In [2]:
import src.utils.utils as utils


hello

In [ ]:


In [ ]:


In [3]:
stringpath = '../../../data/strings/'
with open(stringpath + 'hZiVAw5nREjHU1qodatK.strings', 'r') as f:
    strings = [line.strip() for line in f.readlines()]

In [4]:
strings


Out[4]:
['StringX',
 'TObject',
 'u:hD',
 'SVWUQ',
 'Z]_^[',
 'SVWU',
 'YZ]_^[',
 'SVWU',
 ']_^[',
 'SVWU',
 'w;;t$',
 ']_^[',
 'SVWU',
 ']_^[',
 'SVWUQ',
 'Z]_^[',
 'SVWU',
 'YZ]_^[',
 'SVWU',
 'uW;{',
 'u:;{',
 ']_^[',
 'ZYYd',
 'ZYYd',
 'SVWU',
 ']_^[',
 'YZ^[',
 'SVWU',
 ']_^[',
 'ZYYd',
 '_^[YY]',
 'QSVW',
 'UhF"@',
 'ZYYd',
 'hM"@',
 '_^[Y]',
 'SVWU',
 '$;L$',
 '$)D$',
 'YZ]_^[',
 'QSVW',
 'ZYYd',
 '_^[Y]',
 'YZXu',
 'r/f=',
 'w)f%',
 'w%9',
 '~KxI[)',
 '2_^[',
 '@v:k',
 '@aQY',
 'E@|o',
 "BkU'9",
 'ZYYd',
 'SOFTWARE\\Borland\\Delphi\\RTL',
 'FPUMaskValue',
 'PPRTj',
 'YYZX',
 'YZXtp',
 'VWUd',
 'SPRQ',
 'T$(j',
 'SVWU',
 ']_^[',
 'ZTUWVSPRTj',
 ']_^[',
 'd$,1',
 ',t\\=',
 't=HtN',
 'r6t0',
 't.Ht',
 'ZYYd',
 '_^[]',
 'UhF3@',
 'ZYYd',
 '_^[]',
 'SVWU',
 ']_^[',
 ';_^[',
 'SVWU',
 ']_^[',
 't!R:',
 't-Rf;',
 't f;J',
 'SVWRP',
 'Z_^[X',
 'It2S',
 't&J|',
 ';_^[',
 'PSVW',
 '_^[X',
 '_^[X',
 'h0>@',
 't@h@>@',
 '8\\u8',
 'kernel32.dll',
 'GetLongPathNameA',
 'UhY?@',
 'ZYYd',
 'h`?@',
 'Software\\Borland\\Locales',
 'Software\\Borland\\Delphi\\Locales',
 'ZYYd',
 '_^[YY]',
 'ZYYd',
 'UhvB@',
 'ZYYd',
 'h}B@',
 'ZYYd',
 'ZYYd',
 'ZYYd',
 'Uh\tF@',
 'ZYYd',
 'ZYYd',
 'Exception',
 'EHeapException',
 'EOutOfMemory',
 'EInOutError',
 'EExternal',
 'EExternalException',
 'EIntError',
 'EDivByZero',
 'ERangeError`L@',
 'EIntOverflow',
 'EMathError',
 'EInvalidOp',
 'EZeroDivide',
 'EOverflow',
 'EUnderflow',
 'EInvalidPointer',
 'EInvalidCast',
 'EConvertError',
 'EAccessViolation',
 'EPrivilege',
 'EStackOverflow',
 'EControlC',
 'EVariantError',
 'EAssertionFailed',
 'EAbstractError',
 'EIntfCastError',
 'ESafecallException',
 'SysUtils',
 'SysUtils',
 '0<:r',
 'SVWU',
 ']_^[',
 '(_^[',
 '<*t"<0r=<9w9i',
 '_^[[',
 '_^[]',
 'IL\\@',
 'INFNAN',
 'QS<$t',
