From c9ccb426af947fa0e5632c3e9128b6a9d50df4b8 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Sat, 5 Oct 2024 06:42:06 +0000 Subject: [PATCH] style: Automatic code formatting --- modules/signatures/all/packer_entropy.py | 5 +++-- modules/signatures/all/packer_yoda.py | 3 ++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/modules/signatures/all/packer_entropy.py b/modules/signatures/all/packer_entropy.py index 900c2c4a..3df7c50e 100644 --- a/modules/signatures/all/packer_entropy.py +++ b/modules/signatures/all/packer_entropy.py @@ -15,6 +15,7 @@ from lib.cuckoo.common.abstracts import Signature + class PackerEntropy(Signature): name = "packer_entropy" description = "The binary likely contains encrypted or compressed data" @@ -30,7 +31,7 @@ class PackerEntropy(Signature): "http://www.forensickb.com/2013/03/file-entropy-explained.html", "http://virii.es/U/Using%20Entropy%20Analysis%20to%20Find%20Encrypted%20and%20Packed%20Malware.pdf", ] - + def run(self): ret = False @@ -47,7 +48,7 @@ def run(self): if float(section["entropy"]) > 6.8: self.data.append({"section": section}) total_compressed += int(section["size_of_data"], 16) - + if total_pe_data and ((1.0 * total_compressed) / total_pe_data) > 0.2: ret = True diff --git a/modules/signatures/all/packer_yoda.py b/modules/signatures/all/packer_yoda.py index 71031261..ccc0e3e3 100644 --- a/modules/signatures/all/packer_yoda.py +++ b/modules/signatures/all/packer_yoda.py @@ -15,6 +15,7 @@ from lib.cuckoo.common.abstracts import Signature + class YodaPacked(Signature): name = "packer_yoda" description = "Executable file is packed/obfuscated with Y0da" @@ -37,6 +38,6 @@ def run(self): for section in pe["sections"]: if section["name"].startswith(".yP") or section["name"].startswith(".y0da"): self.data.append({"section": section}) - ret = True + ret = True return ret