Package modules :: Package signatures :: Module creates_exe
[hide private]
[frames] | no frames]

Source Code for Module modules.signatures.creates_exe

 1  # Copyright (C) 2010-2014 Cuckoo Foundation. 
 2  # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 
 3  # See the file 'docs/LICENSE' for copying permission. 
 4   
 5  from lib.cuckoo.common.abstracts import Signature 
 6   
7 -class CreatesExe(Signature):
8 name = "creates_exe" 9 description = "Creates a Windows executable on the filesystem" 10 severity = 2 11 categories = ["generic"] 12 authors = ["Cuckoo Developers"] 13 minimum = "0.5" 14 15 # This is a signature template. It should be used as a skeleton for 16 # creating custom signatures, therefore is disabled by default. 17 # It doesn't verify whether a .exe is actually being created, but 18 # it matches files being opened with any access type, including 19 # read and attributes lookup. 20 enabled = False 21
22 - def run(self):
23 match = self.check_file(pattern=".*\\.exe$", 24 regex=True) 25 if match: 26 self.data.append({"file": match}) 27 return True 28 29 return False
30