當前位置: 首頁>>代碼示例>>Python>>正文

Python peutils.SignatureDatabase方法代碼示例

本文整理匯總了Python中peutils.SignatureDatabase方法的典型用法代碼示例。如果您正苦於以下問題:Python peutils.SignatureDatabase方法的具體用法?Python peutils.SignatureDatabase怎麽用?Python peutils.SignatureDatabase使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在peutils的用法示例。


在下文中一共展示了peutils.SignatureDatabase方法的9個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。

示例1: __init__

# 需要導入模塊: import peutils [as 別名]
# 或者: from peutils import SignatureDatabase [as 別名]
def __init__(self, host, port, user, password, threshold=40, secure=False, filepath=None, filename=None, folder_path=None):
        """Connects to neo4j database, loads options and set connectors.
        @raise CuckooReportError: if unable to connect.
        """
        self.threshold = int(threshold)
        self.graph = Graph(host=host, user=user, password=password, secure=secure, port=port)
        self.filepath = filepath
        self.filename = filename
        self.folder_path = folder_path
        self.scout = ApiScout()
        self.scout.setBaseAddress(0)
        self.scout.loadWinApi1024(os.path.abspath(os.path.join(os.path.dirname(__file__))) +  os.sep + "data" + os.sep + "winapi1024v1.txt")
        
        self.magictest = magic.Magic(uncompress=True)
        CWD = os.path.abspath(os.path.dirname(__file__))
        USERDB = os.path.join(CWD, os.path.normpath("data/UserDB.TXT"))
        with open(USERDB, 'rt') as f:
            sig_data = f.read()
            self.signatures = peutils.SignatureDatabase(data=sig_data)
        
        if self.folder_path:
            self.files = self.get_files(folder_path)
開發者ID:TheHive-Project,項目名稱:Cortex-Analyzers,代碼行數:24,代碼來源:malwareclustering_api.py

示例2: __init__

# 需要導入模塊: import peutils [as 別名]
# 或者: from peutils import SignatureDatabase [as 別名]
def __init__(self, data, yara_rules=None, peid_sigs=None):
        self.pedata = data
        
        # initialize YARA rules if provided 
        if yara_rules and sys.modules.has_key('yara'):
            self.rules = yara.compile(yara_rules)
        else:
            self.rules = None
            
        # initialize PEiD signatures if provided 
        if peid_sigs:
            self.sigs = peutils.SignatureDatabase(peid_sigs)
        else:
            self.sigs = None
開發者ID:omriher,項目名稱:CapTipper,代碼行數:16,代碼來源:pescanner.py

示例3: _get_peid_signatures

# 需要導入模塊: import peutils [as 別名]
# 或者: from peutils import SignatureDatabase [as 別名]
def _get_peid_signatures(self):
        """Gets PEID signatures.
        @return: matched signatures or None.
        """
        try:
            sig_path = os.path.join(CUCKOO_ROOT, "data",
                                    "peutils", "UserDB.TXT")
            signatures = peutils.SignatureDatabase(sig_path)
            return signatures.match(self.pe, ep_only=True)
        except:
            return None
開發者ID:phdphuc,項目名稱:mac-a-mal-cuckoo,代碼行數:13,代碼來源:static.py

示例4: check_peid

# 需要導入模塊: import peutils [as 別名]
# 或者: from peutils import SignatureDatabase [as 別名]
def check_peid(filename):
    signatures = peutils.SignatureDatabase(pathname)
    pe         = pefile.PE(filename)
    matches    = signatures.match_all(pe,ep_only = True)
    return matches

# Check for Anti VM
開發者ID:abdesslem,項目名稱:malwareHunter,代碼行數:9,代碼來源:pecore.py

示例5: _get_peid_signatures

# 需要導入模塊: import peutils [as 別名]
# 或者: from peutils import SignatureDatabase [as 別名]
def _get_peid_signatures(self):
        """Gets PEID signatures.
        @return: matched signatures or None.
        """
        if not self.pe:
            return None

        try:
            sig_path = os.path.join(CUCKOO_ROOT, "data",
                                    "peutils", "UserDB.TXT")
            signatures = peutils.SignatureDatabase(sig_path)
            return signatures.match(self.pe, ep_only=True)
        except:
            return None
開發者ID:davidoren,項目名稱:CuckooSploit,代碼行數:16,代碼來源:static.py

