Python WinExecutableFile 예제들

프로그래밍 언어: Python

네임스페이스/패키지 이름: cybox.objects.win_executable_file_object

클래스/타입: WinExecutableFile

hotexamples.com에서의 예제들: 3

Python WinExecutableFile - 3개의 예제가 발견되었습니다. 이것들은 오픈소스 프로젝트에서 추출된 Python의 cybox.objects.win_executable_file_object.WinExecutableFile에 대한 실세계 최고 등급의 예제들입니다. 예제들을 평가하여 예제의 품질 향상에 도움을 줄 수 있습니다.

자주 사용되는 메소드들

보기 숨기기

WinExecutableFile(2)

add_hash(1)

exports(1)

file_format(1)

file_name(1)

imports(1)

md5(1)

resources(1)

sections(1)

sha1(1)

sha256(1)

sha512(1)

size_in_bytes(1)

예제 #1

파일 보기

파일: cuckoo-cybox.py 프로젝트: zeroq/cuckoo

 def __create_cybox_win_executable(self, fdict, sdict):
     wf = WinExecutableFile()
     if 'pe_imports' in sdict and len(sdict['pe_imports'])>0:
         imports_object = self.__create_cybox_pe_imports(sdict['pe_imports'])
         wf.imports = imports_object
     if 'pe_sections' in sdict and len(sdict['pe_sections'])>0:
         sections_object = self.__create_cybox_pe_sections(sdict['pe_sections'])
         wf.sections = sections_object
     if 'pe_versioninfo' in sdict and len(sdict['pe_versioninfo'])>0:
         resources_object = self.__create_cybox_pe_resources(sdict['pe_versioninfo'])
         wf.resources = resources_object
     if 'pe_exports' in sdict and len(sdict['pe_exports'])>0:
         exports_object = self.__create_cybox_pe_exports(sdict['pe_exports'])
         wf.exports = exports_object
     return wf

예제 #2

파일 보기

파일: maec_dynamic_analysis.py 프로젝트: getvirushelp/MAECProject.github.io

from maec.bundle.bundle import Bundle
from maec.bundle.malware_action import MalwareAction
from cybox.core import Object, AssociatedObject, AssociatedObjects
from cybox.objects.win_executable_file_object import WinExecutableFile
from cybox.objects.win_mutex_object import WinMutex
from cybox.common import ToolInformation, VocabString

# Set up the necessary Package, Malware Subject, Analysis Bundle Instances
p = Package()
ms = MalwareSubject()
b = Bundle()
a = Analysis()

# Set the Malware_Instance_Object_Attributes on the Malware Subject
ms.malware_instance_object_attributes = Object()
ms.malware_instance_object_attributes.properties = WinExecutableFile()
ms.malware_instance_object_attributes.properties.size_in_bytes = "210564"
ms.malware_instance_object_attributes.properties.add_hash(
    "B6C39FF68346DCC8B67AA060DEFE40C2")
ms.malware_instance_object_attributes.properties.add_hash(
    "D55B0FB96FAD96D203D10850469489FC03E6F2F7")

# Populate the Analysis with the metadata relating to the Analysis that was performed
a.method = "dynamic"
a.type_ = "triage"
a.set_findings_bundle(b.id_)
t = ToolInformation()
t.name = "ThreatExpert"
t.vendor = "ThreatExpert"
a.add_tool(t)

예제 #3

파일 보기

def createMetaData(stix_package, metadata, strings):
    indicator = Indicator()

    fl = WinExecutableFile()
    if metadata["malfilename"] != "":
        fl.file_name = metadata["malfilename"]
    if metadata["malmd5"] != "":
        fl.md5 = metadata["malmd5"]
    if metadata["malsha1"] != "":
        fl.sha1 = metadata["malsha1"]
    if metadata["malsha256"] != "":
        fl.sha256 = metadata["malsha256"]
    if metadata["malsha512"] != "":
        fl.sha512 = metadata["malsha512"]
    if metadata["malmd54k"] != "":
        md54k = Hash()
        md54k.simple_hash_value = metadata["malmd54k"]
        h = Hash(md54k, Hash.TYPE_OTHER)
        fl.add_hash(h)
    if metadata["malssdeep"] != "":
        ssdeep = Hash()
        ssdeep.simple_hash_value = metadata["malssdeep"]
        h = Hash(ssdeep, Hash.TYPE_SSDEEP)
        fl.add_hash(h)
    if metadata["malfilesize"] != "":
        fl.size_in_bytes = metadata["malfilesize"]
    if metadata["malfiletype"] != "":
        fl.file_format = metadata["malfiletype"]

