def calc_hash(self, pe_data, addr_space, base, proc, space): try: pe = pefile.PE(data=pe_data) hash_result = pe.get_imphash() except: hash_result = "Error: This file is not PE file imphash" try: fuzzy_result = pyimpfuzzy.get_impfuzzy_data(pe_data) except: fuzzy_result = "Error: This file is not PE file impfuzzy" if not hash_result and not self._config.FASTMODE: pid = proc.UniqueProcessId simp = SearchImp(self._config) apilists = simp.get_apilist(pid, addr_space, base, proc, space) if apilists is not None: hash_result = hashlib.md5(apilists).hexdigest() fuzzy_result = impfuzzyutil.hash_data(apilists) else: hash_result = "" fuzzy_result = "" return hash_result, fuzzy_result
def get_impfuzzy(file): pe = pefileEx(file) apilist, apilen = pe.calc_impfuzzy() return impfuzzyutil.hash_data(apilist)
def get_impfuzzy_data(file): pe = pefileEx(data=file) apilist = pe.calc_impfuzzy() return impfuzzyutil.hash_data(apilist)