本文整理汇总了Python中peutils.SignatureDatabase方法的典型用法代码示例。如果您正苦于以下问题:Python peutils.SignatureDatabase方法的具体用法?Python peutils.SignatureDatabase怎么用?Python peutils.SignatureDatabase使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类peutils的用法示例。
在下文中一共展示了peutils.SignatureDatabase方法的9个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: __init__
# 需要导入模块: import peutils [as 别名]
# 或者: from peutils import SignatureDatabase [as 别名]
def __init__(self, host, port, user, password, threshold=40, secure=False, filepath=None, filename=None, folder_path=None):
"""Connects to neo4j database, loads options and set connectors.
@raise CuckooReportError: if unable to connect.
"""
self.threshold = int(threshold)
self.graph = Graph(host=host, user=user, password=password, secure=secure, port=port)
self.filepath = filepath
self.filename = filename
self.folder_path = folder_path
self.scout = ApiScout()
self.scout.setBaseAddress(0)
self.scout.loadWinApi1024(os.path.abspath(os.path.join(os.path.dirname(__file__))) + os.sep + "data" + os.sep + "winapi1024v1.txt")
self.magictest = magic.Magic(uncompress=True)
CWD = os.path.abspath(os.path.dirname(__file__))
USERDB = os.path.join(CWD, os.path.normpath("data/UserDB.TXT"))
with open(USERDB, 'rt') as f:
sig_data = f.read()
self.signatures = peutils.SignatureDatabase(data=sig_data)
if self.folder_path:
self.files = self.get_files(folder_path) 示例2: __init__
# 需要导入模块: import peutils [as 别名]
# 或者: from peutils import SignatureDatabase [as 别名]
def __init__(self, data, yara_rules=None, peid_sigs=None):
self.pedata = data
# initialize YARA rules if provided
if yara_rules and sys.modules.has_key('yara'):
self.rules = yara.compile(yara_rules)
else:
self.rules = None
# initialize PEiD signatures if provided
if peid_sigs:
self.sigs = peutils.SignatureDatabase(peid_sigs)
else:
self.sigs = None 示例3: _get_peid_signatures
# 需要导入模块: import peutils [as 别名]
# 或者: from peutils import SignatureDatabase [as 别名]
def _get_peid_signatures(self):
"""Gets PEID signatures.
@return: matched signatures or None.
"""
try:
sig_path = os.path.join(CUCKOO_ROOT, "data",
"peutils", "UserDB.TXT")
signatures = peutils.SignatureDatabase(sig_path)
return signatures.match(self.pe, ep_only=True)
except:
return None 示例4: check_peid
# 需要导入模块: import peutils [as 别名]
# 或者: from peutils import SignatureDatabase [as 别名]
def check_peid(filename):
signatures = peutils.SignatureDatabase(pathname)
pe = pefile.PE(filename)
matches = signatures.match_all(pe,ep_only = True)
return matches
# Check for Anti VM 示例5: _get_peid_signatures
# 需要导入模块: import peutils [as 别名]
# 或者: from peutils import SignatureDatabase [as 别名]
def _get_peid_signatures(self):
"""Gets PEID signatures.
@return: matched signatures or None.
"""
if not self.pe:
return None
try:
sig_path = os.path.join(CUCKOO_ROOT, "data",
"peutils", "UserDB.TXT")
signatures = peutils.SignatureDatabase(sig_path)
return signatures.match(self.pe, ep_only=True)
except:
return None 示例6: __init__
# 需要导入模块: import peutils [as 别名]
# 或者: from peutils import SignatureDatabase [as 别名]
def __init__(self, files, yara_rules=None, peid_sigs=None):
self.files = files
# initialize YARA rules if provided
if yara_rules and sys.modules.has_key('yara'):
self.rules = yara.compile(yara_rules)
else:
self.rules = None
# initialize PEiD signatures if provided
if peid_sigs:
self.sigs = peutils.SignatureDatabase(peid_sigs)
else:
self.sigs = None
print("PEiD no inicializado") 示例7: get_packer_info_pe
# 需要导入模块: import peutils [as 别名]
# 或者: from peutils import SignatureDatabase [as 别名]
def get_packer_info_pe(self,pe):
# PE (PEid)
# pe = pefile.PE(self.filepath)
signatures = peutils.SignatureDatabase(basic_conf["PEidSign_path"])
# matches is list()
self.packer = signatures.match_all(pe, ep_only = True) 示例8: __init__
# 需要导入模块: import peutils [as 别名]
# 或者: from peutils import SignatureDatabase [as 别名]
def __init__(self, config):
super().__init__(config)
if (self.config["UseLargePEIDDatabase"]):
self.signatures = peutils.SignatureDatabase('deps/peid/signatures_long.txt')
else:
self.signatures = peutils.SignatureDatabase('deps/peid/signatures_short.txt') 示例9: peid
# 需要导入模块: import peutils [as 别名]
# 或者: from peutils import SignatureDatabase [as 别名]
def peid(self):
def get_signatures():
with file(os.path.join(CIRTKIT_ROOT, 'data/peid/UserDB.TXT'), 'rt') as f:
sig_data = f.read()
signatures = peutils.SignatureDatabase(data=sig_data)
return signatures
def get_matches(pe, signatures):
matches = signatures.match_all(pe, ep_only=True)
return matches
if not self.__check_session():
return
signatures = get_signatures()
peid_matches = get_matches(self.pe, signatures)
if peid_matches:
self.log('info', "PEiD Signatures:")
for sig in peid_matches:
if type(sig) is list:
self.log('item', sig[0])
else:
self.log('item', sig)
else:
self.log('info', "No PEiD signatures matched.")
if self.args.scan and peid_matches:
self.log('info', "Scanning the repository for matching samples...")
db = Database()
samples = db.find(key='all')
matches = []
for sample in samples:
if sample.sha256 == __sessions__.current.file.sha256:
continue
sample_path = get_sample_path(sample.sha256)
if not os.path.exists(sample_path):
continue
try:
cur_pe = pefile.PE(sample_path)
cur_peid_matches = get_matches(cur_pe, signatures)
except:
continue
if peid_matches == cur_peid_matches:
matches.append([sample.name, sample.sha256])
self.log('info', "{0} relevant matches found".format(bold(len(matches))))
if len(matches) > 0:
self.log('table', dict(header=['Name', 'SHA256'], rows=matches))