Skip to content

Commit

Permalink
PE Parser link with generic parser
Browse files Browse the repository at this point in the history
  • Loading branch information
@uppusaikiran
uppusaikiran committed Sep 16, 2017
1 parent 1a6bbd3 commit ac1a554
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 2 deletions.
3 changes: 2 additions & 1 deletion app.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
from src import generic , custom_logger
import time
import logging
import sys

logger = logging.getLogger(__name__)
logger.setLevel(logging.INFO)
Expand All @@ -15,7 +16,7 @@

def main():
logger.info('Starting Main Process at {}'.format(time.time()))
gen_obj = generic.GenericParser('/home/ransom/9a66eef3511daf5cc2954d7ae0fc93e6920f4d0ce565b6df7438899598711e99')
gen_obj = generic.GenericParser(sys.argv[1])
gen_obj.check_mime()

if __name__ == '__main__':
Expand Down
4 changes: 3 additions & 1 deletion src/generic.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
import json
import os
import magic
from pe_parser import PEFeatureExtractor , test

logger = logging.getLogger(__name__)
logger.setLevel(logging.INFO)
Expand Down Expand Up @@ -56,7 +57,7 @@ def __init__(self, file_path):
".pdf": ["application/pdf", "application/x-pdf", "application/acrobat", "application/vnd.pdf", "text/pdf", "text/x-pdf"]
}
self.mime_executable = {
".exe" : ["application/octet-stream", "application/x-msdownload", "application/exe", "application/x-exe", "application/dos-exe", "vms/exe", "application/x-winexe", "application/msdos-windows", "application/x-msdos-program"]
".exe" : ["application/x-dosexec","application/octet-stream", "application/x-msdownload", "application/exe", "application/x-exe", "application/dos-exe", "vms/exe", "application/x-winexe", "application/msdos-windows", "application/x-msdos-program"]
}
self.mime_compressed = {}
self.mime_packed = {}
Expand All @@ -79,6 +80,7 @@ def check_mime(self):
logger.info('Packed File {} mime {}'.format(self.file_path, magic_mime))
elif magic_mime in self.mime_executable['.exe'][0]:
logger.info('Executable File {} mime {}'.format(self.file_path, magic_mime))
test(self.file_path)
logger.info('Sending File {} to Exe Extractor'.format(self.file_path))
elif magic_mime in self.mime_no_macro:
logger.info('NonMacro File {} mime {}'.format(self.file_path, magic_mime))
Expand Down
16 changes: 16 additions & 0 deletions src/pe_parser.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -256,6 +256,22 @@ def main():
else:
logger.info('Not able to extract PE on file {} .. Exiting'.format('/home/ransom/exe_example'))

def test(filename):
peExtractor = PEFeatureExtractor(filename)
peExtractor.extractor()
peStatus = peExtractor.check_for_pe_success()
if peStatus:
peExtractor.extract_features()
peExtractor.put_pe_features()
peExtractor.put_rare_features()
peExtractor.createFeatureDict()
peExtractor.pe_sections()
peExtractor.pe_mapping_section()
print json.dumps(peExtractor.get_pe_features(),sort_keys=True, indent=4)
print json.dumps(peExtractor.get_rare_features(),sort_keys=True, indent=4)
else:
logger.info('Not able to extract PE on file {} .. Exiting'.format(filename))


if __name__ == '__main__':
main()

0 comments on commit ac1a554

Please sign in to comment.