fr0gger/DhashIcon.py

## DhashIcon.py
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Thomas Roccia | IconDhash.py
# pip3 install lief
# pip3 install pillow
# resource: https://www.hackerfactor.com/blog/?/archives/529-Kind-of-Like-That.html

import lief
import os
import argparse
from PIL import Image

# Extracting first icon available
def extract_icon(exe):
    binary = lief.parse(exe)
    bin = binary.resources_manager
    ico = bin.icons
    ico = ico[0].save("peico.ico")
    return

# Generate dhash on the icon previously extracted
def generate_icon_dhash(exe, hash_size = 8):
    extract_icon(exe)
    image = Image.open("peico.ico")
    image = image.convert('L').resize(
        (hash_size + 1, hash_size),
        Image.ANTIALIAS,
        )

    difference = []

    for row in range(hash_size):
        for col in range(hash_size):
            pixel_left = image.getpixel((col, row))
            pixel_right = image.getpixel((col + 1, row))
            difference.append(pixel_left > pixel_right)

    decimal_value = 0
    hex_string = []

    for index, value in enumerate(difference):
        if value:
            decimal_value += 2**(index % 8)

        if (index % 8) == 7:
            hex_string.append(hex(decimal_value)[2:].rjust(2, '0'))
            decimal_value = 0

    os.remove("peico.ico")

    return ''.join(hex_string)


# main function
def main():
    # select arguments
    parser = argparse.ArgumentParser(description='Generate icon dhash by Thomas Roccia')
    parser.add_argument("-f", "--file", help="Specify the PE file", required=True)
    args = parser.parse_args()

    if args.file:
        try:
            dhash = generate_icon_dhash(args.file)
            print("[+] dhash icon: %s" % dhash)
        except:
            print("[!] no icon available")


if __name__ == '__main__':
    main()
	#!/usr/bin/env python
	# -- coding: utf-8 --
	# Thomas Roccia \| IconDhash.py
	# pip3 install lief
	# pip3 install pillow
	# resource: https://www.hackerfactor.com/blog/?/archives/529-Kind-of-Like-That.html

	import lief
	import os
	import argparse
	from PIL import Image

	# Extracting first icon available
	def extract_icon(exe):
	binary = lief.parse(exe)
	bin = binary.resources_manager
	ico = bin.icons
	ico = ico[0].save("peico.ico")
	return

	# Generate dhash on the icon previously extracted
	def generate_icon_dhash(exe, hash_size = 8):
	extract_icon(exe)
	image = Image.open("peico.ico")
	image = image.convert('L').resize(
	(hash_size + 1, hash_size),
	Image.ANTIALIAS,
	)

	difference = []

	for row in range(hash_size):
	for col in range(hash_size):
	pixel_left = image.getpixel((col, row))
	pixel_right = image.getpixel((col + 1, row))
	difference.append(pixel_left > pixel_right)

	decimal_value = 0
	hex_string = []

	for index, value in enumerate(difference):
	if value:
	decimal_value += 2**(index % 8)

	if (index % 8) == 7:
	hex_string.append(hex(decimal_value)[2:].rjust(2, '0'))
	decimal_value = 0

	os.remove("peico.ico")

	return ''.join(hex_string)


	# main function
	def main():
	# select arguments
	parser = argparse.ArgumentParser(description='Generate icon dhash by Thomas Roccia')
	parser.add_argument("-f", "--file", help="Specify the PE file", required=True)
	args = parser.parse_args()

	if args.file:
	try:
	dhash = generate_icon_dhash(args.file)
	print("[+] dhash icon: %s" % dhash)
	except:
	print("[!] no icon available")


	if __name__ == '__main__':
	main()