def test_ardamax_compile_pre(self):
cur_dir = os.getcwd()
csv = 'PoweliksCSV.csv'
ip = IocParser(csv)
res = ip.get_parsed_results()
c = Compiler(res, 1)
python_text = c.get_code_as_string()[0]
pre_file_name = 'pre_Powliks'
pre_python_path = f'{cur_dir}\\{pre_file_name}.py'
with open(pre_python_path, 'w') as f:
f.write(python_text)
try:
c.compile_to_exe(self.cur_dir + '\\', pre_python_path)
res = os.popen(f'{self.assets_dir}\\{pre_file_name}.exe').read()
self.assertTrue(True)
except FailedToCompileException:
self.assertFalse(True)
python_text = c.get_code_as_string()[2]
post_file_name = 'post_Powliks'
pre_python_path = f'{cur_dir}\\{post_file_name}.py'
with open(pre_python_path, 'w') as f:
f.write(python_text)
try:
c.compile_to_exe(self.cur_dir + '\\', pre_python_path)
res = os.popen(f'{self.assets_dir}\\{post_file_name}.exe').read()
self.assertTrue(True)
except FailedToCompileException:
self.assertFalse(True)
os.remove(f'{pre_python_path}')
os.remove(f'{self.cur_dir}\\{post_file_name}.spec')
os.remove(f'{self.cur_dir}\\{pre_file_name}.py')
os.remove(f'{self.cur_dir}\\{pre_file_name}.spec')
def test_compile_to_exe_simple(self):
f1 = FileIOCs('c:\\test1', CreateOpertaion())
f2 = FileIOCs('c:\\test2', CreateOpertaion())
c = Compiler([f1, f2], 1)
cur_dir = os.getcwd()
python_text = 'print("hello world")'
file_name = 'test_python_1'
temp_python_path = f'{cur_dir}\\{file_name}.py'
with open(temp_python_path, 'w') as f:
f.write(python_text)
c.compile_to_exe(self.cur_dir + '\\', temp_python_path)
res = os.popen(f'{self.assets_dir}\\{file_name}.exe').read()
os.remove(f'{self.cur_dir}\\{file_name}.py')
os.remove(f'{self.cur_dir}\\{file_name}.spec')
self.assertEqual(res, 'hello world\n')
class TestProcessIOC(unittest.TestCase):
process_name = "Calculator"
os.system('calc')
ioc = [ProcessIOCs(process_name, CreateOpertaion())]
compiler = Compiler(ioc)
pre_code, in_code, post_code = compiler.get_code_as_string()
def tearDown(self):
for proc in psutil.process_iter():
if self.process_name + ".exe" == proc.name(
) or self.process_name == proc.name():
proc.kill()
def test_create_happy(self):
exec(self.pre_code + self.in_code + self.post_code)
for proc in psutil.process_iter():
if self.process_name + ".exe" == proc.name(
) or self.process_name == proc.name():
self.assertFalse(True)
self.assertTrue(True)
# nothing to delete
def test_create_sad(self):
exec(self.pre_code + self.in_code + self.post_code)
for proc in psutil.process_iter():
if self.process_name + ".exe" == proc.name(
) or self.process_name == proc.name():
self.assertFalse(True)
self.assertTrue(True)
def test_sad(self):
f = FileIOCs('c:\\test2', CreateOpertaion())
c = Compiler([f], 1)
cur_dir = os.getcwd()
python_text = 'print("hello world)'
file_name = 'test_python_1'
temp_python_path = f'{cur_dir}\\{file_name}.py'
with open(temp_python_path, 'w') as f:
f.write(python_text)
try:
c.compile_to_exe(self.cur_dir + '\\', temp_python_path)
res = os.popen(f'{self.assets_dir}\\{file_name}.exe').read()
self.assertFalse(True)
except FailedToCompileException:
self.assertTrue(True)
finally:
os.remove(f'{self.cur_dir}\\{file_name}.py')
os.remove(f'{self.cur_dir}\\{file_name}.spec')
def test_dyre_compile_pre(self):
cur_dir = os.getcwd()
csv = 'DyreCSV.csv'
ip = IocParser(csv)
res = ip.get_parsed_results()
c = Compiler(res, 1)
python_text = c.get_code_as_string()[2]
file_name = 'test_dyre'
temp_python_path = f'{cur_dir}\\{file_name}.py'
with open(temp_python_path, 'w') as f:
f.write(python_text)
try:
c.compile_to_exe(self.cur_dir + '\\', temp_python_path)
res = os.popen(f'{self.assets_dir}\\{file_name}.exe').read()
self.assertTrue(True)
except FailedToCompileException:
self.assertFalse(True)
finally:
os.remove(f'{self.cur_dir}\\{file_name}.py')
os.remove(f'{self.cur_dir}\\{file_name}.spec')
def _create_assets(self):
parsed_iocs = self.parser.get_parsed_results()
compiler = Compiler(parsed_iocs, self.malware_id)
pre_code, in_code, post_code = compiler.get_code_as_string()
with open(self._pre_path, 'w') as f:
f.write(pre_code)
with open(self._in_path, 'w') as f:
f.write(in_code)
with open(self._post_path, 'w') as f:
f.write(post_code)
compiled_pre_path = compiler.compile_to_exe(folder_path=self.storage_path, file_name=self._pre_path)
compiled_in_path = compiler.compile_to_exe(folder_path=self.storage_path, file_name=self._in_path)
compiled_post_path = compiler.compile_to_exe(folder_path=self.storage_path, file_name=self._post_path)
self.malware_path = self.storage_path + 'assets\\malware.exe'
self.create_config_file()
copyfile(self.storage_path + f'{self.malware_id}.exe', self.malware_path)
output_file = self.storage_path
compiler.merge_to_zip(compiled_pre_path, compiled_in_path, compiled_post_path, self.malware_path,
self.conf_path, output_file)
def setUpClass(cls):
ioc = [FileIOCs(cls.file_path, ModifyOpertaion())]
compiler = Compiler(ioc)
cls.pre_code, cls.in_code, cls.post_code = compiler.get_code_as_string(
)
def setUpClass(cls):
ioc = [RegistryIOCs(cls.path, CreateOpertaion())]
compiler = Compiler(ioc)
cls.pre_code, cls.in_code, cls.post_code = compiler.get_code_as_string(
)
def test_get_code_simple(self):
f1 = FileIOCs('c:\\test1', CreateOpertaion())
f2 = FileIOCs('c:\\test2', CreateOpertaion())
c = Compiler([f1, f2], 1)
res = c.get_code_as_string()
self.assertEqual(len(res), 3)