Skip to content

Instantly share code, notes, and snippets.

@secrary secrary/dr_semu_eicar.py Secret

Created Aug 28, 2019
Embed
What would you like to do?
import json
import os
import dr_semu_utils
# don't forget to add module names into py_imports.config file
def check(report_directory):
image_path, pid, sha_256 = dr_semu_utils.get_starter_details(report_directory)
static_info = dr_semu_utils.get_json_from_file(report_directory + b"\\" + sha_256.encode() + b".json")
dynamic_info = dr_semu_utils.get_json_from_file(report_directory + b"\\" + str(pid).encode() + b".json")
# code here
verdict = b"CLEAN"
for win_func in dynamic_info:
if "NtCreateUserProcess" in win_func:
image_path = win_func["NtCreateUserProcess"]["before"]["image_path"]
if image_path.lower().endswith("drsemu_eicar.exe"):
return b"Win32.EICAR.Dr"
return verdict
if __name__ == "__main__":
pass
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.