Exemplos de get_entropy_float_ret em Python

Exemplo n.º 1

Arquivo: macho.py Projeto: jack51706/analyzer

    def get_sections(self, machos, fbuffer) -> list:
        '''
        get sections 
        '''
        _list = []
        for h in machos.headers:
            for lc, cmd, data in h.commands:
                if hasattr(cmd, "segname"):
                    #fbuffer[cmd.fileoff:cmd.filesize]
                    with BytesIO(fbuffer) as bio:
                        bio.seek(cmd.fileoff)
                        x = bio.read(cmd.filesize)
                        sus = "No"
                        entropy = get_entropy_float_ret(x)
                        if entropy > 6 or entropy >= 0 and entropy <= 1:
                            sus = "True, {}".format(entropy)
                        elif cmd.filesize == 0:
                            sus = "True, section size 0"

                        seg = cmd.segname[:cmd.segname.find(b'\x00')].decode(
                            "utf-8", errors="ignore")
                        if seg == "__PAGEZERO":
                            sus = ""

                        _list.append({
                            "Section": seg,
                            "Suspicious": sus,
                            "Size": cmd.filesize,
                            "Entropy": get_entropy(x),
                            "MD5": md5(x).hexdigest(),
                            "Description": ""
                        })
        return _list

Exemplo n.º 2

Arquivo: windowspe.py Projeto: telolet347/analyzer

 def get_sections(self, pe_info) -> list:
     '''
     get sections
     '''
     temp_list = []
     for section in pe_info.sections:
         is_sus = "No"
         entropy = get_entropy_float_ret(section.get_data())
         if entropy > 6 or (0 <= entropy <= 1):
             is_sus = "True, {}".format(entropy)
         elif section.SizeOfRawData == 0:
             is_sus = "True, section size 0"
         temp_list.append({
             "Section":
             section.Name.decode("utf-8", errors="ignore").strip("\00"),
             "Suspicious":
             is_sus,
             "Size":
             section.SizeOfRawData,
             "MD5":
             section.get_hash_md5(),
             "Entropy":
             get_entropy(section.get_data()),
             "Description":
             ""
         })
     return temp_list

Exemplo n.º 3

Arquivo: qbdga.py Projeto: telolet347/analyzer

 def check_entropy(self, data, domains):
     '''
     loop sequences, get entropy
     '''
     for domain in domains:
         domain = domain["domain"]
         entropy = get_entropy_float_ret(domain)
         if entropy > 3.7:
             data.append({
                 "Entropy": "{0:.15f}".format(entropy),
                 "URL": domain
             })

Exemplo n.º 4

Arquivo: linuxelf.py Projeto: sashka3076/analyzer

 def get_section(self, elf) -> list:
     '''
     get all sections of elf
     '''
     temp_list = []
     for section in elf.iter_sections():
         if section.name != "":
             sus = "No"
             entropy = get_entropy_float_ret(section.data())
             if entropy > 6 or (0 <= entropy <= 1):
                 sus = "True, {}".format(entropy)
             elif section.data_size == 0:
                 sus = "True, section size 0"
             temp_list.append({"Section":section.name,
                               "Suspicious":sus,
                               "Size":section.data_size,
                               "MD5":md5(section.data()).hexdigest(),
                               "Entropy":get_entropy(section.data()),
                               "Description":""})
     return temp_list