def stdoutput(get_info_from):
output = json.loads(get_info_from)
print "Peframe v.", output['peframe_ver']
print
print "Short information"
print "-" * 60
print "File type".ljust(15), output['file_type']
print "File name".ljust(15), output['file_name']
print "File size".ljust(15), output['file_size']
print "Hash MD5".ljust(15), output['hash']['md5']
# output에 virustotal 이 있으면 해당정보 출력
if output['virustotal']:
positives = output['virustotal']['positives']
total = output['virustotal']['total']
print "Virustotal".ljust(15), str(positives) + '/' + str(total)
if output['pe_info']:
for item in output['pe_info']:
if output['pe_info'][item]:
if item == 'detected':
print "Detected".ljust(15), ', '.join(
output['pe_info'][item])
if item == 'directories':
print "Directories".ljust(15), ', '.join(
output['pe_info'][item])
if item == 'sections_number':
if output['pe_info'][item] > 0:
x = 0
for suspicious in output['pe_info']['sections_info']:
if suspicious['suspicious']:
x = x + 1
print "Sections".ljust(15), output['pe_info'][
item], '(' + str(x) + ' suspicious)'
if item == 'import_hash':
print "Import Hash".ljust(15), output['pe_info'][item]
if item == 'compile_time':
print "Compile time".ljust(15), output['pe_info'][item]
if item == 'dll':
print "Dll".ljust(15), output['pe_info'][item]
if output['pe_info']:
for item in output['pe_info']:
if output['pe_info'][item]:
if item == 'xor_info':
print
print "Xor info"
print "-" * 60
print "Key length".ljust(15), "Offset (hex)".ljust(
15), "Offset (dec)"
for elem in output['pe_info'][item]:
print elem.ljust(15), hex(
output['pe_info'][item][elem]).ljust(
15), output['pe_info'][item][elem]
if item == 'sign_info':
print
print "Sign info"
print "-" * 60
for elem in output['pe_info'][item]:
print elem.ljust(15), output['pe_info'][item][elem]
if item == 'packer_info':
print
print "Paker info"
print "-" * 60
for packer in output['pe_info'][item]:
print packer
if item == 'mutex_info':
print
print "Mutex info"
print "-" * 60
for mutex in output['pe_info'][item]:
print mutex
if item == 'antidbg_info':
print
print "Antidbg info"
print "-" * 60
for antidbg in output['pe_info'][item]:
print antidbg
if item == 'antivm_info':
print
print "AntiVM info"
print "-" * 60
for antivm in output['pe_info'][item]:
print antivm
if item == 'apialert_info':
print
print "Apialert info"
print "-" * 60
for apialert in output['pe_info'][item]:
print apialert
if item == 'resources_info':
print
print "Resources info"
print "-" * 60
for res in output['pe_info'][item]:
name = str(res['name'])
size = str(res['size'])
data = str(res['data'])[0:35]
data = re.sub(r'\t|\n|\r|\s+', ' ', data)
print name.ljust(15), size.ljust(8), data
if item == 'import_function':
print
print "Import function"
print "-" * 60
for func in output['pe_info'][item]:
f = len(output['pe_info'][item][func])
print func.ljust(15), str(f)
if item == 'export_function':
print
print "Export function"
print "-" * 60
for func in output['pe_info'][item]:
if func['function'] is None:
print "Unnamed export".ljust(15), func['address']
else:
print func['function'][0:15].ljust(
15), func['address']
if item == 'sections_info':
for secsusp in output['pe_info'][item]:
if secsusp['suspicious']:
print
print "Sections suspicious"
print "-" * 60
suspicious = True
break
if suspicious:
y = 0
for secsusp in output['pe_info'][item]:
for elem in secsusp:
if secsusp['suspicious']:
print elem.ljust(15), secsusp[elem]
y = y + 1
if y > 1 and y < x * 7 and secsusp['suspicious']:
print
if output['file_found']:
print
print "Filename found"
print "-" * 60
for item in output['file_found']:
for fname in output['file_found'][item]:
print item.ljust(15), fname
if output['url_found']:
print
print "Url found"
print "-" * 60
for item in output['url_found']:
print item
if output['ip_found']:
print
print "IP found"
print "-" * 60
for item in output['ip_found']:
print item
if output['fuzzing']:
print
print "Fuzzing match"
print "-" * 60
for item in output['fuzzing']:
print str(len(output['fuzzing'][item])).ljust(15), item
if output['pe_info']:
for item in output['pe_info']:
if output['pe_info'][item]:
if item == 'meta_info':
print
print "Meta info"
print "-" * 60
