def from_dict(file_dict, file_class=None):
if not file_dict:
return None
if not file_class:
file_ = File()
else:
file_ = file_class
ObjectProperties.from_dict(file_dict, file_)
file_.is_packed = file_dict.get('is_packed')
file_.file_name = String.from_dict(file_dict.get('file_name'))
file_.file_path = FilePath.from_dict(file_dict.get('file_path'))
file_.device_path = String.from_dict(file_dict.get('device_path'))
file_.full_path = String.from_dict(file_dict.get('full_path'))
file_.file_extension = String.from_dict(file_dict.get('file_extension'))
file_.size_in_bytes = UnsignedLong.from_dict(file_dict.get('size_in_bytes'))
file_.magic_number = HexBinary.from_dict(file_dict.get('magic_number'))
file_.file_format = String.from_dict(file_dict.get('file_format'))
file_.hashes = HashList.from_list(file_dict.get('hashes'))
file_.extracted_features = ExtractedFeatures.from_dict(file_dict.get('extracted_features'))
file_.modified_time = String.from_dict(file_dict.get('modified_time'))
file_.accessed_time = String.from_dict(file_dict.get('accessed_time'))
file_.created_time = DateTime.from_dict(file_dict.get('created_time'))
return file_
def from_dict(toolinfo_dict, tool_class=None):
if not toolinfo_dict:
return None
if not tool_class:
toolinfo = ToolInformation()
else:
toolinfo = tool_class
toolinfo.id_ = toolinfo_dict.get('id')
toolinfo.idref = toolinfo_dict.get('idref')
toolinfo.name = toolinfo_dict.get('name')
toolinfo.type_ = [
ToolType.from_dict(x) for x in toolinfo_dict.get('type', [])
]
toolinfo.description = StructuredText.from_dict(
toolinfo_dict.get('description'))
toolinfo.vendor = toolinfo_dict.get('vendor')
toolinfo.version = toolinfo_dict.get('version')
toolinfo.service_pack = toolinfo_dict.get('service_pack')
toolinfo.tool_hashes = HashList.from_list(
toolinfo_dict.get('tool_hashes'))
return toolinfo
def from_dict(memory_dict):
if not memory_dict:
return None
memory_ = Memory()
memory_.is_injected = memory_dict.get('is_injected')
memory_.is_mapped = memory_dict.get('is_mapped')
memory_.is_protected = memory_dict.get('is_protected')
memory_.hashes = HashList.from_list(memory_dict.get('hashes'))
memory_.name = String.from_dict(memory_dict.get('name'))
memory_.region_size = UnsignedLong.from_dict(memory_dict.get('region_size'))
memory_.region_start_address = HexBinary.from_dict(memory_dict.get('region_start_address'))
memory_.extracted_features = None
return memory_
def from_dict(extracted_string_dict):
if not extracted_string_dict:
return None
extracted_string_ = ExtractedString()
extracted_string_.encoding = VocabString.from_dict(extracted_string_dict.get('encoding'))
extracted_string_.string_value = String.from_dict(extracted_string_dict.get('string_value'))
extracted_string_.byte_string_value = HexBinary.from_dict(extracted_string_dict.get('byte_string_value'))
extracted_string_.hashes = HashList.from_list(extracted_string_dict.get('hashes'))
extracted_string_.address = HexBinary.from_dict(extracted_string_dict.get('address'))
extracted_string_.length = PositiveInteger.from_dict(extracted_string_dict.get('length'))
extracted_string_.language = String.from_dict(extracted_string_dict.get('language'))
extracted_string_.english_translation = String.from_dict(extracted_string_dict.get('english_translation'))
return extracted_string_
def from_dict(toolinfo_dict, toolinfo=None):
if not toolinfo_dict:
return None
if not toolinfo:
toolinfo = ToolInformation()
toolinfo.id_ = toolinfo_dict.get('id')
toolinfo.idref = toolinfo_dict.get('idref')
toolinfo.name = toolinfo_dict.get('name')
toolinfo.type_ = [VocabString.from_dict(x) for x in toolinfo_dict.get('type', [])]
toolinfo.description = StructuredText.from_dict(toolinfo_dict.get('description'))