 '$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)',
 '<sGf',
 '<sAf',
 '^YY]',
 '_^[YY]',
 'SVWQ',
 'Z_^[',
 'QSVW',
 '_^[Y]',
 'QQQQQQSVW3',
 'ZYYd',
 'ZYYd',
 '^[Y]',
 'Uh_d@',
 'PhPc@',
 'ZYYd',
 'hfd@',
 'QQQQQSVW',
 'UhBf@',
 'ZYYd',
 'hIf@',
 'yyyy',
 'eeee',
 'D$DP',
 'D$HP',
 'D$PPj',
 'D$LPj',
 'ZYYd',
 '_^[Y]',
 'Uh`j@',
 'ZYYd',
 'hgj@',
 '_^[YY]',
 'TErrorRec',
 'YZ^[',
 'TExceptRec',
 'SVW3',
 'Uh$l@',
 'ZYYd',
 'h+l@',
 ',tY=',
 't<HtH',
 'r3t7',
 't(Ht',
 'ZYYd',
 'ZYYd',
 'ZYYd',
 'QSVW',
 '_^[Y]',
 'Y_^[',
 'hhx@',
 'htx@',
 'ZYYd',
 'm/d/yy',
 'mmmm d, yyyy',
 'AMPM',
 'AMPM',
 ':mm:ss',
 'kernel32.dll',
 'GetDiskFreeSpaceExA',
 'UhM}@',
 'ZYYd',
 'hT}@',
 'ZYYd',
 'Ff]+',
 'MsY',
 ':ODm',
 ':3s<',
 'Qj9GN',
 '}YdQ',
 'p7Sb',
 'a+D2',
 'NO<V',
 'o.U@',
 '6%\tU4u',
 "%x7y'",
 'VS#`',
 'jI,5-',
 'pOMng',
 'Um~m',
 '[YS75p',
 'Io\\[U',
 'Bc\\q',
 'Ktm<0',
 'hN9+',
 '/,M$',
 'qZKZ',
 '_*G.',
 '!mG^',
 "?[C.'*",
 'VWS',
 'tAPR',
 'ZYYd',
 'ZYYd',
 'D+SS7',
 'Error',
 'Runtime error     at 00000000',
 '0123456789ABCDEF',
 '@v:k',
 'KERNEL32.DLL',
 'KERNEL32.DLL',
 'KERNEL32.DLL',
 'advapi32.dll',
 'Comdlg32.dll',
 'oleaut32.dll',
 'oleaut32.dll',
 'shell32.dll',
 'user32.dll',
 'user32.dll',
 'WriteFile',
 'VirtualQuery',
 'SleepEx',
 'GetVersionExA',
 'GetThreadLocale',
 'GetStringTypeExA',
 'GetStdHandle',
 'GetProcAddress',
 'GetModuleHandleA',
 'GetModuleFileNameA',
 'GetLocaleInfoA',
 'GetLocalTime',
 'GetDiskFreeSpaceA',
 'GetCPInfo',
 'GetACP',
 'EnumCalendarInfoA',
 'TlsSetValue',
 'TlsGetValue',
 'LocalAlloc',
 'GetModuleHandleA',
 'DeleteCriticalSection',
 'LeaveCriticalSection',
 'EnterCriticalSection',
 'InitializeCriticalSection',
 'VirtualFree',
 'VirtualAlloc',
 'LocalFree',
 'LocalAlloc',
 'GetVersion',
 'GetCurrentThreadId',
 'WideCharToMultiByte',
 'lstrlenA',
 'lstrcpynA',
 'LoadLibraryExA',
 'GetThreadLocale',
 'GetStartupInfoA',
 'GetProcAddress',
 'GetModuleHandleA',
 'GetModuleFileNameA',
 'GetLocaleInfoA',
 'GetCommandLineA',
 'FreeLibrary',
 'FindFirstFileA',
 'FindClose',
 'ExitProcess',
 'WriteFile',
