def static(filename):
print "Use <strings> to show strings in the file"
print "Use <peid> to detect packer signatures"
print "Use <export> to show imported function and dll"
print "Use <import> to show exported function and dll"
print "Use <sections> to show sections information"
print "Use <fileurl> to show file urls"
print "Use <suspicious> to show some suspicious functions"
print "Use <auto> to auto-analysis the file"
while True:
input = raw_input('Static>> ')
if (input=="strings"):
peframe.show_strings(filename)
elif (input=="peid"):
peframe.show_packer(filename)
elif (input=="suspicious"):
peframe.show_suspicious(filename)
elif (input=="fileurl"):
peframe.show_fileurl(filename)
elif (input=="import"):
peframe.show_imported_functions(filename)
elif (input=="export"):
peframe.show_exported_functions(filename)
elif (input=="meta"):
peframe.show_meta(filename)
elif (input=="sections"):
peframe.show_sections(filename)
elif (input=='auto'):
peframe.autoanalysis(filename)
elif (input=='exit'):
return
def static(filename):
print "Use <strings> to show strings in the file"
print "Use <peid> to detect packer signatures"
print "Use <export> to show imported function and dll"
print "Use <import> to show exported function and dll"
print "Use <sections> to show sections information"
print "Use <fileurl> to show file urls"
print "Use <suspicious> to show some suspicious functions"
print "Use <auto> to auto-analysis the file"
while True:
input = raw_input('Static>> ')
if (input == "strings"):
peframe.show_strings(filename)
elif (input == "peid"):
peframe.show_packer(filename)
elif (input == "suspicious"):
peframe.show_suspicious(filename)
elif (input == "fileurl"):
peframe.show_fileurl(filename)
elif (input == "import"):
peframe.show_imported_functions(filename)
elif (input == "export"):
peframe.show_exported_functions(filename)
elif (input == "meta"):
peframe.show_meta(filename)
elif (input == "sections"):
peframe.show_sections(filename)
elif (input == 'auto'):
peframe.autoanalysis(filename)
elif (input == 'exit'):
return
def static(filename):
print "Use <strings> to show strings in the file"
print "Use <peid> to detect packer signatures"
print "Use <antidbg> to detect antidebug techniques in the file"
print "Use <antivm> to detect anti virtualisation techniques in the file"
print "Use <auto> to auto-analysis the file"
while True:
input = raw_input('Static>> ')
if (input=="strings"):
peframe.analyse(filename,"--strings")
elif (input=="peid"):
peframe.analyse(filename,"--peid")
elif (input=='auto'):
peframe.autoanalysis(filename)
elif (input=='exit'):
return
def static(self, filename):
peframe.autoanalysis(filename)
filename="/home/ask3m/malware.exe"
filename = raw_input('path to file exemple(/home/ask3m/malware.exe):')
while(1):
try:
input = raw_input('Hunter>> ')
#input =input.replace(' ','')
if (input=="static"):
print "Use <strings> to show strings in the file"
print "Use <peid> to detect packer signatures"
print "Use <antidbg> to detect antidebug techniques in the file"
print "Use <antivm> to detect anti virtualisation techniques in the file"
print "Use <auto> to auto-analysis the file"
input = raw_input('static>> ')
if (input=="strings"):
peframe.analyse("/home/ask3m/malware.exe","--strings")
elif (input=="static"):
#peframe.autoanalysis("/home/ask3m/malware.exe")
peframe.analyse("/home/ask3m/malware.exe","--peid")
print input
elif (input=='auto'):
peframe.autoanalysis("/home/ask3m/malware.exe")
elif (input=="sandbox"):
print "Dynamic analysis for suspicious files"
myvbox.myvbox("/home/ask3m/test.exe")
elif (input=='exit()'):
sys.exit(0)
else :
print "this command is not used"
except KeyboardInterrupt:
print "type exit() to stop"
def static(self, filename):
peframe.autoanalysis(filename)
