Trees | Indices | Help |
|
---|
|
1 # Copyright (C) 2010-2013 Claudio Guarnieri. 2 # Copyright (C) 2014-2016 Cuckoo Foundation. 3 # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 4 # See the file 'docs/LICENSE' for copying permission. 5 6 from lib.cuckoo.common.abstracts import Signature 79 name = "creates_exe" 10 description = "Creates a Windows executable on the filesystem" 11 severity = 2 12 categories = ["generic"] 13 authors = ["Cuckoo Developers"] 14 minimum = "2.0" 15 16 # This is a signature template. It should be used as a skeleton for 17 # creating custom signatures, therefore is disabled by default. 18 # It doesn't verify whether a .exe is actually being created, but 19 # it matches files being opened with any access type, including 20 # read and attributes lookup. 21 enabled = False 222824 match = self.check_file(pattern=".*\\.exe$", regex=True) 25 if match: 26 self.mark_ioc("file", match) 27 return True
Trees | Indices | Help |
|
---|
Generated by Epydoc 3.0.1 on Fri Nov 4 23:22:00 2016 | http://epydoc.sourceforge.net |