def exeImportsFuncs(filename, allstrings):
try:
pe = pefile.PE(filename)
importlist = []
for entry in pe.DIRECTORY_ENTRY_IMPORT:
importlist.append(entry.dll)
for imp in entry.imports:
importlist.append(imp.name)
for imp in importlist:
if imp in allstrings: allstrings.remove(imp)
if len(allstrings) > 0:
return list(set(allstrings))
else:
print '[!] No Extractable Attributes Present in Hash: '+str(md5sum(filename)) + ' Please Remove it from the Sample Set and Try Again!'
sys.exit(1)
except:
return allstrings
#EML File parsing, and comparision based on dictionary entries .... plus regexes looking for domains/links in text/html
评论列表
文章目录