for meta in output['pe_info'][item]:
print meta.ljust(15), output['pe_info'][item][meta]
def stdoutput(get_info_from):
output = json.loads(get_info_from)
print "Peframe v.", output['peframe_ver']
print
print "Short information"
print "-"*60
print "File type".ljust(15),output['file_type']
print "File name".ljust(15), output['file_name']
print "File size".ljust(15), output['file_size']
print "Hash MD5".ljust(15), output['hash']['md5']
if output['virustotal']:
positives = output['virustotal']['positives']
total = output['virustotal']['total']
print "Virustotal".ljust(15), str(positives)+'/'+str(total)
if output['pe_info']:
for item in output['pe_info']:
if output['pe_info'][item]:
if item == 'detected':
print "Detected".ljust(15), ', '.join(output['pe_info'][item])
if item == 'directories':
print "Directories".ljust(15), ', '.join(output['pe_info'][item])
if item == 'sections_number':
if output['pe_info'][item] > 0:
x = 0
for suspicious in output['pe_info']['sections_info']:
if suspicious['suspicious']:
x = x+1
print "Sections".ljust(15), output['pe_info'][item], '('+str(x)+' suspicious)'
if item == 'import_hash':
print "Import Hash".ljust(15), output['pe_info'][item]
if item == 'compile_time':
print "Compile time".ljust(15), output['pe_info'][item]
if item == 'dll':
print "Dll".ljust(15), output['pe_info'][item]
if output['pe_info']:
for item in output['pe_info']:
if output['pe_info'][item]:
if item == 'xor_info':
print
print "Xor info"
print "-"*60
print "Key length".ljust(15), "Offset (hex)".ljust(15), "Offset (dec)"
for elem in output['pe_info'][item]:
print elem.ljust(15), hex(output['pe_info'][item][elem]).ljust(15), output['pe_info'][item][elem]
if item == 'sign_info':
print
print "Sign info"
print "-"*60
for elem in output['pe_info'][item]:
print elem.ljust(15), output['pe_info'][item][elem]
if item == 'packer_info':
print
print "Paker info"
print "-"*60
for packer in output['pe_info'][item]:
print packer
if item == 'mutex_info':
print
print "Mutex info"
print "-"*60
for mutex in output['pe_info'][item]:
print mutex
if item == 'antidbg_info':
print
print "Antidbg info"
print "-"*60
for antidbg in output['pe_info'][item]:
print antidbg
if item == 'antivm_info':
print
print "AntiVM info"
print "-"*60
for antivm in output['pe_info'][item]:
print antivm
if item == 'apialert_info':
print
print "Apialert info"
print "-"*60
for apialert in output['pe_info'][item]:
print apialert
if item == 'resources_info':
print
print "Resources info"
print "-"*60
for res in output['pe_info'][item]:
name = str(res['name'])
size = str(res['size'])
data = str(res['data'])[0:35]
data = re.sub(r'\t|\n|\r|\s+', ' ', data)
print name.ljust(15), size.ljust(8), data
if item == 'import_function':
print
print "Import function"
print "-"*60
for func in output['pe_info'][item]:
f = len(output['pe_info'][item][func])
print func.ljust(15), str(f)
if item == 'export_function':
print
print "Export function"
print "-"*60
for func in output['pe_info'][item]:
print func['function'][0:15].ljust(15), func['address']
if item == 'sections_info':
for secsusp in output['pe_info'][item]:
if secsusp['suspicious']:
print
print "Sections suspicious"
print "-"*60
suspicious = True
break
if suspicious:
y = 0
for secsusp in output['pe_info'][item]:
for elem in secsusp:
if secsusp['suspicious']:
print elem.ljust(15), secsusp[elem]
y = y+1
if y > 1 and y < x*7 and secsusp['suspicious']: print
if output['file_found']:
print
print "Filename found"
print "-"*60
for item in output['file_found']:
for fname in output['file_found'][item]:
print item.ljust(15), fname
if output['url_found']:
print
print "Url found"
print "-"*60
for item in output['url_found']:
print item
if output['ip_found']:
print
print "IP found"
print "-"*60
for item in output['ip_found']:
print item
if output['fuzzing']:
print
print "Fuzzing match"
print "-"*60
for item in output['fuzzing']:
print str(len(output['fuzzing'][item])).ljust(15), item
if output['pe_info']:
for item in output['pe_info']:
if output['pe_info'][item]:
if item == 'meta_info':
print
print "Meta info"
print "-"*60
for meta in output['pe_info'][item]:
print meta.ljust(15), output['pe_info'][item][meta]