Trees | Indices | Help |
|
---|
|
1 # Copyright (C) 2010-2014 Cuckoo Foundation. 2 # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 3 # See the file 'docs/LICENSE' for copying permission. 4 5 from lib.cuckoo.common.abstracts import Signature 68 name = "creates_exe" 9 description = "Creates a Windows executable on the filesystem" 10 severity = 2 11 categories = ["generic"] 12 authors = ["Cuckoo Developers"] 13 minimum = "0.5" 14 15 # This is a signature template. It should be used as a skeleton for 16 # creating custom signatures, therefore is disabled by default. 17 # It doesn't verify whether a .exe is actually being created, but 18 # it matches files being opened with any access type, including 19 # read and attributes lookup. 20 enabled = False 213023 match = self.check_file(pattern=".*\\.exe$", 24 regex=True) 25 if match: 26 self.data.append({"file": match}) 27 return True 28 29 return False
Trees | Indices | Help |
|
---|
Generated by Epydoc 3.0.1 on Mon Apr 7 13:27:57 2014 | http://epydoc.sourceforge.net |