def get(pe):
dir_entry_import = enum.pefile_attribute.DIRECTORY_ENTRY_IMPORT
apiPath = enum.getPath(enum.paths.APILIST_XML_FILE)
suspicious_api_found = []
xmlPar = XMLParser()
apilist = xmlPar.getElementTextByTag(apiPath,'api')
if hasattr(pe,dir_entry_import):
for l in pe.DIRECTORY_ENTRY_IMPORT:
for imp in l.imports:
for alert in apilist:
if alert:
if str(imp.name).startswith(alert):
suspicious_api_found.append(imp.name)
return sorted(set(suspicious_api_found))
def get(pe):
antidbgs_path = getPath(lib.enum.paths.ANTI_DEBUGGER)
xml = XMLParser()
antidbgs = xml.getElementTextByTag(antidbgs_path, 'function')
dir_entry_import = hasattr(pe,pefile_attribute.DIRECTORY_ENTRY_IMPORT)
founded_antidebugger = []
if dir_entry_import:
for lib in pe.DIRECTORY_ENTRY_IMPORT:
for imp in lib.imports:
for antidbg in antidbgs:
if antidbg:
if str(imp.name).startswith(antidbg):
founded_antidebugger.append(imp.name)
return list(set(founded_antidebugger)) # we can use sorted(set()) ==> create list
def testName(self):
xml = XMLParser()
path = getPath(lib.enum.paths.APILIST_XML_FILE)
print "API LIST PATH " ,path
ElementAttribute = xml.getElementAttribByTag(path,'api')
print 'Element Attribute ' % ElementAttribute
ElementText = xml.getElementTextByTag(path, 'api')
print 'Element Text ' % ElementText
# create a new xml and append
newxml = XMLParser()
newxml.setRoot("Malware")
attribute = {'id':'5'}
r = newxml.getRoot()
added = newxml.addSubElement(r,"Konuk","18", attribute)
addedNew = newxml.addSubElement(added,"subKonuk","25",attribute)
newxml.createXMLFile("mithat.xml")
print 'new xml file created'
tagdict = {'tag':'university','text':'GYTE','status':'Finished'}
xml.append('mithat.xml', tagdict)
te = xml.getElementsByTag('mithatt.xml','permission')
#print te[0][0]
te = xml.getElementsByTag('filetype.xml','file')
for elem in te :
print elem[1]