    # peindicator = Indicator()
    peimportlist = PEImportList()
    peimport = PEImport()
    peimportedfunctions = PEImportedFunctions()
    if len(metadata['iocimports']) > 0:
        for importfunc in metadata['iocimports']:
            peif = PEImportedFunction()
            peif.function_name = importfunc
            peimportedfunctions.append(peif)

        peimport.imported_functions = peimportedfunctions
    peimportlist.append(peimport)

    peexports = PEExports()
    peexportedfunctions = PEExportedFunctions()
    if len(metadata['iocexports']) > 0:
        for exportfunc in metadata['iocexports']:
            peef = PEExportedFunction()
            peef.function_name = exportfunc
            peexportedfunctions.append(peef)

        peexports.exported_functions = peexportedfunctions

    pesectionlist = PESectionList()
    if len(metadata['badpesections']) > 0:
        for section in metadata['badpesections']:
            pesection = PESection()
            pesectionheader = PESectionHeaderStruct()
            entropy = Entropy()
            pesectionheader.name = section[0]
            if len(section[1]) > 0:
                data_size = section[1].replace("0x", "")
                if len(data_size) % 2 != 0:
                    data_size = "0" + data_size
            pesectionheader.size_of_raw_data = data_size
            entropy.value = float(section[2])
            pesection.entropy = entropy
            pesection.section_header = pesectionheader
            pesectionlist.append(pesection)

    peresourcelist = PEResourceList()
    peversioninforesource = PEVersionInfoResource()
    if len(metadata['versioninfo']) > 0:
        peversioninforesource.comments = str(
            metadata['versioninfo']['Comments']) if (
                metadata['versioninfo']['Comments'] is not None) else ""
        peversioninforesource.companyname = str(
            metadata['versioninfo']['CompanyName']) if (
                metadata['versioninfo']['CompanyName'] is not None) else ""
        peversioninforesource.filedescription = str(
            metadata['versioninfo']['FileDescription']) if (
                metadata['versioninfo']['FileDescription'] is not None) else ""
        peversioninforesource.fileversion = str(
            metadata['versioninfo']['FileVersion']).replace(", ", ".") if (
                metadata['versioninfo']['FileVersion'] is not None) else ""
        peversioninforesource.internalname = str(
            metadata['versioninfo']['InternalName']) if (
                metadata['versioninfo']['InternalName'] is not None) else ""
        peversioninforesource.langid = ""
        peversioninforesource.legalcopyright = str(
            metadata['versioninfo']['LegalCopyright']) if (
                metadata['versioninfo']['LegalCopyright'] is not None) else ""
        peversioninforesource.originalfilename = str(
            metadata['versioninfo']['OriginalFilename']) if (
                metadata['versioninfo']['OriginalFilename']
                is not None) else ""
        peversioninforesource.privatebuild = str(
            metadata['versioninfo']['PrivateBuild']) if (
                metadata['versioninfo']['PrivateBuild'] is not None) else ""
        peversioninforesource.productname = str(
            metadata['versioninfo']['ProductName']) if (
                metadata['versioninfo']['ProductName'] is not None) else ""
        peversioninforesource.productversion = str(
            metadata['versioninfo']['ProductVersion']).replace(", ", ".") if (
                metadata['versioninfo']['ProductVersion'] is not None) else ""
        peversioninforesource.specialbuild = str(
            metadata['versioninfo']['SpecialBuild']) if (
                metadata['versioninfo']['SpecialBuild'] is not None) else ""

        peresourcelist.append(peversioninforesource)

    fl.imports = peimportlist
    fl.exports = peexports
    fl.sections = pesectionlist
    fl.resources = peresourcelist

    addStrings(fl, strings)

    indicator.add_observable(Observable(fl))

    stix_package.add_indicator(indicator)
    return fl