toolinfo.vendor = toolinfo_dict.get('vendor')
toolinfo.version = toolinfo_dict.get('version')
toolinfo.service_pack = toolinfo_dict.get('service_pack')
toolinfo.tool_hashes = HashList.from_list(toolinfo_dict.get('tool_hashes'))
return toolinfo
def from_dict(extracted_string_dict):
if not extracted_string_dict:
return None
extracted_string_ = ExtractedString()
extracted_string_.encoding = VocabString.from_dict(
extracted_string_dict.get('encoding'))
extracted_string_.string_value = String.from_dict(
extracted_string_dict.get('string_value'))
extracted_string_.byte_string_value = HexBinary.from_dict(
extracted_string_dict.get('byte_string_value'))
extracted_string_.hashes = HashList.from_list(
extracted_string_dict.get('hashes'))
extracted_string_.address = HexBinary.from_dict(
extracted_string_dict.get('address'))
extracted_string_.length = PositiveInteger.from_dict(
extracted_string_dict.get('length'))
extracted_string_.language = String.from_dict(
extracted_string_dict.get('language'))
extracted_string_.english_translation = String.from_dict(
extracted_string_dict.get('english_translation'))
return extracted_string_
def from_dict(win_service_dict):
if not win_service_dict:
return None
win_service_ = WinProcess.from_dict(win_service_dict, WinService())
win_service_.service_dll_signature_exists = win_service_dict.get('service_dll_signature_exists')
win_service_.service_dll_signature_verified = win_service_dict.get('service_dll_signature_verified')
win_service_.description_list = [String.from_dict(x) for x in win_service_dict.get('description_list', [])]
win_service_.display_name = String.from_dict(win_service_dict.get('display_name'))
win_service_.group_name = String.from_dict(win_service_dict.get('group_name'))
win_service_.service_name = String.from_dict(win_service_dict.get('service_name'))
win_service_.service_dll = String.from_dict(win_service_dict.get('service_dll'))
win_service_.service_dll_certificate_issuer = String.from_dict(win_service_dict.get('service_dll_certificate_issuer'))
win_service_.service_dll_certificate_subject = String.from_dict(win_service_dict.get('service_dll_certificate_subject'))
win_service_.service_dll_hashes = HashList.from_list(win_service_dict.get('service_dll_hashes'))
win_service_.service_dll_signature_description = String.from_dict(win_service_dict.get('service_dll_signature_description'))
win_service_.startup_command_line = String.from_dict(win_service_dict.get('startup_command_line'))
win_service_.startup_type = String.from_dict(win_service_dict.get('startup_type'))
win_service_.service_status = String.from_dict(win_service_dict.get('service_status'))
win_service_.service_type = String.from_dict(win_service_dict.get('service_type'))
win_service_.started_as = String.from_dict(win_service_dict.get('started_as'))
return win_service_
_data = fh.read()
return hashlib.sha1(_data).hexdigest()
def get_sha256(filepath):
_data = None
with open(filepath, 'rb') as fh:
_data = fh.read()
return hashlib.sha256(_data).hexdigest()
h = HashList.from_list([{
'type': 'MD5',
'simple_hash_value': get_md5(target)
}, {
'type': 'SHA1',
'simple_hash_value': get_sha1(target)
}, {
'type': 'SHA256',
'simple_hash_value': get_sha256(target)
}])
pe = pefile.PE(target)
dos_header = cybox.objects.win_executable_file_object.DOSHeader()
file_header = cybox.objects.win_executable_file_object.PEFileHeader()
winfile = cybox.objects.win_executable_file_object.WinExecutableFile()
pe_headers = cybox.objects.win_executable_file_object.PEHeaders()
# e_magic : Word; // Magic number ("MZ")
dos_header.e_magic = HexBinary(hex(
pe.DOS_HEADER.e_magic)) # HexBinary(hex(pe.DOS_HEADER.e_magic)[2:])