def get_xor(pe): show_xor = xor.get(pe) return json.dumps({ "Xor": show_xor[0], "Offset": show_xor[1] }, indent=4, separators=(',', ': '))
def get(pe, filename): fname = os.path.basename(filename) # file name -> use (filename) fsize = os.path.getsize(filename) # file size (in byte) -> use (filename) dll = pe.FILE_HEADER.IMAGE_FILE_DLL # dll -> use (pe) nsec = pe.FILE_HEADER.NumberOfSections # num sections -> use (pe) tstamp = pe.FILE_HEADER.TimeDateStamp # timestamp -> (pe) try: """ return date """ tsdate = datetime.datetime.fromtimestamp(tstamp) except: """ return timestamp """ tsdate = str(tstamp) + " [Invalid date]" md5, sha1, imphash = get_hash( pe, filename) # get md5, sha1, imphash -> (pe, filename) # directory -> (pe) dirlist = directories.get(pe) detected = [] for sign in dirlist: # digital signature if sign == "Security": detected.append("Sign") packer = peid.get(pe) # packer (peid) if packer: detected.append("Packer") antidbg = apiantidbg.get(pe) # anti debug if antidbg: detected.append("Anti Debug") xorcheck = xor.get(filename) # Xor if xorcheck[0] and xorcheck[1]: detected.append("Xor") antivirtualmachine = antivm.get(filename) # anti virtual machine if antivirtualmachine: detected.append("Anti VM") return json.dumps({"File Name": fname, \ "File Size": str(fsize), \ "Compile Time": str(tsdate), \ "DLL": dll, \ "Sections": nsec, \ "Hash MD5": md5, \ "Hash SHA-1": sha1, \ "Import Hash": imphash, \ "Xor": xorcheck[0], \ "Detected": detected, \ "Directories": dirlist }, indent=4, separators=(',', ': '))
def get(pe, filename): fname = os.path.basename(filename) # file name -> use (filename) fsize = os.path.getsize(filename) # file size (in byte) -> use (filename) dll = pe.FILE_HEADER.IMAGE_FILE_DLL # dll -> use (pe) nsec = pe.FILE_HEADER.NumberOfSections # num sections -> use (pe) tstamp = pe.FILE_HEADER.TimeDateStamp # timestamp -> (pe) try: """ return date """ tsdate = datetime.datetime.fromtimestamp(tstamp) except: """ return timestamp """ tsdate = str(tstamp) + " [Invalid date]" md5, sha1, imphash = get_hash(pe, filename) # get md5, sha1, imphash -> (pe, filename) # directory -> (pe) dirlist = directories.get(pe) detected = [] for sign in dirlist: # digital signature if sign == "Security": detected.append("Sign") packer = peid.get(pe) # packer (peid) if packer: detected.append("Packer") antidbg = apiantidbg.get(pe) # anti debug if antidbg: detected.append("Anti Debug") xorcheck = xor.get(filename) # Xor if xorcheck[0] and xorcheck[1]: detected.append("Xor") antivirtualmachine = antivm.get(filename) # anti virtual machine if antivirtualmachine: detected.append("Anti VM") return json.dumps({"File Name": fname, \ "File Size": str(fsize), \ "Compile Time": str(tsdate), \ "DLL": dll, \ "Sections": nsec, \ "Hash MD5": md5, \ "Hash SHA-1": sha1, \ "Import Hash": imphash, \ "Xor": xorcheck[0], \ "Detected": detected, \ "Directories": dirlist }, indent=4, separators=(',', ': '))
def get_xor(pe): show_xor = xor.get(pe) return show_xor
def get_xor(pe): show_xor = xor.get(pe) return json.dumps({"Xor": show_xor[0], "Offset": show_xor[1]}, indent=4, separators=(',', ': '))