Features to admin strings of features

mainProject/SFAnalytics/admin.py

@@ -1,3 +1,8 @@
 from django.contrib import admin
+from .models import *
 
 # Register your models here.
+admin.site.register(DllList)
+admin.site.register(OpCodeList)
+admin.site.register(StringList)
+admin.site.register(EntryFile)

mainProject/SFAnalytics/models.py

@@ -1,13 +1,20 @@
 from django.db import models
 
+#List of all dlls
 class DllList(models.Model):
     name = models.CharField(default="", max_length=100)
+    def __str__(self):
+        return "{} : {}".format(self.id, self.name)
 
 class OpCodeList(models.Model):
     instruction = models.CharField(default="", max_length=10)
+    def __str__(self):
+        return "{} : {}".format(self.id, self.instruction)
 
 class StringList(models.Model):
     string = models.CharField(default="", max_length=250)
+    def __str__(self):
+        return "{} : {}".format(self.id, self.string)
 
 class EntryFile(models.Model):
     hashMd5 = models.CharField(max_length=32)
@@ -16,3 +23,5 @@ class EntryFile(models.Model):
     #Entropy varies btween 0 and 8
     dataSectionEntropy = models.DecimalField(default=0, max_digits=7, decimal_places=6)
     textSectionEntropy = models.DecimalField(default=0, max_digits=7, decimal_places=6)
+    def __str__(self):
+        return "FileHashs - ({} : {}) | Entropy - ({} : {})".format(hashMd5, hashSha256, dataSectionEntropy, textSectionEntropy)

mainProject/SFAnalytics/test_tools.py

@@ -31,6 +31,43 @@ def main():
         print(opcodes.getOpcodes()[:10])
         print('Numero total de opcodes: {}'.format(opcodes.getCount()))
         print()
+        print('Lista de Opcodes')
+        rep = []
+        total = 0
+        totalPorcentage = 0
+        for operation in opcodes.getOperations():
+            for r in rep:
+                if r == operation.op:
+                    print("****************************************")
+                    print("Error, the instruction already on vector")
+                    print("****************************************")
+
+            rep.append(operation.op)
+            porcentage = (operation.num/opcodes.getCount()) * 100
+            print("Operation:\t\t{}\t\tappears\t\t{}%".format(operation.op, format(porcentage, '.5g')))
+            totalPorcentage += porcentage
+            total += operation.num
+
+        if total != opcodes.getCount():
+            print("************************************************")
+            print("Error, number of instructions differs from total")
+            print("************************************************")
+
+        if totalPorcentage < 99.9 or totalPorcentage > 100.1:
+            print("************************************************")
+            print("Error, total porcentage : {}".format(totalPorcentage))
+            print("************************************************")
+
+        print()
+        print('****************************************************')
+        print('Total de instrucoes em Operations : {}'.format(total))
+        print('****************************************************')
+        print('Total em totalPorcentage : {}'.format(totalPorcentage))
+        print('****************************************************')
+        print('****************************************************')
+        print('Total de instrucoes diferentes : {}'.format(len(opcodes.getOperations())))
+        print('****************************************************')
+        print()
         print('Primeiras 10 Strings')
         print(strings.strings[:10])
         print('Numero total de strings: {}'.format(strings.getCount()))

mainProject/SFAnalytics/tools.py

@@ -14,6 +14,25 @@ def saveFile(data, path):
 
         destination.close()
 
+#This classes helps with the porcentage of opcodes
+#Operation is a struct to hold an operation name and number of times it is in a file
+class Operation(object):
+    def __init__(self, op, num):
+        self.op = op
+        self.num = num
+
+#Operations holds all of the Operations objects as a list
+class Operations(object):
+    def __init__(self):
+        self.operations = []
+
+    def insertion(self, instructionName):
+        for operation in self.operations:
+            if operation.op == instructionName:
+                operation.num += 1
+                return
+        instruction = Operation(op=instructionName, num=1)
+        self.operations.append(instruction)
 
 
 #improve this to get file locations and path
@@ -24,10 +43,12 @@ def __init__(self, path):
         #subprocess.run executes a cmd command : ['.\objdump.exe', '-d','7zFM.exe']
         out = subprocess.run(['C:\\Users\\lucas\\Documents\\TCC\\MalwareAnalysis\\Tools\\objdump.exe', '-d', path], stdout=subprocess.PIPE, shell=True).stdout.decode().splitlines()
         self.opcodes = []
+        self.operations = Operations()
         for o in out:
             i = re.findall(r'\d*:\t.*\t(.*?)\s', o)
             if i:
                 self.opcodes.append(i[0])
+                self.operations.insertion(i[0])
 
         self.count = len(self.opcodes)
 
