In [2]:
import src.utils.utils as utils
hello
In [ ]:
In [ ]:
In [3]:
stringpath = '../../../data/strings/'
with open(stringpath + 'hZiVAw5nREjHU1qodatK.strings', 'r') as f:
strings = [line.strip() for line in f.readlines()]
In [4]:
strings
Out[4]:
['StringX',
'TObject',
'u:hD',
'SVWUQ',
'Z]_^[',
'SVWU',
'YZ]_^[',
'SVWU',
']_^[',
'SVWU',
'w;;t$',
']_^[',
'SVWU',
']_^[',
'SVWUQ',
'Z]_^[',
'SVWU',
'YZ]_^[',
'SVWU',
'uW;{',
'u:;{',
']_^[',
'ZYYd',
'ZYYd',
'SVWU',
']_^[',
'YZ^[',
'SVWU',
']_^[',
'ZYYd',
'_^[YY]',
'QSVW',
'UhF"@',
'ZYYd',
'hM"@',
'_^[Y]',
'SVWU',
'$;L$',
'$)D$',
'YZ]_^[',
'QSVW',
'ZYYd',
'_^[Y]',
'YZXu',
'r/f=',
'w)f%',
'w%9',
'~KxI[)',
'2_^[',
'@v:k',
'@aQY',
'E@|o',
"BkU'9",
'ZYYd',
'SOFTWARE\\Borland\\Delphi\\RTL',
'FPUMaskValue',
'PPRTj',
'YYZX',
'YZXtp',
'VWUd',
'SPRQ',
'T$(j',
'SVWU',
']_^[',
'ZTUWVSPRTj',
']_^[',
'd$,1',
',t\\=',
't=HtN',
'r6t0',
't.Ht',
'ZYYd',
'_^[]',
'UhF3@',
'ZYYd',
'_^[]',
'SVWU',
']_^[',
';_^[',
'SVWU',
']_^[',
't!R:',
't-Rf;',
't f;J',
'SVWRP',
'Z_^[X',
'It2S',
't&J|',
';_^[',
'PSVW',
'_^[X',
'_^[X',
'h0>@',
't@h@>@',
'8\\u8',
'kernel32.dll',
'GetLongPathNameA',
'UhY?@',
'ZYYd',
'h`?@',
'Software\\Borland\\Locales',
'Software\\Borland\\Delphi\\Locales',
'ZYYd',
'_^[YY]',
'ZYYd',
'UhvB@',
'ZYYd',
'h}B@',
'ZYYd',
'ZYYd',
'ZYYd',
'Uh\tF@',
'ZYYd',
'ZYYd',
'Exception',
'EHeapException',
'EOutOfMemory',
'EInOutError',
'EExternal',
'EExternalException',
'EIntError',
'EDivByZero',
'ERangeError`L@',
'EIntOverflow',
'EMathError',
'EInvalidOp',
'EZeroDivide',
'EOverflow',
'EUnderflow',
'EInvalidPointer',
'EInvalidCast',
'EConvertError',
'EAccessViolation',
'EPrivilege',
'EStackOverflow',
'EControlC',
'EVariantError',
'EAssertionFailed',
'EAbstractError',
'EIntfCastError',
'ESafecallException',
'SysUtils',
'SysUtils',
'0<:r',
'SVWU',
']_^[',
'(_^[',
'<*t"<0r=<9w9i',
'_^[[',
'_^[]',
'IL\\@',
'INFNAN',
'QS<$t',
'$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)',
'<sGf',
'<sAf',
'^YY]',
'_^[YY]',
'SVWQ',
'Z_^[',
'QSVW',
'_^[Y]',
'QQQQQQSVW3',
'ZYYd',
'ZYYd',
'^[Y]',
'Uh_d@',
'PhPc@',
'ZYYd',
'hfd@',
'QQQQQSVW',
'UhBf@',
'ZYYd',
'hIf@',
'yyyy',
'eeee',
'D$DP',
'D$HP',
'D$PPj',
'D$LPj',
'ZYYd',
'_^[Y]',
'Uh`j@',
'ZYYd',
'hgj@',
'_^[YY]',
'TErrorRec',
'YZ^[',
'TExceptRec',
'SVW3',
'Uh$l@',
'ZYYd',
'h+l@',
',tY=',
't<HtH',
'r3t7',
't(Ht',
'ZYYd',
'ZYYd',
'ZYYd',
'QSVW',
'_^[Y]',
'Y_^[',
'hhx@',
'htx@',
'ZYYd',
'm/d/yy',
'mmmm d, yyyy',
'AMPM',
'AMPM',
':mm:ss',
