def stdoutput(get_info_from): output = json.loads(get_info_from) print "Peframe v.", output['peframe_ver'] print print "Short information" print "-" * 60 print "File type".ljust(15), output['file_type'] print "File name".ljust(15), output['file_name'] print "File size".ljust(15), output['file_size'] print "Hash MD5".ljust(15), output['hash']['md5'] # output에 virustotal 이 있으면 해당정보 출력 if output['virustotal']: positives = output['virustotal']['positives'] total = output['virustotal']['total'] print "Virustotal".ljust(15), str(positives) + '/' + str(total) if output['pe_info']: for item in output['pe_info']: if output['pe_info'][item]: if item == 'detected': print "Detected".ljust(15), ', '.join( output['pe_info'][item]) if item == 'directories': print "Directories".ljust(15), ', '.join( output['pe_info'][item]) if item == 'sections_number': if output['pe_info'][item] > 0: x = 0 for suspicious in output['pe_info']['sections_info']: if suspicious['suspicious']: x = x + 1 print "Sections".ljust(15), output['pe_info'][ item], '(' + str(x) + ' suspicious)' if item == 'import_hash': print "Import Hash".ljust(15), output['pe_info'][item] if item == 'compile_time': print "Compile time".ljust(15), output['pe_info'][item] if item == 'dll': print "Dll".ljust(15), output['pe_info'][item] if output['pe_info']: for item in output['pe_info']: if output['pe_info'][item]: if item == 'xor_info': print print "Xor info" print "-" * 60 print "Key length".ljust(15), "Offset (hex)".ljust( 15), "Offset (dec)" for elem in output['pe_info'][item]: print elem.ljust(15), hex( output['pe_info'][item][elem]).ljust( 15), output['pe_info'][item][elem] if item == 'sign_info': print print "Sign info" print "-" * 60 for elem in output['pe_info'][item]: print elem.ljust(15), output['pe_info'][item][elem] if item == 'packer_info': print print "Paker info" print "-" * 60 for packer in output['pe_info'][item]: print packer if item == 'mutex_info': print print "Mutex info" print "-" * 60 for mutex in output['pe_info'][item]: print mutex if item == 'antidbg_info': print print "Antidbg info" print "-" * 60 for antidbg in output['pe_info'][item]: print antidbg if item == 'antivm_info': print print "AntiVM info" print "-" * 60 for antivm in output['pe_info'][item]: print antivm if item == 'apialert_info': print print "Apialert info" print "-" * 60 for apialert in output['pe_info'][item]: print apialert if item == 'resources_info': print print "Resources info" print "-" * 60 for res in output['pe_info'][item]: name = str(res['name']) size = str(res['size']) data = str(res['data'])[0:35] data = re.sub(r'\t|\n|\r|\s+', ' ', data) print name.ljust(15), size.ljust(8), data if item == 'import_function': print print "Import function" print "-" * 60 for func in output['pe_info'][item]: f = len(output['pe_info'][item][func]) print func.ljust(15), str(f) if item == 'export_function': print print "Export function" print "-" * 60 for func in output['pe_info'][item]: if func['function'] is None: print "Unnamed export".ljust(15), func['address'] else: print func['function'][0:15].ljust( 15), func['address'] if item == 'sections_info': for secsusp in output['pe_info'][item]: if secsusp['suspicious']: print print "Sections suspicious" print "-" * 60 suspicious = True break if suspicious: y = 0 for secsusp in output['pe_info'][item]: for elem in secsusp: if secsusp['suspicious']: print elem.ljust(15), secsusp[elem] y = y + 1 if y > 1 and y < x * 7 and secsusp['suspicious']: print if output['file_found']: print print "Filename found" print "-" * 60 for item in output['file_found']: for fname in output['file_found'][item]: print item.ljust(15), fname if output['url_found']: print print "Url found" print "-" * 60 for item in output['url_found']: print item if output['ip_found']: print print "IP found" print "-" * 60 for item in output['ip_found']: print item if output['fuzzing']: print print "Fuzzing match" print "-" * 60 for item in output['fuzzing']: print str(len(output['fuzzing'][item])).ljust(15), item if output['pe_info']: for item in output['pe_info']: if output['pe_info'][item]: if item == 'meta_info': print print "Meta info" print "-" * 60 for meta in output['pe_info'][item]: print meta.ljust(15), output['pe_info'][item][meta]
