def upx_unpack(self, file_data, CAPE_output):
unpacked_file = upx_harness(file_data)
if unpacked_file and os.path.exists(unpacked_file):
for unpacked_hit in File(unpacked_file).get_yara(category="CAPE"):
if unpacked_hit["name"] == 'UPX':
# Failed to unpack
log.info("CAPE: Failed to unpack UPX")
os.unlink(unpacked_file)
break
if not os.path.exists(self.CAPE_path):
os.makedirs(self.CAPE_path)
newname = os.path.join(self.CAPE_path, os.path.basename(unpacked_file))
shutil.move(unpacked_file, newname)
#infofd = open(newname + "_info.txt", "a")
#infofd.write(os.path.basename(unpacked_file) + "\n")
#infofd.close()
# Recursive process of unpacked file
upx_extract = self.process_file(newname, CAPE_output, True, {})
if upx_extract["type"]:
upx_extract["cape_type"] = "UPX-extracted "
type_strings = upx_extract["type"].split()
if type_strings[0] in ("PE32+", "PE32"):
upx_extract["cape_type"] += pe_map[type_strings[0]]
if type_strings[2][0] == "(DLL)":
upx_extract["cape_type"] += "DLL"
else:
upx_extract["cape_type"] += "executable"
def upx_unpack(self, file_data):
unpacked_file = upx_harness(file_data)
if unpacked_file and os.path.exists(unpacked_file):
for unpacked_hit in File(unpacked_file).get_yara(category="CAPE"):
if unpacked_hit["name"] == "UPX":
# Failed to unpack
log.info("CAPE: Failed to unpack UPX")
break
if not os.path.exists(self.CAPE_path):
os.makedirs(self.CAPE_path)
newname = os.path.join(self.CAPE_path,
os.path.basename(unpacked_file))
if os.path.exists(unpacked_file):
shutil.move(unpacked_file, newname)
# Recursive process of unpacked file
upx_extract = self.process_file(newname, True, {})
if upx_extract and upx_extract["type"]:
upx_extract["cape_type"] = "UPX-extracted "
type_strings = upx_extract["type"].split()
if type_strings[0] in ("PE32+", "PE32"):
upx_extract["cape_type"] += pe_map[type_strings[0]]
if type_strings[2][0] == "(DLL)":
upx_extract["cape_type"] += "DLL"
else:
upx_extract["cape_type"] += "executable"