'kernel32.dll',
'GetDiskFreeSpaceExA',
'UhM}@',
'ZYYd',
'hT}@',
'ZYYd',
'Ff]+',
'MsY',
':ODm',
':3s<',
'Qj9GN',
'}YdQ',
'p7Sb',
'a+D2',
'NO<V',
'o.U@',
'6%\tU4u',
"%x7y'",
'VS#`',
'jI,5-',
'pOMng',
'Um~m',
'[YS75p',
'Io\\[U',
'Bc\\q',
'Ktm<0',
'hN9+',
'/,M$',
'qZKZ',
'_*G.',
'!mG^',
"?[C.'*",
'VWS',
'tAPR',
'ZYYd',
'ZYYd',
'D+SS7',
'Error',
'Runtime error at 00000000',
'0123456789ABCDEF',
'@v:k',
'KERNEL32.DLL',
'KERNEL32.DLL',
'KERNEL32.DLL',
'advapi32.dll',
'Comdlg32.dll',
'oleaut32.dll',
'oleaut32.dll',
'shell32.dll',
'user32.dll',
'user32.dll',
'WriteFile',
'VirtualQuery',
'SleepEx',
'GetVersionExA',
'GetThreadLocale',
'GetStringTypeExA',
'GetStdHandle',
'GetProcAddress',
'GetModuleHandleA',
'GetModuleFileNameA',
'GetLocaleInfoA',
'GetLocalTime',
'GetDiskFreeSpaceA',
'GetCPInfo',
'GetACP',
'EnumCalendarInfoA',
'TlsSetValue',
'TlsGetValue',
'LocalAlloc',
'GetModuleHandleA',
'DeleteCriticalSection',
'LeaveCriticalSection',
'EnterCriticalSection',
'InitializeCriticalSection',
'VirtualFree',
'VirtualAlloc',
'LocalFree',
'LocalAlloc',
'GetVersion',
'GetCurrentThreadId',
'WideCharToMultiByte',
'lstrlenA',
'lstrcpynA',
'LoadLibraryExA',
'GetThreadLocale',
'GetStartupInfoA',
'GetProcAddress',
'GetModuleHandleA',
'GetModuleFileNameA',
'GetLocaleInfoA',
'GetCommandLineA',
'FreeLibrary',
'FindFirstFileA',
'FindClose',
'ExitProcess',
'WriteFile',
'UnhandledExceptionFilter',
'RtlUnwind',
'RaiseException',
'GetStdHandle',
'RegQueryValueExA',
'RegOpenKeyExA',
'RegCloseKey',
'ReplaceTextA',
'SysFreeString',
'SafeArrayGetLBound',
'DragQueryFileW',
'Shell_NotifyIconA',
'MessageBoxA',
'LoadStringA',
'IsCharLowerA',
'GetSystemMetrics',
'GetMessageExtraInfo',
'BringWindowToTop',
'CharNextA',
'CharToOemA',
'GetKeyboardType',
'LoadStringA',
'MessageBoxA',
'CharNextA',
'{<:y&q?',
'YNIZnThStXbgpv',
'SysConst',
'System',
'SysInit',
'UTypes',
'SysUtils',
'KWindows',
'>7uC',
'Aen',
'?sD{',
'CeNk\\E',
'A=o',
'ET@i',
'9IT}[;',
'GKBo',
';^Vs',
'IJDm',
'=(Hq',
'KoFc',
'?GJw',
'3S^{',
'AGLu',
'5DPy',
'CANk',
'ED@i',
'9^T} :',
'GqBo',
';BVs/<',
'I8t]',
'3b^{',
'AWLu>B',
'5HPy',
'CMNk',
'=w(lU',
';NVse=',
'IyDm',
'=EHq',
'KNFc',
'IIJa',
'/,fcW',
'#bbg-',
'FcQM',
'4E^*E',
'Z@^S',
'awaj',
'AVx377',
'J?WpnX',
'2Ckh',
'm\tNH',
'KOHo',
'4Auj',
'nW\tT',
'+(j_S',
'81aV',
'#8bg',
'VCw4',
'i8rN',
'u0{0&q',
'|T.Q',
'=_=:S',
'I!N-',
'QRo=',
'W[Mto',
'iqK@',
'\\p]UZ',
'l/.Lm',
'o!jZ',
'1epjGB',
'Vo&O',
'J$d=*~',
'yf6k',
"I'th",
',y/6B',
