Package modules :: Package signatures :: Module creates_exe
[hide private]
[frames] | no frames]

Source Code for Module modules.signatures.creates_exe

 1  # Copyright (C) 2010-2013 Claudio Guarnieri. 
 2  # Copyright (C) 2014-2016 Cuckoo Foundation. 
 3  # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 
 4  # See the file 'docs/LICENSE' for copying permission. 
 5   
 6  from lib.cuckoo.common.abstracts import Signature 
 7   
8 -class CreatesExe(Signature):
9 name = "creates_exe" 10 description = "Creates a Windows executable on the filesystem" 11 severity = 2 12 categories = ["generic"] 13 authors = ["Cuckoo Developers"] 14 minimum = "2.0" 15 16 # This is a signature template. It should be used as a skeleton for 17 # creating custom signatures, therefore is disabled by default. 18 # It doesn't verify whether a .exe is actually being created, but 19 # it matches files being opened with any access type, including 20 # read and attributes lookup. 21 enabled = False 22
23 - def on_complete(self):
24 match = self.check_file(pattern=".*\\.exe$", regex=True) 25 if match: 26 self.mark_ioc("file", match) 27 return True
28