def overlay(self):
overlayOffset = self.pe.get_overlay_data_start_offset()
raw= self.pe.write()
if overlayOffset == None:
print (' No overlay Data Present')
else:
print ('Overlay Data is present which is often associated with malware')
print(' Start offset: 0x%08x' % overlayOffset)
overlaySize = len(raw[overlayOffset:])
print(' Size: 0x%08x %s %.2f%%' % (overlaySize, self.NumberOfBytesHumanRepresentation(overlaySize), float(overlaySize) / float(len(raw)) * 100.0))
print(' MD5: %s' % hashlib.md5(raw[overlayOffset:]).hexdigest())
print(' SHA-256: %s' % hashlib.sha256(raw[overlayOffset:]).hexdigest())
overlayMagic = raw[overlayOffset:][:4]
if type(overlayMagic[0]) == int:
overlayMagic = ''.join([chr(b) for b in overlayMagic])
print(' MAGIC: %s %s' % (binascii.b2a_hex(overlayMagic.encode('utf-8')), ''.join([self.IFF(ord(b) >= 32, b, '.') for b in overlayMagic])))
print(' PE file without overlay:')
print(' MD5: %s' % hashlib.md5(raw[:overlayOffset]).hexdigest())
print(' SHA-256: %s' % hashlib.sha256(raw[:overlayOffset]).hexdigest())
# Added by Yang
评论列表
文章目录