'sRyG',
'R\\k!',
'Zq)]',
'^@5H',
'2RJZ',
'q><',
'f"E0',
'"LFr',
'FsU6',
'qS#?%',
'@irm',
'u0T*B',
'Q<YRF>',
':-"|',
'Yd rB',
'?*{|',
'G6a*',
'UYy"',
'j8*:XD2',
'*A/@',
'xB#,e7',
'Wh{',
']W 6',
']|H0u',
"tz'|",
'l_|4@',
'HyS>',
']SMH',
';P$*B',
'#yZ>',
'd\tb$',
'VU[Y',
'i"xr!rm',
'!d,h',
'+S[h',
':mq?AD',
'x+qs',
'yLK"',
']Mn+x',
'rBgt1g|H',
'0T?o',
'Qw\\2',
'l4k-',
'$1Fn,b',
'7BT6',
'&1k',
'/2Wu)',
"/'*k",
'Yb3A6d',
'l\\*m',
'faDN',
'!QS p',
'8\\\tP',
'87wX|(',
'<^x<',
'(`Sz',
'%E~',
'`86m',
'#*Ph',
'R{H>',
',jql',
'gNvsx',
'O{>1',
':XG(',
'q.h8',
'kI|_',
'x_4zO',
'>T~j05',
'\\{H!',
"|'L7",
'N @=',
'D4ScW',
'\\w#-',
')L.,n',
'$& B)',
'|02e',
"q<'&:^",
'-]J*',
'~Sqh',
'[~GM',
'+<l-',
'/=/l',
'xk4b',
'7zS,',
'\\"p$',
'$f%Q',
'gU|R',
"'c&f",
'otO33',
'aH0&,',
'?,g4',
'o6&W1',
'-NKk',
'NOgVP',
'~t8U',
'h(zi',
'NqzM',
'] ?D',
'V*@EN',
'MqlU',
'dB*',
';E*`dt',
'"}Qgj{',
'N/nn',
'fL?d3',
'fdP-',
'F}Q(',
'-5\\hO',
'1_|$',
'=>4Gt',
'W8U\\',
'b* s',
'<y++',
'F$r<>',
'Hy+(R',
'>="$E',
'ZBpj',
'IT4"',
"d}b'",
'Fi=O`',
',Ub0',
'sW1L',
'$5FT',
'E|ly',
'71q,43',
'|u=L',
'6k\t*(',
'M+~n',
':to}',
'%7L_',
'u*Qn',
'}y_',
'ji f',
'Ok@y',
'\\JO,',
'~t4@"Y',
'}bQk(',
'H`\\\\',
'u_r9',
'hcHx',
'e_YR',
'P])H',
']^z5',
'Spo&',
"U~4'",
'|$Rs',
'&!T!X',
'No9<',
'#3LS',
'fnZg',
'^yCdy',
'vX<Dp',
'NU|(Z',
'3|6"',
'$0>)q>q',
'$KG2',
'<,iN',
'vl}|',
'> <g',
'KCo7',
'ev)>X*=',
'zITG',
'Wrzn',
'^Hex',
'IBKW0',
'eKH?$D(',
'Tv=\tK',
'e*Qp',
'}8jP~',
"&0Z'",
'Xx&00',
'LPG1',
'ZQ1;#',
"rL'+",
'^f@bE',
'RE|%',
'0~l',
'c%3/~A',
'p]>p^',
'qex2',
'R:m',
'"{"qb',
'5!Q+',
'52a>',
'BH{&',
"hEq'",
'7py5c',
'$6JAA',
'Rtw1',
'PtLu',
'yf<E',
'2rA=6',
'AbcVj]',
'+17y}',
'ukB]',
'0>0>',
'[mf8f',
'j89&~Z',
'@Lel',
'lu\\@',
'vq.k',
'Nx\\N',
'Pq=e',
'KD(o',
'egjz',
'/svRv',
'5tks',
'%mT0',
'H?T^',
'JpIb',
't]Lb',
'8}Lw',
'H,@_`BT',
'yz1!',
'v_B&#',
'~>NG',
'wZsz',
'A2^i',
'h8T.:',
'+X)~<R',
'{e`8',
'ivIE',
'\\hhl',
'PN\\v',
'8AFZ',
'HXT>',
'F}|X',
'4\tqe',
'j\tlu',
'H&`CK',
'/f`Tw',
'`VB:',
'x9Cq',
'%P&Hx',
'Jq^K',
'\\E+8rB',
'QJ.D',
'S38.k',
'@*N`',
'M<M+',
'|ygD',
'uT$Eq@4',
'\\T{J',
'*;^Y',
'%m$',
'IG;t',
'W]C',
'9zYI>',
'Kb-P',
")':Uz@<",
'<`\\EH',
'=<&H`',
'@ ?K',
'Trd?',
'GEv=',
'^BKV',
'>}e=',
'|:B)',
'IT^J',
'J<n+hF',
'KU5$N',
'O@jTnX+',
'.s*1}y',
'kR{)F',
'3r@J}',
'uDi+',
'`B`C',
'\\E\t$',
'p%" V',
'Hb] J',
'-;@Rd#b',
'c~Fd',
'8aJR',
'/nZt;',
'ZH68{',
'Z.O+',
'E,ZN',
'RXtlc',
'EU#u',
'"m5/',
'cSR-',
'-A)EX',
'Q$P7',
'^NqKn',
'2H W',
'l"Tff',
