Closed zhang-x-h closed 2 years ago
zRapha
commented
3 years ago Hi, the DB is going to be filled depending upon the modules / datasets you choose. Regarding the datasets, I would suggest going for known public sources such as VirusTotal, etc.
zhang-x-h
commented
3 years ago Hi!
thank you for your reply ! Can the dataset be placed directly in the samples/unzipped folder using the.exe file? Since I don't have virus Total API, I have collected some exe files by myself. Or are the files in the DB folder generated from the dataset themselves?
best
------------------ 原始邮件 ------------------ 发件人: "zRapha/AIMED" @.>; 发送时间: 2021年10月20日(星期三) 晚上8:29 @.>; @.**@.>; 主题: Re: [zRapha/AIMED] about db (Issue #4)
Hi, the DB is going to be filled depending upon the modules / datasets you choose. Regarding the datasets, I would suggest going for known public sources such as VirusTotal, etc.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.
zRapha
commented
3 years ago Yes, the PE files need to be placed under samples/unzipped. The DBs are generated automatically when you run the environment. They are going to log which file was used, number and sequence of transformations injected, hash of new file, and so on every time you run a module (e.g., ARMED) in three states: evasive, detected or corrupt (the latter if integrity test is implemented).
zhang-x-h
commented
3 years ago hi! when I run axmed.py environment use 'python axmed.py -p 5 -m 1' , I didn't get db files . Is it because I don't have a sandbox or something else?
------------------ 原始邮件 ------------------ 发件人: "zRapha/AIMED" @.>; 发送时间: 2021年10月20日(星期三) 晚上10:19 @.>; @.**@.>; 主题: Re: [zRapha/AIMED] about db (Issue #4)
Yes, the PE files need to be placed under samples/unzipped. The DBs are generated automatically when you run the environment. They are going to log which file was used, number and sequence of transformations injected, hash of new file, and so on every time you run a module (e.g., ARMED) in three states: evasive, detected or corrupt (the latter if integrity test is implemented).
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.
zRapha
commented
3 years ago Yes, alternatively you can return, for example for ARMED, "funcional = True" on line 173 to test. You should see that adversarial examples are generated when the module runs and thus the db will be created.
zhang-x-h
commented
3 years ago Thank you for your patient reply, I will continue to debug and interpret the code, but I don't know why, the program will return lief.badfile or binary. PE without has.signature when running.
------------------ 原始邮件 ------------------ 发件人: "zRapha/AIMED" @.>; 发送时间: 2021年10月26日(星期二) 下午4:25 @.>; @.**@.>; 主题: Re: [zRapha/AIMED] about db (Issue #4)
Yes, alternatively you can return, for example for ARMED, "funcional = True" on line 173 to test. You should see that adversarial examples are generated when the module runs and thus the db will be created.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.
zRapha
commented
3 years ago There is probably an issue with the file you're using as input. Hence, LIEF is having problems to parse it. Try other PEs and it should be fine.
zhang-x-h
commented
3 years ago I've tried all my malicious samples, and it's still the same two issues I mentioned: lief.badfile and 'lief.PE.Binary' object has no attribute 'has_signature'. I have a request, I wonder if you can send your datasets? ------------------ 原始邮件 ------------------ 发件人: "zRapha/AIMED" @.>; 发送时间: 2021年10月28日(星期四) 下午5:17 @.>; @.**@.>; 主题: Re: [zRapha/AIMED] about db (Issue #4)
There is probably an issue with the file you're using as input. Hence, LIEF is having problems to parse it. Try other PEs and it should be fine.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.
zRapha
commented
3 years ago We avoid publishing links to malware but there are public repositories that you can download files from. Let me know if the db is otherwise working so we can close this issue. Thanks!
zRapha
commented
2 years ago Close issue due to inactivity.
I wonder if the author could provide the files in DB and the link of where to download the dataset? thank you!