", f"0x{len(self.sample.loaded_image):02x}", "", ""), ("Image base address:", f"0x{self.sample.BASE_ADDR:02x}", "", ""), ("Mapped stack space:", f"0x{self.engine.STACK_ADDR:02x}", "-", f"0x{self.engine.STACK_ADDR + self.engine.STACK_SIZE:02x}"), ("Mapped hook space:", f"0x{self.engine.HOOK_ADDR:02x}", "-", f"0x{self.engine.HOOK_ADDR + 0x1000:02x}") ]) self.do_i("i") print("\n\x1b[31mRegister status:\x1b[0m") self.do_i("r")
def get_path_from_user(self, known_samples): print("Your options for today:\n") lines = [] for i, s in enumerate(known_samples): if s == "New sample...": lines += [(f"\t[{i}]", "\x1b[33mNew sample...\x1b[0m", "")] else: label, name = s.split(";") lines += [(f"\t[{i}]", f"\x1b[34m{label}:\x1b[0m", name)] print_cols(lines) print() while True: try: id = int(input("Enter the option ID: ")) except ValueError: print("Error parsing ID") continue if 0 <= id < len(known_samples) - 1: path = known_samples[id].split(";")[1] elif id == len(known_samples) - 1: path = input( "Please enter the sample path (single file or directory): " ) else: print( f"Invalid ID. Allowed range: 0 - {len(known_samples) - 1}") continue if os.path.exists(path): return path else: print("Path does not exist") continue
def print_allocs(self): if len(self.sample.allocated_chunks) == 0: print("Currently there are no allocated chunks:") else: print("Currently allocated:") lines = [] for start, end in self.sample.allocated_chunks: lines += [(hex(start), "-", hex(end))] print_cols(lines)
def print_imports(self, args): lines_static = [] lines_dynamic = [] for addr, name in self.engine.apicall_handler.hooks.items(): try: module = self.engine.apicall_handler.module_for_function[name] except KeyError: module = "?" if name in self.sample.imports: lines_static += [(f"0x{addr:02x}", name, module)] else: lines_dynamic += [(f"0x{addr:02x}", name, module)] print("\n\x1b[31mStatic imports:\x1b[0m") print_cols(lines_static) print("\n\x1b[31mDynamic imports:\x1b[0m") print_cols(lines_dynamic)
def print_stats(self): duration = time() - self.engine.start hours, rest = divmod(duration, 3600) minutes, seconds = divmod(rest, 60) print( f"\x1b[31mTime wasted emulating:\x1b[0m {int(hours):02} h {int(minutes):02} min {int(seconds):02} s" ) print("\x1b[31mAPI calls:\x1b[0m") print_cols([(name, amount) for name, amount in self.engine.apicall_counter.items()]) print("\n\x1b[31mInstructions executed in sections:\x1b[0m") print_cols([(name, amount) for name, amount in self.engine.sections_executed.items()]) print("\n\x1b[31mRead accesses:\x1b[0m") print_cols([(name, amount) for name, amount in self.engine.sections_read.items()]) print("\n\x1b[31mWrite accesses:\x1b[0m") print_cols([(name, amount) for name, amount in self.engine.sections_written.items()])
def print_stats(self): duration = time() - self.engine.start hours, rest = divmod(duration, 3600) minutes, seconds = divmod(rest, 60) print( f"{Fore.LIGHTRED_EX}Time wasted emulating:{Fore.RESET} {int(hours):02} h {int(minutes):02} min {int(seconds):02} s" ) print(f"{Fore.LIGHTRED_EX}API calls:{Fore.RESET}") print_cols([(name, amount) for name, amount in self.engine.apicall_counter.items()]) print( f"\n{Fore.LIGHTRED_EX}Instructions executed in sections:{Fore.RESET}" ) print_cols([(name, amount) for name, amount in self.engine.sections_executed.items()]) print(f"\n{Fore.LIGHTRED_EX}Read accesses:{Fore.RESET}") print_cols([(name, amount) for name, amount in self.engine.sections_read.items()]) print(f"\n{Fore.LIGHTRED_EX}Write accesses:{Fore.RESET}") print_cols([(name, amount) for name, amount in self.engine.sections_written.items()])