This project will ask for a exe file from the cli and generate an html report with useful information such as, compiled date, imports, functions, strings etc.
The python generates an html string which is then read to an html file. In the html header we declare use of a JS and a CSS file. The JS file is used to make the page more dynamic while the css is used to make everything look better(well thats the idea of css).
- Make sure you have python downloaded if you dont go here
- Download an editor such as Pycharm, VsCode or Anaconda
- Once the editor you choose is configured create a folder for this project and run:
git clone https://github.com/Cantum2/4010_Project1.git
Great! Now lets run the code. This could vary depending on editor. For the most part just click the giant play button where ever you see it. Enter the file path or just press enter for the default file. If you would like to analyze a new file just run the script again.
- You will be prompted to enter a password which is
mal-ware
. This isnt for security! This is just to make sure that you are in a vm if you are analyzing a potentially malicious executable. - I have included two exe files. They are both of the Strings library from microsoft. One is packed with upx and one is not.
- I also included the upx files so you can pack files as needed just shove the file into the dir containing the upx.exe file and cd into that directory. Then run
upx file_name.exe
and it will pack it - The script will generate the
index.html
file. Open that file in a browser and it will have the results.
View the current index.html
file in a browser to see a sample of an analysis done on notepad.exe
- git pull
- git add .
- git commit -am "ENTER YOUR MESSAGE HERE"
- git push
- Tests are in the tests.py file and should try to pass
-
add security measure to make sure we aren't running this no in a vm?
-
run analysis of the strings and create a regex to match ip addresses so we can predict outbound network traffic
-
use packer detection to determine if file is packed or not and if so with what
-
get date compiled with the pe.dump_info()
-
list imports
-
functionality will be tough to do
- we can create a simple web page
- we can also make the pe file that is good seem malicous.
- add a button to make the file seem good