def get(pe): dir_entry_import = enum.pefile_attribute.DIRECTORY_ENTRY_IMPORT apiPath = enum.getPath(enum.paths.APILIST_XML_FILE) suspicious_api_found = [] xmlPar = XMLParser() apilist = xmlPar.getElementTextByTag(apiPath,'api') if hasattr(pe,dir_entry_import): for l in pe.DIRECTORY_ENTRY_IMPORT: for imp in l.imports: for alert in apilist: if alert: if str(imp.name).startswith(alert): suspicious_api_found.append(imp.name) return sorted(set(suspicious_api_found))
def get(pe): antidbgs_path = getPath(lib.enum.paths.ANTI_DEBUGGER) xml = XMLParser() antidbgs = xml.getElementTextByTag(antidbgs_path, 'function') dir_entry_import = hasattr(pe,pefile_attribute.DIRECTORY_ENTRY_IMPORT) founded_antidebugger = [] if dir_entry_import: for lib in pe.DIRECTORY_ENTRY_IMPORT: for imp in lib.imports: for antidbg in antidbgs: if antidbg: if str(imp.name).startswith(antidbg): founded_antidebugger.append(imp.name) return list(set(founded_antidebugger)) # we can use sorted(set()) ==> create list
def testName(self): xml = XMLParser() path = getPath(lib.enum.paths.APILIST_XML_FILE) print "API LIST PATH " ,path ElementAttribute = xml.getElementAttribByTag(path,'api') print 'Element Attribute ' % ElementAttribute ElementText = xml.getElementTextByTag(path, 'api') print 'Element Text ' % ElementText # create a new xml and append newxml = XMLParser() newxml.setRoot("Malware") attribute = {'id':'5'} r = newxml.getRoot() added = newxml.addSubElement(r,"Konuk","18", attribute) addedNew = newxml.addSubElement(added,"subKonuk","25",attribute) newxml.createXMLFile("mithat.xml") print 'new xml file created' tagdict = {'tag':'university','text':'GYTE','status':'Finished'} xml.append('mithat.xml', tagdict) te = xml.getElementsByTag('mithatt.xml','permission') #print te[0][0] te = xml.getElementsByTag('filetype.xml','file') for elem in te : print elem[1]