# PEframe is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with PEframe. If not, see <http://www.gnu.org/licenses/>.
# ----------------------------------------------------------------------
import os
import pefile
import peutils
from peframe import get_data
# Load PEID userdb.txt database
fn_userdb = get_data('userdb.txt')
def get(pe):
signatures = peutils.SignatureDatabase(fn_userdb)
matches = signatures.match_all(pe,ep_only = True)
array = []
if matches:
for item in matches:
# remove duplicate
if item[0] not in array:
array.append(item[0])
return array
# along with PEframe. If not, see <http://www.gnu.org/licenses/>.
# ----------------------------------------------------------------------
import os
import loadfile
from peframe import get_data
try:
import pefile
import peutils
except ImportError:
print 'Error: import pefile or peutils modules failed.'
exit(0)
# Load array by file antidbg.txt - Suspicious Functions Anti Debug
antidbgs = loadfile.get_apilist(get_data('antidbg.txt'))
def get(pe):
array = []
DEI = hasattr(pe, 'DIRECTORY_ENTRY_IMPORT')
if DEI:
for lib in pe.DIRECTORY_ENTRY_IMPORT:
for imp in lib.imports:
for antidbg in antidbgs:
if antidbg:
if str(imp.name).startswith(antidbg):
array.append(imp.name)
return sorted(set(array))
# along with PEframe. If not, see <http://www.gnu.org/licenses/>.
# ----------------------------------------------------------------------
import os
import loadfile
from peframe import get_data
try:
import pefile
import peutils
except ImportError:
print 'Error: import pefile or peutils modules failed.'
exit(0)
# Load array by file antidbg.txt - Suspicious Functions Anti Debug
antidbgs = loadfile.get_apilist(get_data('antidbg.txt'))
def get(pe):
array = []
DEI = hasattr(pe, 'DIRECTORY_ENTRY_IMPORT')
if DEI:
for lib in pe.DIRECTORY_ENTRY_IMPORT:
for imp in lib.imports:
for antidbg in antidbgs:
if antidbg:
if str(imp.name).startswith(antidbg):
array.append(imp.name)
return sorted(set(array))
#
# You should have received a copy of the GNU General Public License
# along with PEframe. If not, see <http://www.gnu.org/licenses/>.
# ----------------------------------------------------------------------
import os
import loadfile
from peframe import get_data
try:
import pefile
import peutils
except ImportError:
print 'Error: import pefile or peutils modules failed.'
exit(0)
# Load array by file alerts.txt
alerts = loadfile.get(get_data('alerts.txt'))
def get(pe):
apialert_found = []
if hasattr(pe, 'DIRECTORY_ENTRY_IMPORT'):
for lib in pe.DIRECTORY_ENTRY_IMPORT:
for imp in lib.imports:
for alert in alerts:
if alert: # remove 'null'
if str(imp.name).startswith(alert):
apialert_found.append(imp.name)
return sorted(set(apialert_found))
#
# PEframe is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with PEframe. If not, see <http://www.gnu.org/licenses/>.
# ----------------------------------------------------------------------
import os
import pefile
import peutils
from peframe import get_data
# Load PEID userdb.txt database
fn_userdb = get_data('userdb.txt')
def get(pe):
signatures = peutils.SignatureDatabase(fn_userdb)
matches = signatures.match_all(pe, ep_only=True)
array = []
if matches:
for item in matches:
# remove duplicate
if item[0] not in array:
array.append(item[0])
return array