Class: Dorothy::Loadmalw

Inherits:

Object

Object
Dorothy::Loadmalw

show all

Defined in:: lib/dorothy2/MAM.rb

Instance Attribute Summary collapse

#binpath ⇒ Object readonly

Returns the value of attribute binpath.
#ctime ⇒ Object readonly

Returns the value of attribute ctime.
#dbtype ⇒ Object readonly

Returns the value of attribute dbtype.
#dir_bin ⇒ Object

Returns the value of attribute dir_bin.
#dir_downloads ⇒ Object

Returns the value of attribute dir_downloads.
#dir_pcap ⇒ Object

attr_accessor :dir_home.
#dir_screens ⇒ Object

Returns the value of attribute dir_screens.
#extension ⇒ Object readonly

Returns the value of attribute extension.
#filename ⇒ Object readonly

Returns the value of attribute filename.
#md5 ⇒ Object readonly

Returns the value of attribute md5.
#pcaprid ⇒ Object readonly

Returns the value of attribute pcaprid.
#pcapsize ⇒ Object readonly

Returns the value of attribute pcapsize.
#sha ⇒ Object

Returns the value of attribute sha.
#size ⇒ Object readonly

Returns the value of attribute size.
#sourceinfo ⇒ Object

used for storing info about where the binary come from (if needed).
#type ⇒ Object readonly

Returns the value of attribute type.

Class Method Summary collapse

.calc_pcaprid(file, size) ⇒ Object

Instance Method Summary collapse

#initialize(file) ⇒ Loadmalw constructor

A new instance of Loadmalw.

Constructor Details

#initialize(file) ⇒ `Loadmalw`

# File 'lib/dorothy2/MAM.rb', line 144

def initialize(file)

  fm = FileMagic.new
  sha = Digest::SHA2.new
  md5 = Digest::MD5.new
  @binpath = file
  @filename = File.basename file
  @extension = File.extname file
  @dbtype = "null"  #TODO: remove type column in sample table

  File.open(file, 'rb') do |fh1|
    while buffer1 = fh1.read(1024)
      @sha = sha << buffer1
      @md5 = md5 << buffer1
    end
  end

  @sha = @sha.to_s
  @md5 = @md5.to_s.rstrip
  @sourceinfo = nil

  timetmp = File.ctime(file)
  @ctime= timetmp.strftime("%m/%d/%y %H:%M:%S")
  @type = fm.file(file)

  if @extension.empty?    #no extension, trying to put the right one..
    case @type
      when /^PE32/ then
        @extension = (@type =~ /DLL/ ? ".dll" : ".exe")
      when /^MS-DOS/ then
        @extension = ".bat"
      when /^HTML/ then
        @extension = ".html"
      else
        @extension = nil
    end
  end


  @size = File.size(file)
  #  @dir_pcap = "#{ANALYSIS_DIR}/#{@md5}/pcap/"
  #  @dir_bin = "#{ANALYSIS_DIR}/#{@md5}/bin/"
  #  @dir_screens = "#{ANALYSIS_DIR}/#{@md5}/screens/"
  #  @dir_downloads = "#{ANALYSIS_DIR}/#{@md5}/downloads/"
end

Instance Attribute Details

#binpath ⇒ `Object` (readonly)

Returns the value of attribute binpath.



130
131
132

# File 'lib/dorothy2/MAM.rb', line 130

def binpath
  @binpath
end

#ctime ⇒ `Object` (readonly)

Returns the value of attribute ctime.



132
133
134

# File 'lib/dorothy2/MAM.rb', line 132

def ctime
  @ctime
end

#dbtype ⇒ `Object` (readonly)

Returns the value of attribute dbtype.



127
128
129

# File 'lib/dorothy2/MAM.rb', line 127

def dbtype
  @dbtype
end

#dir_bin ⇒ `Object`

Returns the value of attribute dir_bin.



140
141
142

# File 'lib/dorothy2/MAM.rb', line 140

def dir_bin
  @dir_bin
end

#dir_downloads ⇒ `Object`

Returns the value of attribute dir_downloads.



142
143
144

# File 'lib/dorothy2/MAM.rb', line 142

def dir_downloads
  @dir_downloads
end

#dir_pcap ⇒ `Object`

attr_accessor :dir_home



139
140
141

# File 'lib/dorothy2/MAM.rb', line 139

def dir_pcap
  @dir_pcap
end

#dir_screens ⇒ `Object`

Returns the value of attribute dir_screens.



141
142
143

# File 'lib/dorothy2/MAM.rb', line 141

def dir_screens
  @dir_screens
end

#extension ⇒ `Object` (readonly)

Returns the value of attribute extension.



135
136
137

# File 'lib/dorothy2/MAM.rb', line 135

def extension
  @extension
end

#filename ⇒ `Object` (readonly)

Returns the value of attribute filename.



131
132
133

# File 'lib/dorothy2/MAM.rb', line 131

def filename
  @filename
end

#md5 ⇒ `Object` (readonly)

Returns the value of attribute md5.



129
130
131

# File 'lib/dorothy2/MAM.rb', line 129

def md5
  @md5
end

#pcaprid ⇒ `Object` (readonly)

Returns the value of attribute pcaprid.



125
126
127

# File 'lib/dorothy2/MAM.rb', line 125

def pcaprid
  @pcaprid
end

#pcapsize ⇒ `Object` (readonly)

Returns the value of attribute pcapsize.



134
135
136

# File 'lib/dorothy2/MAM.rb', line 134

def pcapsize
  @pcapsize
end

#sha ⇒ `Object`

Returns the value of attribute sha.



128
129
130

# File 'lib/dorothy2/MAM.rb', line 128

def sha
  @sha
end

#size ⇒ `Object` (readonly)

Returns the value of attribute size.



133
134
135

# File 'lib/dorothy2/MAM.rb', line 133

def size
  @size
end

#sourceinfo ⇒ `Object`

used for storing info about where the binary come from (if needed)



136
137
138

# File 'lib/dorothy2/MAM.rb', line 136

def sourceinfo
  @sourceinfo
end

#type ⇒ `Object` (readonly)

Returns the value of attribute type.



126
127
128

# File 'lib/dorothy2/MAM.rb', line 126

def type
  @type
end

Class Method Details

.calc_pcaprid(file, size) ⇒ `Object`

# File 'lib/dorothy2/MAM.rb', line 192

def self.calc_pcaprid(file, size)
  #t = file.split('/')
  #dumpname = t[t.length - 1]
  @pcaprid = Digest::MD5.new
  @pcaprid << "#{file}:#{size}"
  @pcaprid = @pcaprid.dup.to_s.rstrip
end

Class: Dorothy::Loadmalw

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(file) ⇒ Loadmalw

Instance Attribute Details

#binpath ⇒ Object (readonly)

#ctime ⇒ Object (readonly)

#dbtype ⇒ Object (readonly)

#dir_bin ⇒ Object

#dir_downloads ⇒ Object

#dir_pcap ⇒ Object

#dir_screens ⇒ Object

#extension ⇒ Object (readonly)

#filename ⇒ Object (readonly)

#md5 ⇒ Object (readonly)

#pcaprid ⇒ Object (readonly)

#pcapsize ⇒ Object (readonly)

#sha ⇒ Object

#size ⇒ Object (readonly)

#sourceinfo ⇒ Object

#type ⇒ Object (readonly)