def processFile(self, filename): print "[+] Analyzing file %s" % filename pyew = CPyew(batch=True) pyew.deepcodeanalysis = self.deep pyew.analysis_timeout = 0 pyew.loadFile(filename) if pyew.format in ["PE", "ELF"]: hash = sha256(pyew.getBuffer()).hexdigest() self.data.append({hash:pyew}) else: print "Not a PE/ELF file"
def processFile(self, filename): #print "[+] Analyzing file %s" % filename pyew = CPyew(batch=True) pyew.deepcodeanalysis = self.deep pyew.analysis_timeout = 0 pyew.loadFile(filename) if pyew.format in ["PE", "ELF"]: hash = sha256(pyew.getBuffer()).hexdigest() self.data.append({hash: pyew}) else: sys.stderr.writelines("Not a PE/ELF file") sys.stderr.flush()
def processFile(self, filename): sys.stderr.write("[+] Analyzing file %s\n" % filename) sys.stderr.flush() pyew = CPyew(batch=True) pyew.deepcodeanalysis = self.deep pyew.analysis_timeout = 0 pyew.loadFile(filename) if pyew.format in ["PE", "ELF"]: hash = sha256(pyew.getBuffer()).hexdigest() self.data.append({hash:pyew}) else: sys.stderr.writelines("Not a PE/ELF file") sys.stderr.flush()
def analyse(self, path): filename = path t = time.time() buf = open(filename, "rb").read() sha1_hash = sha1(buf).hexdigest() if self.file_exists(sha1_hash): log("Already existing file %s..." % sha1_hash) return ANALYSIS_ALREADY pyew = CPyew(batch=True) pyew.analysis_timeout = 300 pyew.codeanalysis = True pyew.deepcodeanalysis = True try: pyew.loadFile(path) load_error = False except KeyboardInterrupt: log("Abort") return ANALYSIS_FAILED except: log("ERROR loading file %s" % path) load_error = True if not load_error: if pyew.format not in ["PE", "ELF", "bootsector"]: if pyew.format not in ["PDF", "OLE2"]: log("Not a known executable/document format") load_error = True if load_error: return ANALYSIS_FAILED primes = [] total_functions = len(pyew.function_stats) if not load_error and total_functions > 0: nodes = [] edges = [] ccs = [] callgraph = 1 for x in pyew.function_stats: nodes.append(pyew.function_stats[x][0]) edges.append(pyew.function_stats[x][1]) cc = pyew.function_stats[x][2] ccs.append(cc) prime = self.primes_table[cc] callgraph *= prime primes.append(prime) avg_nodes = abs(sum(nodes) / total_functions) avg_edges = abs(sum(edges) / total_functions) avg_ccs = abs(sum(ccs) / total_functions) elif load_error: total_functions = avg_nodes = avg_edges = avg_ccs = -1 callgraph = -1 msg = "%d-%d-%d-%d" % (total_functions, avg_nodes, avg_edges, avg_ccs) log("File analysed %s, callgraph signature %s" % (msg, callgraph)) log("Time to analyze %f" % (time.time() - t)) callgraph = str(callgraph) primes = ",".join(map(str, primes)) desc = self.get_description(buf) self.db.insert("samples", filename=filename, callgraph=callgraph, \ hash=sha1_hash, total_functions=total_functions, \ format=pyew.format, primes=primes, description=desc,\ analysis_date=time.asctime()) return ANALYSIS_SUCCESS