Class: Dorothy::Loadmalw

Inherits:

Object

• Object
• Dorothy::Loadmalw

Defined in:

lib/dorothy2/do-utils.rb

Instance Attribute Summary

• #binpath ⇒ Object readonly

  Returns the value of attribute binpath.

• #binpath_repo ⇒ Object readonly

  binaries’ repository where all the samples go.

• #ctime ⇒ Object readonly

  Returns the value of attribute ctime.

• #dbtype ⇒ Object readonly

  Returns the value of attribute dbtype.

• #dir_bin ⇒ Object

  Returns the value of attribute dir_bin.

• #dir_downloads ⇒ Object

  Returns the value of attribute dir_downloads.

• #dir_pcap ⇒ Object

  Analysis folder where the files will be created.

• #dir_screens ⇒ Object

  Returns the value of attribute dir_screens.

• #extension ⇒ Object readonly

  Returns the value of attribute extension.

• #filename ⇒ Object readonly

  Returns the value of attribute filename.

• #full_filename ⇒ Object readonly

  Here i’m sure that the file has an extension and can be executed by windows.

• #md5 ⇒ Object readonly

  Returns the value of attribute md5.

• #pcaprid ⇒ Object readonly

  Returns the value of attribute pcaprid.

• #pcapsize ⇒ Object readonly

  Returns the value of attribute pcapsize.

• #sha ⇒ Object

  Returns the value of attribute sha.

• #size ⇒ Object readonly

  Returns the value of attribute size.

• #sourceinfo ⇒ Object

  Used for storing info about where the binary comes from (if needed).

• #type ⇒ Object readonly

  Returns the value of attribute type.

Class Method Summary

• .calc_pcaprid(file, size) ⇒ Object

Instance Method Summary

• #initialize(file, change_filename = nil) ⇒ Loadmalw constructor

  A new instance of Loadmalw.

Constructor Details

#initialize(file, change_filename = nil) ⇒ Loadmalw

Returns a new instance of Loadmalw.

# File 'lib/dorothy2/do-utils.rb', line 601

def initialize(file, change_filename=nil)

  fm = FileMagic.new
  @binpath = file
  change_filename ||=  File.basename(file).strip

  @filename = change_filename
  @extension = File.extname(change_filename)[1..-1]


  @md5 = Digest::MD5.hexdigest(File.read(file))
  @sha = Digest::SHA2.hexdigest(File.read(file))


  @sourceinfo = nil

  @binpath_repo = DoroSettings.env[:bins_repository] + '/' + @md5

  timetmp = File.ctime(file)
  @ctime= timetmp.strftime("%m/%d/%y %H:%M:%S")
  @type = fm.file(file)


  if @extension.nil?    #no extension, trying to put the right one..
    case @type
      when /^PE32/ then
        @extension = (@type =~ /DLL/ ? "dll" : "exe")
      when /^COM/ then
        @extension = "exe"
      when /^MS-DOS/ then
        @extension = "bat"
      when /^HTML/ then
        @extension = "html"
      else
        @extension = "unknown"
    end
    @full_filename = @filename + "." +  @extension
  else
    @full_filename = @filename
  end

  @size = File.size(file)
end

Instance Attribute Details

#binpath ⇒ Object (readonly)

Returns the value of attribute binpath.

# File 'lib/dorothy2/do-utils.rb', line 579

def binpath
  @binpath
end

#binpath_repo ⇒ Object (readonly)

binaries’ repository where all the samples go.

# File 'lib/dorothy2/do-utils.rb', line 593

def binpath_repo
  @binpath_repo
end

#ctime ⇒ Object (readonly)

Returns the value of attribute ctime.

# File 'lib/dorothy2/do-utils.rb', line 584

def ctime
  @ctime
end

#dbtype ⇒ Object (readonly)

Returns the value of attribute dbtype.

# File 'lib/dorothy2/do-utils.rb', line 576

def dbtype
  @dbtype
end

#dir_bin ⇒ Object

Returns the value of attribute dir_bin.

# File 'lib/dorothy2/do-utils.rb', line 597

def dir_bin
  @dir_bin
end

#dir_downloads ⇒ Object

Returns the value of attribute dir_downloads.

# File 'lib/dorothy2/do-utils.rb', line 599

def dir_downloads
  @dir_downloads
end

#dir_pcap ⇒ Object

Analysis folder where the files will be created

# File 'lib/dorothy2/do-utils.rb', line 596

def dir_pcap
  @dir_pcap
end

#dir_screens ⇒ Object

Returns the value of attribute dir_screens.

# File 'lib/dorothy2/do-utils.rb', line 598

def dir_screens
  @dir_screens
end

#extension ⇒ Object (readonly)

Returns the value of attribute extension.

# File 'lib/dorothy2/do-utils.rb', line 587

def extension
  @extension
end

#filename ⇒ Object (readonly)

Returns the value of attribute filename.

# File 'lib/dorothy2/do-utils.rb', line 580

def filename
  @filename
end

#full_filename ⇒ Object (readonly)

Here i’m sure that the file has an extension and can be executed by windows

# File 'lib/dorothy2/do-utils.rb', line 583

def full_filename
  @full_filename
end

#md5 ⇒ Object (readonly)

Returns the value of attribute md5.

# File 'lib/dorothy2/do-utils.rb', line 578

def md5
  @md5
end

#pcaprid ⇒ Object (readonly)

Returns the value of attribute pcaprid.

# File 'lib/dorothy2/do-utils.rb', line 574

def pcaprid
  @pcaprid
end

#pcapsize ⇒ Object (readonly)

Returns the value of attribute pcapsize.

# File 'lib/dorothy2/do-utils.rb', line 586

def pcapsize
  @pcapsize
end

#sha ⇒ Object

Returns the value of attribute sha.

# File 'lib/dorothy2/do-utils.rb', line 577

def sha
  @sha
end

#size ⇒ Object (readonly)

Returns the value of attribute size.

# File 'lib/dorothy2/do-utils.rb', line 585

def size
  @size
end

#sourceinfo ⇒ Object

Used for storing info about where the binary comes from (if needed)

# File 'lib/dorothy2/do-utils.rb', line 590

def sourceinfo
  @sourceinfo
end

#type ⇒ Object (readonly)

Returns the value of attribute type.

# File 'lib/dorothy2/do-utils.rb', line 575

def type
  @type
end

Class Method Details

.calc_pcaprid(file, size) ⇒ Object

# File 'lib/dorothy2/do-utils.rb', line 647

def self.calc_pcaprid(file, size)
  #t = file.split('/')
  #dumpname = t[t.length - 1]
  @pcaprid = Digest::MD5.new
  @pcaprid << "#{file}:#{size}"
  @pcaprid = @pcaprid.dup.to_s.rstrip
end