'7vO{!',
'a~n6',
'Lh8',
'm!\\e~',
')xa5',
'H]n-jsF',
'?P{nm',
'{}0p',
'tQgn',
'!&U#&',
'dgZ&',
'P\\RyQ6',
'R]gt',
'rF)i/',
'=UvT`',
'i9Jx7N',
's!Z8bw',
'qz>Z',
'tXpy',
"&'#m",
'tS4\\',
'}&Hz',
'M\t{fU',
'YospD',
'c<r,a',
'+)^l',
'T,b7',
'prl5',
'"%r8',
'N`3A',
':9$HpC',
'WDDHj',
'|mt~',
'~w|Dqr',
'(!BP',
'y;Wp',
'9UH#',
'Q,o_',
'bW~x',
'82b4',
'#,(t',
'BvX*',
'u/8p6',
'NR#btI',
';:]y',
'j{{\t@',
'#g{I',
"@Qc'",
'%<^`',
'oR l',
'8RxP',
'~2f#',
'JH7:',
'7d\tN\\',
't"*v',
'^@{z0',
'P7%"Q',
'srXH',
'$!yDY',
't;_UFUm',
'd>B{',
'G0E^',
'tP]H',
'R|&6}',
'71\\c',
'*Z5R',
'^=MI',
'V%6p',
'=cbl',
']P"T',
'XE8_',
'E\tD]3',
')tlORR',
'QK w',
',|;w',
'Q{]L',
"'E>{",
'.5ry',
'+5UWvM5',
'HFF*8A(>',
'4U.2',
'eh6h',
'TZ{<vy)^',
'nmVM',
'5>XR}',
"nW0'",
'|FHo',
't6"iT',
'4KG$',
'P&0242',
'#YuS;',
'{1/xH~w',
'wRhtx',
'Cv#$)',
'HV&H',
't ,-',
'/h(><',
'!p/L\\o',
'ow6aJ]',
'N>Z`',
'P8cR',
'l"#U2',
'B&SS/',
'3_lOL',
'n<o*',
'}XaJ`',
'%+ZY',
'9PKE\\',
'lo+w',
'\\645',
'v=,i,3',
'@A$c$_|',
'$|p|}4,}P',
'FAZv',
'M4^L',
'Lz/!vy',
'"<On|s',
'(0mrmf$',
'LNVs',
'vGxr',
'j2Yv',
'{@]x',
'tn2&',
'UIy:',
'--R{E',
'A^G6',
'l}.~T',
'!2=S',
'[:pV+1',
'`ge\\a',
'"zkf',
'ygyH',
'liLb',
'\\\\Ho',
'ZFyPq5',
'TTvc',
'aelu],',
'a3pBm[',
'|Hk>',
'Nr..c',
'M|*d',
';__8',
'WMqAj8`',
'\\=m=',
'g.VH',
'!U&m',
'msn)',
'p2UO',
'hu!a',
'zK{f',
']WLZ',
'wyf^',
'lBR_:',
"'i/s",
'o*;P',
'oU61J',
'YhS{',
'*ct@',
'NtnR',
'js9g',
')H3rNB',
'X>dU',
'x=$M',
'8lMBi',
'T`f"',
's!,z``',
'z{&J:Z',
'jCA-',
'.C r',
'[,[8',
'|Cvh',
'8rqO',
'c9~fZ',
'2"ab',
'07Zm}P',
'T1*U?m',
"P&%?'",
'KFfu\t@s',
'noX.P',
'}V~kP',
'GX\t9',
'\\i}b12ot',
'$s"0',
'I%I{2',
'v>|3',
'cmDM,',
'^Tx(',
'#"(H',
';rk=',
',%?q',
',KWVt',
'<b<E',
'45$b',
'RCMf',
'Q1?y',
'y\t8R',
')wi?',
'%6(}',
'vrw$Nl;',
'DTsc',
'r(m?',
'aj z',
'[p5.',
'2a{(',
'_c\tC',
'a9\tZ',
'vJ?$',
's)8|',
'PIO`',
't$iF',
'#3H',
'X89"3',
'7fE3',
'&OxX',
'~0ZM"',
'(JwO',
'5e9`',
'6W@E',
'sns.[',
'5#rN',
'h/:O',
'AY_L',
'bTi(f',
'e_qcoN',
'f\\spm8-',
"Un''",
'Z-.v',
'h}bm|',
'T$B',
'k@"W_',
'O7QsF',
"gJ6k'",
'[2@)',
'C*oG',
"oh5'",
'l%rO',
'~Qp',
'giBk',
'xfY.',
'PrK^+',
'%`(!B<',
'?[!kJd',
'a/mC',
"'~*:1",
'#5#Z-8',
'1>P">',
"N^g'",
"P-',",
'PHvPx',
'a/03\\',
'?N}y',
'|"M\t%',
'?HLV',
'Nm?R',
'1x~!/T-',
'G(.{',
'[<C^',
'eE\\A!',
'~G1c',
'E|yK',
'B{~6',
"na%'1",
'A*b5',
'=89(',
"`2'<",
'EVY9)',
"'8nG",
'h.{zT',
'#R^V',
'ei=D',
'(_B]',
'LZcw9',
'8v2Y',
'6J*I3U',
'5($+\\',
'?WV9',
'.le&',
'1&o?#r',
'i^A4',
'PI$!',
'lOoJ',