示例6: __init__

# 需要導入模塊: import peutils [as 別名]
# 或者: from peutils import SignatureDatabase [as 別名]
def __init__(self, files, yara_rules=None, peid_sigs=None):
        self.files = files

        # initialize YARA rules if provided
        if yara_rules and sys.modules.has_key('yara'):
            self.rules = yara.compile(yara_rules)
        else:
            self.rules = None

        # initialize PEiD signatures if provided
        if peid_sigs:
            self.sigs = peutils.SignatureDatabase(peid_sigs)
        else:
            self.sigs = None
            print("PEiD no inicializado")
開發者ID:codexgigassys,項目名稱:codex-backend,代碼行數:17,代碼來源:pescanner.py

示例7: get_packer_info_pe

# 需要導入模塊: import peutils [as 別名]
# 或者: from peutils import SignatureDatabase [as 別名]
def get_packer_info_pe(self,pe):
        # PE (PEid)
        # pe = pefile.PE(self.filepath)
        signatures = peutils.SignatureDatabase(basic_conf["PEidSign_path"])
        # matches is list()
        self.packer = signatures.match_all(pe, ep_only = True)
開發者ID:felicitychou,項目名稱:MalAnalyzer,代碼行數:8,代碼來源:basic_analyze.py

示例8: __init__

# 需要導入模塊: import peutils [as 別名]
# 或者: from peutils import SignatureDatabase [as 別名]
def __init__(self, config):
		super().__init__(config)
		if (self.config["UseLargePEIDDatabase"]):
			self.signatures = peutils.SignatureDatabase('deps/peid/signatures_long.txt')
		else:
			self.signatures = peutils.SignatureDatabase('deps/peid/signatures_short.txt')
開發者ID:cylance,項目名稱:PyPackerDetect,代碼行數:8,代碼來源:PEIDDetector.py

示例9: peid

# 需要導入模塊: import peutils [as 別名]
# 或者: from peutils import SignatureDatabase [as 別名]
def peid(self):

        def get_signatures():
            with file(os.path.join(CIRTKIT_ROOT, 'data/peid/UserDB.TXT'), 'rt') as f:
                sig_data = f.read()

            signatures = peutils.SignatureDatabase(data=sig_data)

            return signatures

        def get_matches(pe, signatures):
            matches = signatures.match_all(pe, ep_only=True)
            return matches

        if not self.__check_session():
            return

        signatures = get_signatures()
        peid_matches = get_matches(self.pe, signatures)

        if peid_matches:
            self.log('info', "PEiD Signatures:")
            for sig in peid_matches:
                if type(sig) is list:
                    self.log('item', sig[0])
                else:
                    self.log('item', sig)
        else:
            self.log('info', "No PEiD signatures matched.")

        if self.args.scan and peid_matches:
            self.log('info', "Scanning the repository for matching samples...")

            db = Database()
            samples = db.find(key='all')

            matches = []
            for sample in samples:
                if sample.sha256 == __sessions__.current.file.sha256:
                    continue

                sample_path = get_sample_path(sample.sha256)
                if not os.path.exists(sample_path):
                    continue

                try:
                    cur_pe = pefile.PE(sample_path)
                    cur_peid_matches = get_matches(cur_pe, signatures)
                except:
                    continue

                if peid_matches == cur_peid_matches:
                    matches.append([sample.name, sample.sha256])

            self.log('info', "{0} relevant matches found".format(bold(len(matches))))

            if len(matches) > 0:
                self.log('table', dict(header=['Name', 'SHA256'], rows=matches))
開發者ID:opensourcesec,項目名稱:CIRTKit,代碼行數:60,代碼來源:pe.py


注:本文中的peutils.SignatureDatabase方法示例由純淨天空整理自Github/MSDocs等開源代碼及文檔管理平台,相關代碼片段篩選自各路編程大神貢獻的開源項目,源碼版權歸原作者所有,傳播和使用請參考對應項目的License;未經允許,請勿轉載。