sample_cleaning_demo/Sample_cleaning/detect_pe_packer.py

import pefile


def importKnownPackers(filePath):
    knownPackers =[]
    try:
        with open(filePath) as packerPath:
            for line in packerPath:
                knownPackers.append(line.strip())
    except:
        print("Error reading given file.")
        return None

    return knownPackers


def detectPackers(pe, knownPackers):
    sections=[]
    for section in pe.sections:
        sections.append(section.Name.decode('utf-8').strip('\x00'))
    matches=[]

    for section in sections:
        for item_section in knownPackers:
            if section == item_section or item_section==item_section.swapcase():
                matches.append(section)

    return matches


def detect_pack_res(targetMalware):
    knownPackerFile = "knownPackerSections.txt"
    targetMalware = pefile.PE(targetMalware)
    knownPackers = importKnownPackers(knownPackerFile)
    detectedPackers = detectPackers(targetMalware, knownPackers)
    targetMalware.close()
    if detectedPackers:
        print("有加壳")
        return True
    else:
        print("无加壳")
        return False