Open c3rb3ru5d3d53c opened 1 year ago
Thanks for contribution! If you want you can easily lint your changes to pass our pipeline using https://github.com/CERT-Polska/lint-python-action tool (it's recommended to use it within virtualenv as it installs tools in specific pinned versions)
. venv/bin/activate
pip install lint-python
lint-python --install
But if you don't feel comfortable with that, don't worry, I can do this for you before merge.
Member
Hey, I made these changes let me know if they look good to you :smile:
Hi! Sorry that it takes so long.
Meanwhile something very similar has been implemented in https://github.com/CERT-Polska/malduck/pull/101 (based on https://github.com/CERT-Polska/malduck/issues/99). In this implementation, binaries are put directly in configuration, following the specific scheme (in binaries
field https://github.com/CybercentreCanada/Maco/blob/master/maco/model/model.py#L224).
We also plan to support adding parts of config imperatively, so extractor interface will be like that:
self.config.add_binary(
filename="example.bin",
data=b'\0'*4
Let me know if it suits your needs. We can also implement Extractor.collected_files
or ExtractManager.files
helpers if needed.
Based on #92, These changes allow us to not only extract configuration information from malware but also additional files that we may have extracted statically. This is not only great for static unpacking, but also other binary data you may wish to extract for analysis or put back into the karon queue for processing.
The files object is a sha256 hash uniquely representing the file then the data and an optional filename.