malice-plugins / pescan Goto Github PK
View Code? Open in Web Editor NEWMalice PExecutable Plugin
License: Other
pescan's People
Contributors
Stargazers
Watchers
Forkers
pombredanne acealchemycyberblaze benhe119 xzvb12 magusto strajansebastian ralex1975 fjkhorasani thomasxm cyb3rchi3fpescan's Issues
UnicodeDecodeError: 'ascii' codec can't decode byte 0xc2
Scanning same file as in #4 results in:
2018-12-06 10:04:47,747 - __main__ - ERROR - failed to run malice plugin: pescan
Traceback (most recent call last):
File "/usr/sbin/pescan", line 122, in scan
malice_scan['results']['markdown'] = json2markdown(pe_results)
File "/usr/sbin/utils/__init__.py", line 74, in json2markdown
return Template(f.read()).render(exe=json_data)
File "/usr/lib/python2.7/site-packages/jinja2/environment.py", line 1008, in render
return self.environment.handle_exception(exc_info, True)
File "/usr/lib/python2.7/site-packages/jinja2/environment.py", line 780, in handle_exception
reraise(exc_type, exc_value, tb)
File "<template>", line 62, in top-level template code
UnicodeDecodeError: 'ascii' codec can't decode byte 0xc2 in position 10: ordinal not in range(128)
DIALOG_TITLE: FILE_STRING
SUCCESS
PE: STRINGS - RT_DIALOG (id:0x6e - lang_id:0x0409 [English-United States])
DIALOG_TITLE: FILE_STRING
BUTTON: FILE_STRING
BUTTON: FILE_STRING
SUCCESS
PE: STRINGS - RT_DIALOG (id:0x6f - lang_id:0x0409 [English-United States])
DIALOG_TITLE: FILE_STRING
BUTTON: FILE_STRING
BUTTON: FILE_STRING
BUTTON: FILE_STRING
SUCCESS
PE: STRINGS - RT_DIALOG (id:0x71 - lang_id:0x0409 [English-United States])
DIALOG_TITLE: FILE_STRING
BUTTON: FILE_STRING
SUCCESS
UndefinedError: 'dict object' has no attribute 'compiletime'
All plugins are up to date.
Scanning putty.exe (7afb56dd48565c3c9804f683c80ef47e5333f847f2d3211ec11ed13ad36061e1) results in the following output from pescan:
>> docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v `pwd`:/malice/samples --network="host" malice/engine scan --logs putty.exe
...
2018-11-29 11:02:35,648 - malice - ERROR - 'module' object has no attribute '__getitem__'
Traceback (most recent call last):
File "/usr/sbin/malice/__init__.py", line 800, in run
self.resource_strings()
File "/usr/sbin/malice/__init__.py", line 495, in resource_strings
language.id, lcid[language.id])
TypeError: 'module' object has no attribute '__getitem__'
2018-11-29 11:02:35,699 - __main__ - ERROR - failed to run malice plugin: pescan
Traceback (most recent call last):
File "/usr/sbin/pescan", line 122, in scan
malice_scan['results']['markdown'] = json2markdown(pe_results)
File "/usr/sbin/utils/__init__.py", line 74, in json2markdown
return Template(f.read()).render(exe=json_data)
File "/usr/lib/python2.7/site-packages/jinja2/environment.py", line 1008, in render
return self.environment.handle_exception(exc_info, True)
File "/usr/lib/python2.7/site-packages/jinja2/environment.py", line 780, in handle_exception
reraise(exc_type, exc_value, tb)
File "<template>", line 8, in top-level template code
File "/usr/lib/python2.7/site-packages/jinja2/environment.py", line 430, in getattr
return getattr(obj, attribute)
UndefinedError: 'dict object' has no attribute 'compiletime'
...
The error didn't occur with a couple of other exe files i tested.