'Bx[G',
'"$4G',
'o.eh',
'Yuuhw',
'X;Hp@',
']!y^',
'4Jl|T',
'W gp',
'4KC-<',
'6T,R+',
'_z.8',
'$qhP',
'jz<J',
'g$cxR',
'6cCr',
'8<V2K',
'!`\\J',
'tfrTf',
'-3D6',
'3Oi&',
'!r3&',
'=Jl?@k?',
'(KlC',
'50yu',
'fCwP',
'yv ${b',
'vaL(',
...]
In [5]:
def read_strings_file(name, stringpath = '../../../data/strings/'):
with open(stringpath + name + '.strings', 'r') as f:
return [line.strip() for line in f.readlines()]
In [9]:
malware = utils.get_mongodb(username='populator')
---------------------------------------------------------------------------
AutoReconnect Traceback (most recent call last)
/usr/local/lib/python3.4/site-packages/pymongo/mongo_client.py in __init__(self, host, port, max_pool_size, document_class, tz_aware, _connect, **kwargs)
373 try:
--> 374 self._ensure_connected(True)
375 except AutoReconnect as e:
/usr/local/lib/python3.4/site-packages/pymongo/mongo_client.py in _ensure_connected(self, sync)
938 """
--> 939 self.__ensure_member()
940
/usr/local/lib/python3.4/site-packages/pymongo/mongo_client.py in __ensure_member(self)
812 try:
--> 813 member, nodes = self.__find_node()
814 return member
/usr/local/lib/python3.4/site-packages/pymongo/mongo_client.py in __find_node(self)
903 # Couldn't find a suitable host.
--> 904 raise AutoReconnect(', '.join(errors))
905
AutoReconnect: timed out
During handling of the above exception, another exception occurred:
ConnectionFailure Traceback (most recent call last)
<ipython-input-9-0abfdb5fe3f2> in <module>()
----> 1 malware = utils.get_mongodb(username='populator')
/Users/carlyhendrickson/git/microsoft_malware_challenge/src/utils/utils.py in get_mongodb(db_address, username, password)
58 db_address="afruizc-office.cs.unm.edu",
59
---> 60 mg = pm.MongoClient(db_address)
61 if not mg.malware.authenticate(username, password):
62 sys.stderr.write("Authentication error. Terminating...")
/usr/local/lib/python3.4/site-packages/pymongo/mongo_client.py in __init__(self, host, port, max_pool_size, document_class, tz_aware, _connect, **kwargs)
375 except AutoReconnect as e:
376 # ConnectionFailure makes more sense here than AutoReconnect
--> 377 raise ConnectionFailure(str(e))
378
379 if username:
ConnectionFailure: timed out
In [7]:
all_files = malware.samples.find()
In [8]:
def insert_string(doc):
strings = read_strings_file(doc['id'])
doc['strings']['raw'] = strings
In [ ]:
In [ ]:
Content source: afruizc/microsoft_malware_challenge
Similar notebooks: