def get_xor(pe):
show_xor = xor.get(pe)
return json.dumps({
"Xor": show_xor[0],
"Offset": show_xor[1]
},
indent=4,
separators=(',', ': '))
def get(pe, filename):
fname = os.path.basename(filename) # file name -> use (filename)
fsize = os.path.getsize(filename) # file size (in byte) -> use (filename)
dll = pe.FILE_HEADER.IMAGE_FILE_DLL # dll -> use (pe)
nsec = pe.FILE_HEADER.NumberOfSections # num sections -> use (pe)
tstamp = pe.FILE_HEADER.TimeDateStamp # timestamp -> (pe)
try:
""" return date """
tsdate = datetime.datetime.fromtimestamp(tstamp)
except:
""" return timestamp """
tsdate = str(tstamp) + " [Invalid date]"
md5, sha1, imphash = get_hash(
pe, filename) # get md5, sha1, imphash -> (pe, filename)
# directory -> (pe)
dirlist = directories.get(pe)
detected = []
for sign in dirlist: # digital signature
if sign == "Security":
detected.append("Sign")
packer = peid.get(pe) # packer (peid)
if packer:
detected.append("Packer")
antidbg = apiantidbg.get(pe) # anti debug
if antidbg:
detected.append("Anti Debug")
xorcheck = xor.get(filename) # Xor
if xorcheck[0] and xorcheck[1]:
detected.append("Xor")
antivirtualmachine = antivm.get(filename) # anti virtual machine
if antivirtualmachine:
detected.append("Anti VM")
return json.dumps({"File Name": fname, \
"File Size": str(fsize), \
"Compile Time": str(tsdate), \
"DLL": dll, \
"Sections": nsec, \
"Hash MD5": md5, \
"Hash SHA-1": sha1, \
"Import Hash": imphash, \
"Xor": xorcheck[0], \
"Detected": detected, \
"Directories": dirlist
}, indent=4, separators=(',', ': '))
def get(pe, filename):
fname = os.path.basename(filename) # file name -> use (filename)
fsize = os.path.getsize(filename) # file size (in byte) -> use (filename)
dll = pe.FILE_HEADER.IMAGE_FILE_DLL # dll -> use (pe)
nsec = pe.FILE_HEADER.NumberOfSections # num sections -> use (pe)
tstamp = pe.FILE_HEADER.TimeDateStamp # timestamp -> (pe)
try:
""" return date """
tsdate = datetime.datetime.fromtimestamp(tstamp)
except:
""" return timestamp """
tsdate = str(tstamp) + " [Invalid date]"
md5, sha1, imphash = get_hash(pe, filename) # get md5, sha1, imphash -> (pe, filename)
# directory -> (pe)
dirlist = directories.get(pe)
detected = []
for sign in dirlist: # digital signature
if sign == "Security":
detected.append("Sign")
packer = peid.get(pe) # packer (peid)
if packer:
detected.append("Packer")
antidbg = apiantidbg.get(pe) # anti debug
if antidbg:
detected.append("Anti Debug")
xorcheck = xor.get(filename) # Xor
if xorcheck[0] and xorcheck[1]:
detected.append("Xor")
antivirtualmachine = antivm.get(filename) # anti virtual machine
if antivirtualmachine:
detected.append("Anti VM")
return json.dumps({"File Name": fname, \
"File Size": str(fsize), \
"Compile Time": str(tsdate), \
"DLL": dll, \
"Sections": nsec, \
"Hash MD5": md5, \
"Hash SHA-1": sha1, \
"Import Hash": imphash, \
"Xor": xorcheck[0], \
"Detected": detected, \
"Directories": dirlist
}, indent=4, separators=(',', ': '))
def get_xor(pe):
show_xor = xor.get(pe)
return show_xor
def get_xor(pe):
show_xor = xor.get(pe)
return json.dumps({"Xor": show_xor[0], "Offset": show_xor[1]}, indent=4, separators=(',', ': '))
