Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- def analyze_files(dir):
- def check_dir(dir):
- try:
- for filename in os.listdir(dir):
- path_to_file = os.path.join(dir, filename)
- if os.path.isfile(path_to_file):
- check_file(path_to_file)
- elif os.path.isdir(path_to_file):
- check_dir(path_to_file)
- except PermissionError:
- print("{}: Permission denied".format(dir))
- def check_file(path_to_file):
- try:
- file = pefile.PE(path_to_file, fast_load=True)
- file.parse_data_directories(
- directories=[pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_IMPORT']])
- except Exception:
- return
- first_found = True
- if hasattr(file, "DIRECTORY_ENTRY_IMPORT"):
- for library in file.DIRECTORY_ENTRY_IMPORT:
- try:
- library_name = library.dll.decode().lower()
- except AttributeError:
- continue
- if library_name in restricted_libraries:
- suspicious_functions = []
- for function in library.imports:
- try:
- function_name = function.name.decode()
- except AttributeError:
- continue
- if function_name in restricted_libraries[library_name]:
- suspicious_functions.append(function_name)
- if suspicious_functions:
- print("Suspicious file {}\nFile using network library: {}\n"
- "Found following suspicious functions: {}".format(path_to_file, library_name,
- ', '.join(
- suspicious_functions)))
- first_found = False
- break
- if not first_found:
- print()
- restricted_libraries = get_libraries_list()
- import os
- import pefile
- from timeit import default_timer
- start = default_timer()
- check_dir(dir)
- print("Total time: {}".format(default_timer() - start))
- def get_libraries_list():
- with open("list_of_network_libraries.json", 'r') as file:
- import json
- return json.load(file)
- if __name__ == "__main__":
- # analyze_files(input("Input directory to analyze: "))
- # analyze_files('Test_dir')
- analyze_files('C:\Windows\System32')
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
