1
2
3
4
5 import logging
6 from _winreg import OpenKey, SetValueEx
7 from _winreg import HKEY_LOCAL_MACHINE, KEY_SET_VALUE, REG_SZ
8
9
10 from lib.common.abstracts import Auxiliary
11 from lib.common.rand import random_integer
12
13 log = logging.getLogger(__name__)
14
16 """Disguise the analysis environment."""
17
19 """Randomizes Windows ProductId, which is occasionally used by malware
20 to detect public setups of Cuckoo, e.g. Malwr.com.
21 """
22 key = OpenKey(
23 HKEY_LOCAL_MACHINE,
24 "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
25 0,
26 KEY_SET_VALUE
27 )
28
29 value = "{0}-{1}-{2}-{3}".format(
30 random_integer(5),
31 random_integer(3),
32 random_integer(7),
33 random_integer(5)
34 )
35
36 SetValueEx(key, "ProductId", 0, REG_SZ, value)
37
41