Package modules :: Package auxiliary :: Module disguise
[hide private]
[frames] | no frames]

Source Code for Module modules.auxiliary.disguise

 1  # Copyright (C) 2010-2014 Cuckoo Foundation. 
 2  # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 
 3  # See the file 'docs/LICENSE' for copying permission. 
 4   
 5  import logging 
 6  from _winreg import OpenKey, SetValueEx 
 7  from _winreg import HKEY_LOCAL_MACHINE, KEY_SET_VALUE, REG_SZ 
 8   
 9   
10  from lib.common.abstracts import Auxiliary 
11  from lib.common.rand import random_integer 
12   
13  log = logging.getLogger(__name__) 
14   
15 -class Disguise(Auxiliary):
16 """Disguise the analysis environment.""" 17
18 - def change_productid(self):
19 """Randomizes Windows ProductId, which is occasionally used by malware 20 to detect public setups of Cuckoo, e.g. Malwr.com. 21 """ 22 key = OpenKey( 23 HKEY_LOCAL_MACHINE, 24 "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", 25 0, 26 KEY_SET_VALUE 27 ) 28 29 value = "{0}-{1}-{2}-{3}".format( 30 random_integer(5), 31 random_integer(3), 32 random_integer(7), 33 random_integer(5) 34 ) 35 36 SetValueEx(key, "ProductId", 0, REG_SZ, value)
37
38 - def start(self):
39 self.change_productid() 40 return True
41