ResTianTian/detect_rep
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
main
detect_rep/tool/detect_pe_packer.py
Yang Xin e66b122515 second commit
2023-04-05 10:04:49 +08:00

47 lines
1.5 KiB
Python
Raw Permalink Blame History

import pefile
def importKnownPackers(filePath):
knownPackers =[]
try:
with open(filePath) as packerPath:
for line in packerPath:
knownPackers.append(line.strip())
except:
print("Error reading given file.")
return None
return knownPackers
def detectPackers(pe, knownPackers):
sections=[]
for section in pe.sections:
sections.append(section.Name.decode('utf-8').strip('\x00'))
matches=[]
for section in sections:
for item_section in knownPackers:
if section == item_section or item_section==item_section.swapcase():
matches.append(section)
return matches
def detect_pack_res(targetMalware= "./pack/UPX.exe"):
knownPackerFile = "knownPackerSections.txt"
targetMalware = pefile.PE(targetMalware)
knownPackers = importKnownPackers(knownPackerFile)
detectedPackers = detectPackers(targetMalware, knownPackers)
if detectedPackers:
# print("有加壳")
return True
else:
# print("无加壳")
return False
if __name__ == '__main__':
# targetMalware = "./pack/UPX.exe"
# knownPackerFile = "knownPackerSections.txt"
#
# targetMalware = pefile.PE(targetMalware)
# knownPackers = importKnownPackers(knownPackerFile)
# print(knownPackers)
# detectedPackers = detectPackers(targetMalware, knownPackers)
# for item in detectedPackers:
# print(item)
detect_pack_res(targetMalware= "./pack/UPX.exe")
Reference in New Issue View Git Blame Copy Permalink