Esempio n. 1
0
def get(pe, filename):

    fname = os.path.basename(filename)  # file name -> use (filename)
    fsize = os.path.getsize(filename)  # file size (in byte) -> use (filename)

    dll = pe.FILE_HEADER.IMAGE_FILE_DLL  # dll -> use (pe)
    nsec = pe.FILE_HEADER.NumberOfSections  # num sections -> use (pe)

    tstamp = pe.FILE_HEADER.TimeDateStamp  # timestamp -> (pe)
    try:
        """ return date """
        tsdate = datetime.datetime.fromtimestamp(tstamp)
    except:
        """ return timestamp """
        tsdate = str(tstamp) + " [Invalid date]"

    md5, sha1, imphash = get_hash(
        pe, filename)  # get md5, sha1, imphash -> (pe, filename)
    # directory -> (pe)
    dirlist = directories.get(pe)

    detected = []

    for sign in dirlist:  # digital signature
        if sign == "Security":
            detected.append("Sign")

    packer = peid.get(pe)  # packer (peid)
    if packer:
        detected.append("Packer")

    antidbg = apiantidbg.get(pe)  # anti debug
    if antidbg:
        detected.append("Anti Debug")

    xorcheck = xor.get(filename)  # Xor
    if xorcheck[0] and xorcheck[1]:
        detected.append("Xor")

    antivirtualmachine = antivm.get(filename)  # anti virtual machine
    if antivirtualmachine:
        detected.append("Anti VM")

    return json.dumps({"File Name": fname, \
        "File Size": str(fsize), \
        "Compile Time": str(tsdate), \
        "DLL": dll, \
        "Sections": nsec, \
        "Hash MD5": md5, \
        "Hash SHA-1": sha1, \
        "Import Hash": imphash, \
        "Xor": xorcheck[0], \
        "Detected": detected, \
        "Directories": dirlist
        }, indent=4, separators=(',', ': '))
Esempio n. 2
0
def get(pe, filename):

	fname = os.path.basename(filename)	# file name -> use (filename)
	fsize = os.path.getsize(filename)	# file size (in byte) -> use (filename)
	
	dll   = pe.FILE_HEADER.IMAGE_FILE_DLL 	# dll -> use (pe)
	nsec  = pe.FILE_HEADER.NumberOfSections	# num sections -> use (pe)

	tstamp = pe.FILE_HEADER.TimeDateStamp	# timestamp -> (pe)
	try:
		""" return date """
		tsdate = datetime.datetime.fromtimestamp(tstamp)
	except:
		""" return timestamp """
		tsdate = str(tstamp) + " [Invalid date]"

	md5, sha1, imphash = get_hash(pe, filename) # get md5, sha1, imphash -> (pe, filename)
	# directory -> (pe)
	dirlist = directories.get(pe)
	
	detected = []

	for sign in dirlist:			# digital signature
		if sign == "Security":
			detected.append("Sign")

	packer = peid.get(pe)			# packer (peid)
	if packer:
		detected.append("Packer")

	antidbg = apiantidbg.get(pe)	# anti debug
	if antidbg:
		detected.append("Anti Debug")

	xorcheck = xor.get(filename) 	# Xor
	if xorcheck[0] and xorcheck[1]:
			detected.append("Xor")

	antivirtualmachine = antivm.get(filename) # anti virtual machine
	if antivirtualmachine:
		detected.append("Anti VM")
	
	return json.dumps({"File Name": fname, \
					"File Size": str(fsize), \
					"Compile Time": str(tsdate), \
					"DLL": dll, \
					"Sections": nsec, \
					"Hash MD5": md5, \
					"Hash SHA-1": sha1, \
					"Import Hash": imphash, \
					"Xor": xorcheck[0], \
					"Detected": detected, \
					"Directories": dirlist
					}, indent=4, separators=(',', ': '))
Esempio n. 3
0
def get_antidbg(pe):
	show_antidbg = apiantidbg.get(pe)
	return json.dumps({"Anti Debug": show_antidbg}, indent=4, separators=(',', ': '))
Esempio n. 4
0
def get_antidbg(pe):
    show_antidbg = apiantidbg.get(pe)
    return json.dumps({"Anti Debug": show_antidbg},
                      indent=4,
                      separators=(',', ': '))
Esempio n. 5
0
def get_antidbg(pe):
    show_antidbg = apiantidbg.get(pe)
    return show_antidbg