Docker version:
Docker version:
Client:
Version: 18.09.0
API version: 1.39
Go version: go1.10.4
Git commit: 4d60db4
Built: Wed Nov 7 00:49:01 2018
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 18.09.0
API version: 1.39 (minimum version 1.12)
Go version: go1.10.4
Git commit: 4d60db4
Built: Wed Nov 7 00:16:44 2018
OS/Arch: linux/amd64
Experimental: false
Docker info (with some info removed):
Docker info:
Containers: 6
Running: 1
Paused: 0
Stopped: 5
Images: 26
Server Version: 18.09.0
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: c4446665cb9c30056f4998ed953e6d4ff22c7c39
runc version: 4fc53a81fb7c994640722ac585fa9ca548971871
init version: fec3683
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.15.0-39-generic
Operating System: Linux Mint 19
OSType: linux
Architecture: x86_64
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine
WARNING: No swap limit support
Error in get_signify
All plugins are up to date.
Scanning FileZilla_3.38.1_win64-setup_bundled.exe (8de6ddd0687ba0075e10aad4c80dd80a436c4791a3a6d67cdfc7aa14da3ade0d) results in the following output from pescan:
>> docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v `pwd`:/malice/samples --network="host" malice/engine scan --logs FileZilla_3.38.1_win64-setup_bundled.exe
...
2018-11-29 11:08:28,186 - malice - ERROR - sequence item 0: expected string, int found
Traceback (most recent call last):
File "/usr/sbin/malice/__init__.py", line 788, in run
self.results['signature'] = get_signify(self.file, log=log)
File "/usr/sbin/malice/sig.py", line 22, in get_signify
s_data.verify()
File "/usr/lib/python2.7/site-packages/signify/signed_pe.py", line 232, in verify
signed_datas = list(self.signed_datas)
File "/usr/lib/python2.7/site-packages/signify/signed_pe.py", line 214, in signed_datas
yield SignedData.from_certificate(certificate['certificate'], pefile=self)
File "/usr/lib/python2.7/site-packages/signify/authenticode.py", line 126, in from_certificate
signed_data = SignedData(data, *args, **kwargs)
File "/usr/lib/python2.7/site-packages/signify/authenticode.py", line 111, in __init__
self._parse()
File "/usr/lib/python2.7/site-packages/signify/authenticode.py", line 156, in _parse
self.signer_info = AuthenticodeSignerInfo(self.data['signerInfos'][0])
File "/usr/lib/python2.7/site-packages/signify/signerinfo.py", line 54, in __init__
self._parse()
File "/usr/lib/python2.7/site-packages/signify/authenticode.py", line 67, in _parse
super(AuthenticodeSignerInfo, self)._parse()
File "/usr/lib/python2.7/site-packages/signify/signerinfo.py", line 69, in _parse
required=self._required_authenticated_attributes
File "/usr/lib/python2.7/site-packages/signify/signerinfo.py", line 138, in _parse_attributes
([_print_type(x) for x in required], [_print_type(x) for x in result]))
File "/usr/lib/python2.7/site-packages/signify/__init__.py", line 8, in _print_type
return ".".join(t)
TypeError: sequence item 0: expected string, int found
...
The error didn't occur with a couple of other exe files i tested.
This may be a bug in pescan itself.
Docker version:
Docker version:
Client:
Version: 18.09.0
API version: 1.39
Go version: go1.10.4
Git commit: 4d60db4
Built: Wed Nov 7 00:49:01 2018
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 18.09.0
API version: 1.39 (minimum version 1.12)
Go version: go1.10.4
Git commit: 4d60db4
Built: Wed Nov 7 00:16:44 2018
OS/Arch: linux/amd64
Experimental: false
Docker info (with some info removed):
Docker info:
Containers: 6
Running: 1
Paused: 0
Stopped: 5
Images: 26
Server Version: 18.09.0
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: c4446665cb9c30056f4998ed953e6d4ff22c7c39
runc version: 4fc53a81fb7c994640722ac585fa9ca548971871
init version: fec3683
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.15.0-39-generic
Operating System: Linux Mint 19
OSType: linux
Architecture: x86_64
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine
WARNING: No swap limit support
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.