1
2
3
4
5 import os
6 from zipfile import ZipFile, BadZipfile
7
8 from lib.common.abstracts import Package
9 from lib.common.exceptions import CuckooPackageError
10 from lib.api.process import Process
11
13 """Zip analysis package."""
14
16 root = os.environ["TEMP"]
17 password = self.options.get("password", None)
18 default_file_name = "sample.exe"
19
20 with ZipFile(path, "r") as archive:
21 zipinfos = archive.infolist()
22 try:
23 archive.extractall(path=root, pwd=password)
24 except BadZipfile as e:
25 raise CuckooPackageError("Invalid Zip file")
26 except RuntimeError:
27 try:
28 password = self.options.get("password", "infected")
29 archive.extractall(path=root, pwd=password)
30 except RuntimeError as e:
31 raise CuckooPackageError("Unable to extract Zip file: "
32 "{0}".format(e))
33
34 file_name = self.options.get("file", default_file_name)
35 if file_name == default_file_name:
36
37 if len(zipinfos) > 0:
38
39 file_name = zipinfos[0].filename
40
41 file_path = os.path.join(root, file_name)
42
43 dll = self.options.get("dll", None)
44 free = self.options.get("free", False)
45 args = self.options.get("arguments", None)
46 suspended = True
47 if free:
48 suspended = False
49
50 p = Process()
51 if not p.execute(path=file_path, args=args, suspended=suspended):
52 raise CuckooPackageError("Unable to execute initial process, "
53 "analysis aborted")
54
55 if not free and suspended:
56 p.inject(dll)
57 p.resume()
58 return p.pid
59 else:
60 return None
61
64
66 if self.options.get("procmemdump", False):
67 for pid in self.pids:
68 p = Process(pid=pid)
69 p.dump_memory()
70
71 return True
72