detect_rep/data_extract/detect_pe_packer.py

import pefile
def importKnownPackers(filePath):
    knownPackers =[]
    try:
        with open(filePath) as packerPath:
            for line in packerPath:
                knownPackers.append(line.strip())
    except:
        print("Error reading given file.")
        return None

    return knownPackers
def detectPackers(pe, knownPackers):
    sections=[]
    for section in pe.sections:
        sections.append(section.Name.decode('utf-8').strip('\x00'))
    matches=[]

    for section in sections:
        for item_section in knownPackers:
            if section == item_section or item_section==item_section.swapcase():
                matches.append(section)

    return matches

def detect_pack_res(targetMalware= "./pack/UPX.exe"):
    knownPackerFile = "knownPackerSections.txt"
    targetMalware = pefile.PE(targetMalware)
    knownPackers = importKnownPackers(knownPackerFile)
    detectedPackers = detectPackers(targetMalware, knownPackers)
    if detectedPackers:
        # print("有加壳")
        return True
    else:
        # print("无加壳")
        return False
if __name__ == '__main__':
    # targetMalware = "./pack/UPX.exe"
    # knownPackerFile = "knownPackerSections.txt"
    # 
    # targetMalware = pefile.PE(targetMalware)
    # knownPackers = importKnownPackers(knownPackerFile)
    # print(knownPackers)
    # detectedPackers = detectPackers(targetMalware, knownPackers)
    # for item in detectedPackers:
    #     print(item)
    detect_pack_res(targetMalware= "./pack/UPX.exe")
second commit 2023-04-05 10:04:49 +08:00			`import pefile`
			`def importKnownPackers(filePath):`
			`knownPackers =[]`
			`try:`
			`with open(filePath) as packerPath:`
			`for line in packerPath:`
			`knownPackers.append(line.strip())`
			`except:`
			`print("Error reading given file.")`
			`return None`

			`return knownPackers`
			`def detectPackers(pe, knownPackers):`
			`sections=[]`
			`for section in pe.sections:`
			`sections.append(section.Name.decode('utf-8').strip('\x00'))`
			`matches=[]`

			`for section in sections:`
			`for item_section in knownPackers:`
			`if section == item_section or item_section==item_section.swapcase():`
			`matches.append(section)`

			`return matches`

			`def detect_pack_res(targetMalware= "./pack/UPX.exe"):`
			`knownPackerFile = "knownPackerSections.txt"`
			`targetMalware = pefile.PE(targetMalware)`
			`knownPackers = importKnownPackers(knownPackerFile)`
			`detectedPackers = detectPackers(targetMalware, knownPackers)`
			`if detectedPackers:`
			`# print("有加壳")`
			`return True`
			`else:`
			`# print("无加壳")`
			`return False`
			`if __name__ == '__main__':`
			`# targetMalware = "./pack/UPX.exe"`
			`# knownPackerFile = "knownPackerSections.txt"`
			`#`
			`# targetMalware = pefile.PE(targetMalware)`
			`# knownPackers = importKnownPackers(knownPackerFile)`
			`# print(knownPackers)`
			`# detectedPackers = detectPackers(targetMalware, knownPackers)`
			`# for item in detectedPackers:`
			`# print(item)`
			`detect_pack_res(targetMalware= "./pack/UPX.exe")`