43 lines
1.1 KiB
Python
43 lines
1.1 KiB
Python
|
import pefile
|
||
|
|
||
|
|
||
|
def importKnownPackers(filePath):
|
||
|
knownPackers =[]
|
||
|
try:
|
||
|
with open(filePath) as packerPath:
|
||
|
for line in packerPath:
|
||
|
knownPackers.append(line.strip())
|
||
|
except:
|
||
|
print("Error reading given file.")
|
||
|
return None
|
||
|
|
||
|
return knownPackers
|
||
|
|
||
|
|
||
|
def detectPackers(pe, knownPackers):
|
||
|
sections=[]
|
||
|
for section in pe.sections:
|
||
|
sections.append(section.Name.decode('utf-8').strip('\x00'))
|
||
|
matches=[]
|
||
|
|
||
|
for section in sections:
|
||
|
for item_section in knownPackers:
|
||
|
if section == item_section or item_section==item_section.swapcase():
|
||
|
matches.append(section)
|
||
|
|
||
|
return matches
|
||
|
|
||
|
|
||
|
def detect_pack_res(targetMalware):
|
||
|
knownPackerFile = "knownPackerSections.txt"
|
||
|
targetMalware = pefile.PE(targetMalware)
|
||
|
knownPackers = importKnownPackers(knownPackerFile)
|
||
|
detectedPackers = detectPackers(targetMalware, knownPackers)
|
||
|
targetMalware.close()
|
||
|
if detectedPackers:
|
||
|
print("有加壳")
|
||
|
return True
|
||
|
else:
|
||
|
print("无加壳")
|
||
|
return False
|