def run(self, objfile):
self.key = "Yara"
self.score = 0
rulepath = self.options.get("rulepath")
results = []
resultOrginalFile = commonutils.processYara(
rulepath, filepath=objfile.file.temp_file)
# Run YARA for unpacked file
if objfile.unpacked_file:
resultUnpackedFile = commonutils.processYara(
rulepath,
filepath=objfile.unpacked_file.temp_file,
prefix="UnpackedFile")
# Update Meta-description -> set marker UnpackedFile
for res in resultUnpackedFile:
desc = res.get("meta").get("description")
desc = "UnpackedFile - %s" % desc
res["meta"]["description"] = desc
results.append(res)
results = results + resultOrginalFile
return results
def run(self, objfile):
self.key = "Yara"
self.score = 0
rulepath = self.options.get("rulepath")
results = []
resultOrginalFile = commonutils.processYara(rulepath, filepath=objfile.file.temp_file)
# Run YARA for unpacked file
if objfile.unpacked_file:
resultUnpackedFile = commonutils.processYara(rulepath, filepath=objfile.unpacked_file.temp_file,
prefix="UnpackedFile")
# Update Meta-description -> set marker UnpackedFile
for res in resultUnpackedFile:
desc = res.get("meta").get("description")
desc = "UnpackedFile - %s" % desc
res["meta"]["description"] = desc
results.append(res)
results = results + resultOrginalFile
return results
def __runYara(self, results):
# Check Yara Support
try:
import yara
except ImportError:
return None
yaraHits = commonutils.processYara(YARA_RULEPATH, data=str(results))
# concatenate yarahits from sample file and result
if results.get('Yara'):
yaraHits = yaraHits + results['Yara']
if yaraHits:
yaraHits = {"Yara": yaraHits}
return yaraHits
def __runYara(self, results):
# Check Yara Support
try:
import yara
except ImportError:
return None
yaraHits = commonutils.processYara(YARA_RULEPATH, data=str(results))
# concatenate yarahits from sample file and result
if results.get('Yara'):
yaraHits = yaraHits + results['Yara']
if yaraHits:
yaraHits = {"Yara" : yaraHits}
return yaraHits