@@ -37,6 +58,9 @@ def getOpcodes(self):
     def getCount(self):
         return self.count
 
+    def getOperations(self):
+        return self.operations.operations
+
 class HashTable(object):
     """This class is responsible to extract the hash of a file"""
     def __init__(self, path):
@@ -97,6 +121,8 @@ def __init__(self, path):
                 self.dlls.append(entry.dll.decode())
                 self.textSectionEntropy = 0
                 self.dataSectionEntropy = 0
+                self.textBytesList = []
+                self.dataBytesList = []
         for section in self.portableExecutable.sections:
             textSection = re.findall(r'.text*',section.Name.decode())
             if textSection:

mainProject/SFAnalytics/views.py

@@ -23,17 +23,41 @@ def uploadDataBaseView(request):
         malwaresPath = './SFAnalytics/DataBase/Malwares/'
         softwaresPath = './SFAnalytics/DataBase/Softwares/'
         if form.is_valid():
+            #Cleaning DataBase
+            OpCodeList.objects.all().delete()
+            DllList.objects.all().delete()
+            StringList.objects.all().delete()
+            EntryFile.objects.all().delete()
+            #HashList to don't repeat a file
+            hashList = []
             for m in request.FILES.getlist('malwareUpload'):
                 HandleFile.saveFile(m, malwaresPath)
-                addLearn(m, malwaresPath, True)
+                completePath = '{}{}'.format(malwaresPath, m.name)
+                h = HashTable(completePath)
+                #Avoiding reapeated files
+                if nonRepeat(h, hashList):
+                    addLearn(m, malwaresPath, True)
+                    hashList.append(h)
             for s in request.FILES.getlist('softwareUpload'):
                 HandleFile.saveFile(s, softwaresPath)
-                addLearn(s, softwaresPath, False)
+                completePath = '{}{}'.format(softwaresPath, s.name)
+                h = HashTable(completePath)
+                #Avoiding reapeated files
+                if nonRepeat(h, hashList):
+                    addLearn(s, softwaresPath, False)
+                    hashList.append(h)
             return HttpResponseRedirect('/SFAnalytics/uploadDataBase/')
     else:
         form = UploadDataBaseForm()
     return render(request, 'SFAnalytics/uploadDataBaseTemplate.html', {'form': form})
 
+#Function to don't add a repeated file
+def nonRepeat(hashFile, hashList):
+    for h in hashList:
+        if h.getHashMd5() == hashFile.getHashMd5() and h.getHashSha256() == hashFile.getHashSha256():
+            return True
+    return False
+
 #This function handles each file uploaded for learning
 def addLearn(data, path, malwareLabel):
     path = '{}{}'.format(path, data.name)
@@ -49,25 +73,27 @@ def addLearn(data, path, malwareLabel):
         #Don't accept string lengths higher than 250 bytes
         if len(s) < 251:
             query = StringList.objects.all().filter(string__exact=s)
-            if query == None:
+            #In case the query don`t match anything, it returns an query with length 0
+            if len(query) == 0:
                 stringItem = StringList(string=s)
                 stringItem.save()
 
     # Adding opcodes to OpCodeList
-    for op in opcodes.getOpcodes():
+    for opInfo in opcodes.getOperations():
         #Don't accept Operation Codes with length higher than 10 bytes
         #X86 don't have any, this is here just to avoid software crash
+        op = opInfo.op
         if len(op) < 11:
             query = OpCodeList.objects.all().filter(instruction__exact=op)
-            if query == None:
+            if len(query) == 0:
                 opItem = OpCodeList(instruction=op)
                 opItem.save()
 
     # Adding dlls to DllList
     for dll in pe.getDlls():
         #Don't accept dll name lengths higher than 100 bytes
         if len(dll) < 101:
-            query = OpCodeList.objects.all().filter(instruction__name=dll)
-            if query == None:
+            query = DllList.objects.all().filter(name__exact=dll)
+            if len(query) == 0:
                 dllItem = DllList(name=dll)
                 dllItem.save()

mainProject/blog/admin.py

@@ -3,5 +3,3 @@
 from .models import posts
 
 # Register your models here.
-
-admin.site.register(posts)

mainProject/uploadApp/admin.py

@@ -3,5 +3,3 @@
 from .models import Question
 
 # Register your models here.
-
-admin.site.register(Question)