def stdoutput(get_info_from): output = json.loads(get_info_from) print "Peframe v.", output['peframe_ver'] print print "Short information" print "-"*60 print "File type".ljust(15),output['file_type'] print "File name".ljust(15), output['file_name'] print "File size".ljust(15), output['file_size'] print "Hash MD5".ljust(15), output['hash']['md5'] if output['virustotal']: positives = output['virustotal']['positives'] total = output['virustotal']['total'] print "Virustotal".ljust(15), str(positives)+'/'+str(total) if output['pe_info']: for item in output['pe_info']: if output['pe_info'][item]: if item == 'detected': print "Detected".ljust(15), ', '.join(output['pe_info'][item]) if item == 'directories': print "Directories".ljust(15), ', '.join(output['pe_info'][item]) if item == 'sections_number': if output['pe_info'][item] > 0: x = 0 for suspicious in output['pe_info']['sections_info']: if suspicious['suspicious']: x = x+1 print "Sections".ljust(15), output['pe_info'][item], '('+str(x)+' suspicious)' if item == 'import_hash': print "Import Hash".ljust(15), output['pe_info'][item] if item == 'compile_time': print "Compile time".ljust(15), output['pe_info'][item] if item == 'dll': print "Dll".ljust(15), output['pe_info'][item] if output['pe_info']: for item in output['pe_info']: if output['pe_info'][item]: if item == 'xor_info': print print "Xor info" print "-"*60 print "Key length".ljust(15), "Offset (hex)".ljust(15), "Offset (dec)" for elem in output['pe_info'][item]: print elem.ljust(15), hex(output['pe_info'][item][elem]).ljust(15), output['pe_info'][item][elem] if item == 'sign_info': print print "Sign info" print "-"*60 for elem in output['pe_info'][item]: print elem.ljust(15), output['pe_info'][item][elem] if item == 'packer_info': print print "Paker info" print "-"*60 for packer in output['pe_info'][item]: print packer if item == 'mutex_info': print print "Mutex info" print "-"*60 for mutex in output['pe_info'][item]: print mutex if item == 'antidbg_info': print print "Antidbg info" print "-"*60 for antidbg in output['pe_info'][item]: print antidbg if item == 'antivm_info': print print "AntiVM info" print "-"*60 for antivm in output['pe_info'][item]: print antivm if item == 'apialert_info': print print "Apialert info" print "-"*60 for apialert in output['pe_info'][item]: print apialert if item == 'resources_info': print print "Resources info" print "-"*60 for res in output['pe_info'][item]: name = str(res['name']) size = str(res['size']) data = str(res['data'])[0:35] data = re.sub(r'\t|\n|\r|\s+', ' ', data) print name.ljust(15), size.ljust(8), data if item == 'import_function': print print "Import function" print "-"*60 for func in output['pe_info'][item]: f = len(output['pe_info'][item][func]) print func.ljust(15), str(f) if item == 'export_function': print print "Export function" print "-"*60 for func in output['pe_info'][item]: print func['function'][0:15].ljust(15), func['address'] if item == 'sections_info': for secsusp in output['pe_info'][item]: if secsusp['suspicious']: print print "Sections suspicious" print "-"*60 suspicious = True break if suspicious: y = 0 for secsusp in output['pe_info'][item]: for elem in secsusp: if secsusp['suspicious']: print elem.ljust(15), secsusp[elem] y = y+1 if y > 1 and y < x*7 and secsusp['suspicious']: print if output['file_found']: print print "Filename found" print "-"*60 for item in output['file_found']: for fname in output['file_found'][item]: print item.ljust(15), fname if output['url_found']: print print "Url found" print "-"*60 for item in output['url_found']: print item if output['ip_found']: print print "IP found" print "-"*60 for item in output['ip_found']: print item if output['fuzzing']: print print "Fuzzing match" print "-"*60 for item in output['fuzzing']: print str(len(output['fuzzing'][item])).ljust(15), item if output['pe_info']: for item in output['pe_info']: if output['pe_info'][item]: if item == 'meta_info': print print "Meta info" print "-"*60 for meta in output['pe_info'][item]: print meta.ljust(15), output['pe_info'][item][meta]