Class: Dorothy::Loadmalw

Inherits:

Object

• Object
• Dorothy::Loadmalw

Defined in:

lib/dorothy2/do-utils.rb

Instance Attribute Summary

• #binpath ⇒ Object readonly

  Returns the value of attribute binpath.

• #ctime ⇒ Object readonly

  Returns the value of attribute ctime.

• #dbtype ⇒ Object readonly

  Returns the value of attribute dbtype.

• #dir_bin ⇒ Object

  Returns the value of attribute dir_bin.

• #dir_downloads ⇒ Object

  Returns the value of attribute dir_downloads.

• #dir_pcap ⇒ Object

  attr_accessor :dir_home.

• #dir_screens ⇒ Object

  Returns the value of attribute dir_screens.

• #extension ⇒ Object readonly

  Returns the value of attribute extension.

• #filename ⇒ Object readonly

  Returns the value of attribute filename.

• #full_filename ⇒ Object readonly

  here i’m sure that the file has an extension and can be executed by windows.

• #md5 ⇒ Object readonly

  Returns the value of attribute md5.

• #pcaprid ⇒ Object readonly

  Returns the value of attribute pcaprid.

• #pcapsize ⇒ Object readonly

  Returns the value of attribute pcapsize.

• #sha ⇒ Object

  Returns the value of attribute sha.

• #size ⇒ Object readonly

  Returns the value of attribute size.

• #sourceinfo ⇒ Object

  used for storing info about where the binary come from (if needed).

• #type ⇒ Object readonly

  Returns the value of attribute type.

Class Method Summary

• .calc_pcaprid(file, size) ⇒ Object

Instance Method Summary

• #initialize(file) ⇒ Loadmalw constructor

  A new instance of Loadmalw.

Constructor Details

#initialize(file) ⇒ Loadmalw

Returns a new instance of Loadmalw.

# File 'lib/dorothy2/do-utils.rb', line 250

def initialize(file)

  fm = FileMagic.new
  sha = Digest::SHA2.new
  md5 = Digest::MD5.new
  @binpath = file
  @filename = File.basename(file)
  @extension = File.extname(file)[1..-1]

  File.open(file, 'rb') do |fh1|
    while buffer1 = fh1.read(1024)
      @sha = sha << buffer1
      @md5 = md5 << buffer1
    end
  end

  @sha = @sha.to_s
  @md5 = @md5.to_s.rstrip
  @sourceinfo = nil

  timetmp = File.ctime(file)
  @ctime= timetmp.strftime("%m/%d/%y %H:%M:%S")
  @type = fm.file(file)


  if @extension.nil?    #no extension, trying to put the right one..
    case @type
      when /^PE32/ then
        @extension = (@type =~ /DLL/ ? "dll" : "exe")
      when /^COM/ then
        @extension = "exe"
      when /^MS-DOS/ then
        @extension = "bat"
      when /^HTML/ then
        @extension = "html"
      else
        @extension = "unknown"
    end
    @full_filename = @filename + "." +  @extension
  else
    @full_filename = @filename
  end

  @size = File.size(file)
end

Instance Attribute Details

#binpath ⇒ Object (readonly)

Returns the value of attribute binpath.

# File 'lib/dorothy2/do-utils.rb', line 235

def binpath
  @binpath
end

#ctime ⇒ Object (readonly)

Returns the value of attribute ctime.

# File 'lib/dorothy2/do-utils.rb', line 238

def ctime
  @ctime
end

#dbtype ⇒ Object (readonly)

Returns the value of attribute dbtype.

# File 'lib/dorothy2/do-utils.rb', line 232

def dbtype
  @dbtype
end

#dir_bin ⇒ Object

Returns the value of attribute dir_bin.

# File 'lib/dorothy2/do-utils.rb', line 246

def dir_bin
  @dir_bin
end

#dir_downloads ⇒ Object

Returns the value of attribute dir_downloads.

# File 'lib/dorothy2/do-utils.rb', line 248

def dir_downloads
  @dir_downloads
end

#dir_pcap ⇒ Object

attr_accessor :dir_home

# File 'lib/dorothy2/do-utils.rb', line 245

def dir_pcap
  @dir_pcap
end

#dir_screens ⇒ Object

Returns the value of attribute dir_screens.

# File 'lib/dorothy2/do-utils.rb', line 247

def dir_screens
  @dir_screens
end

#extension ⇒ Object (readonly)

Returns the value of attribute extension.

# File 'lib/dorothy2/do-utils.rb', line 241

def extension
  @extension
end

#filename ⇒ Object (readonly)

Returns the value of attribute filename.

# File 'lib/dorothy2/do-utils.rb', line 236

def filename
  @filename
end

#full_filename ⇒ Object (readonly)

here i’m sure that the file has an extension and can be executed by windows

# File 'lib/dorothy2/do-utils.rb', line 237

def full_filename
  @full_filename
end

#md5 ⇒ Object (readonly)

Returns the value of attribute md5.

# File 'lib/dorothy2/do-utils.rb', line 234

def md5
  @md5
end

#pcaprid ⇒ Object (readonly)

Returns the value of attribute pcaprid.

# File 'lib/dorothy2/do-utils.rb', line 230

def pcaprid
  @pcaprid
end

#pcapsize ⇒ Object (readonly)

Returns the value of attribute pcapsize.

# File 'lib/dorothy2/do-utils.rb', line 240

def pcapsize
  @pcapsize
end

#sha ⇒ Object

Returns the value of attribute sha.

# File 'lib/dorothy2/do-utils.rb', line 233

def sha
  @sha
end

#size ⇒ Object (readonly)

Returns the value of attribute size.

# File 'lib/dorothy2/do-utils.rb', line 239

def size
  @size
end

#sourceinfo ⇒ Object

used for storing info about where the binary come from (if needed)

# File 'lib/dorothy2/do-utils.rb', line 242

def sourceinfo
  @sourceinfo
end

#type ⇒ Object (readonly)

Returns the value of attribute type.

# File 'lib/dorothy2/do-utils.rb', line 231

def type
  @type
end

Class Method Details

.calc_pcaprid(file, size) ⇒ Object

# File 'lib/dorothy2/do-utils.rb', line 298

def self.calc_pcaprid(file, size)
  #t = file.split('/')
  #dumpname = t[t.length - 1]
  @pcaprid = Digest::MD5.new
  @pcaprid << "#{file}:#{size}"
  @pcaprid = @pcaprid.dup.to_s.rstrip
end