def calc_hash(self, pe_data, addr_space, base, proc, space):
try:
pe = pefile.PE(data=pe_data)
hash_result = pe.get_imphash()
except:
hash_result = "Error: This file is not PE file imphash"
try:
fuzzy_result = pyimpfuzzy.get_impfuzzy_data(pe_data)
except:
fuzzy_result = "Error: This file is not PE file impfuzzy"
if not hash_result and not self._config.FASTMODE:
pid = proc.UniqueProcessId
simp = SearchImp(self._config)
apilists = simp.get_apilist(pid, addr_space, base, proc, space)
if apilists is not None:
hash_result = hashlib.md5(apilists).hexdigest()
fuzzy_result = impfuzzyutil.hash_data(apilists)
else:
hash_result = ""
fuzzy_result = ""
return hash_result, fuzzy_result
def get_impfuzzy(file):
pe = pefileEx(file)
apilist, apilen = pe.calc_impfuzzy()
return impfuzzyutil.hash_data(apilist)
def get_impfuzzy_data(file):
pe = pefileEx(data=file)
apilist = pe.calc_impfuzzy()
return impfuzzyutil.hash_data(apilist)
def get_impfuzzy(file):
pe = pefileEx(file)
apilist, apilen = pe.calc_impfuzzy()
return impfuzzyutil.hash_data(apilist)
