im using this code below but it doesnt work.. content of filepath available here peid.yara. full code here integrated_feature_extraction.py
def __init__(self,source,output,label):
self.source = source
self.output = output
self.type = label
#Need PEiD rules compile with yara
self.rules= yara.compile(filepath='/home/osboxes/honeymalware/scripts/peid.yara')
def check_packer(self,filepath):
result=[]
matches = self.rules.match(filepath)
if matches == []:
result.append([0,"NoPacker"])
else:
result.append([1,matches['main'][0]['rule']])
return result
def main():
source_path= raw_input("Enter the path of samples (ending with /) >> ")
output_file= raw_input("Give file name of output file. (.csv) >>")
label = raw_input("Enter type of sample( malware(1)|benign(0))>>")
when i run the program i get an error
Traceback (most recent call last):
File "integrated_features_extraction.py", line 375, in <module>
main()
File "integrated_features_extraction.py", line 372, in main
features.create_dataset()
File "integrated_features_extraction.py", line 356, in create_dataset
data = self.extract_all(filepath)
File "integrated_features_extraction.py", line 330, in extract_all
packer = self.check_packer(filepath)
File "integrated_features_extraction.py", line 239, in check_packer
result.append([1,matches['main'][0]['rule']])
TypeError: list indices must be integers, not str
i think problem occurred while executing result.append([1,matches['main'][0]['rule']]).what is wrong with the code above ??. what should i do ??
The output should be "no packer" or rulename in filepath.
The issue was with the change in match() method of Yara module. Earlier a dictionary was return so that was accessing using a key but now it returns a list and so there was a need to change the code.
I have written the script so I have updated the same on the GitHub project page.
else:
#result.append([1,matches['main'][0]['rule']])
result.append([1,matches[0]])
Thanks, everyone for finding and resolving the issue.