 'UnhandledExceptionFilter',
 'RtlUnwind',
 'RaiseException',
 'GetStdHandle',
 'RegQueryValueExA',
 'RegOpenKeyExA',
 'RegCloseKey',
 'ReplaceTextA',
 'SysFreeString',
 'SafeArrayGetLBound',
 'DragQueryFileW',
 'Shell_NotifyIconA',
 'MessageBoxA',
 'LoadStringA',
 'IsCharLowerA',
 'GetSystemMetrics',
 'GetMessageExtraInfo',
 'BringWindowToTop',
 'CharNextA',
 'CharToOemA',
 'GetKeyboardType',
 'LoadStringA',
 'MessageBoxA',
 'CharNextA',
 '{<:y&q?',
 'YNIZnThStXbgpv',
 'SysConst',
 'System',
 'SysInit',
 'UTypes',
 'SysUtils',
 'KWindows',
 '>7uC',
 'Aen',
 '?sD{',
 'CeNk\\E',
 'A=o',
 'ET@i',
 '9IT}[;',
 'GKBo',
 ';^Vs',
 'IJDm',
 '=(Hq',
 'KoFc',
 '?GJw',
 '3S^{',
 'AGLu',
 '5DPy',
 'CANk',
 'ED@i',
 '9^T} :',
 'GqBo',
 ';BVs/<',
 'I8t]',
 '3b^{',
 'AWLu>B',
 '5HPy',
 'CMNk',
 '=w(lU',
 ';NVse=',
 'IyDm',
 '=EHq',
 'KNFc',
 'IIJa',
 '/,fcW',
 '#bbg-',
 'FcQM',
 '4E^*E',
 'Z@^S',
 'awaj',
 'AVx377',
 'J?WpnX',
 '2Ckh',
 'm\tNH',
 'KOHo',
 '4Auj',
 'nW\tT',
 '+(j_S',
 '81aV',
 '#8bg',
 'VCw4',
 'i8rN',
 'u0{0&q',
 '|T.Q',
 '=_=:S',
 'I!N-',
 'QRo=',
 'W[Mto',
 'iqK@',
 '\\p]UZ',
 'l/.Lm',
 'o!jZ',
 '1epjGB',
 'Vo&O',
 'J$d=*~',
 'yf6k',
 "I'th",
 ',y/6B',
 'sRyG',
 'R\\k!',
 'Zq)]',
 '^@5H',
 '2RJZ',
 'q><',
 'f"E0',
 '"LFr',
 'FsU6',
 'qS#?%',
 '@irm',
 'u0T*B',
 'Q<YRF>',
 ':-"|',
 'Yd rB',
 '?*{|',
 'G6a*',
 'UYy"',
 'j8*:XD2',
 '*A/@',
 'xB#,e7',
 'Wh{',
 ']W 6',
 ']|H0u',
 "tz'|",
 'l_|4@',
 'HyS>',
 ']SMH',
 ';P$*B',
 '#yZ>',
 'd\tb$',
 'VU[Y',
 'i"xr!rm',
 '!d,h',
 '+S[h',
 ':mq?AD',
 'x+qs',
 'yLK"',
 ']Mn+x',
 'rBgt1g|H',
 '0T?o',
 'Qw\\2',
 'l4k-',
 '$1Fn,b',
 '7BT6',
 '&1k',
 '/2Wu)',
 "/'*k",
 'Yb3A6d',
 'l\\*m',
 'faDN',
 '!QS p',
 '8\\\tP',
 '87wX|(',
 '<^x<',
 '(`Sz',
 '%E~',
 '`86m',
 '#*Ph',
 'R{H>',
 ',jql',
 'gNvsx',
 'O{>1',
 ':XG(',
 'q.h8',
 'kI|_',
 'x_4zO',
 '>T~j05',
 '\\{H!',
 "|'L7",
 'N @=',
 'D4ScW',
 '\\w#-',
 ')L.,n',
 '$& B)',
 '|02e',
 "q<'&:^",
 '-]J*',
 '~Sqh',
 '[~GM',
 '+<l-',
 '/=/l',
 'xk4b',
 '7zS,',
 '\\"p$',
 '$f%Q',
 'gU|R',
 "'c&f",
 'otO33',
 'aH0&,',
 '?,g4',
 'o6&W1',
 '-NKk',
 'NOgVP',
 '~t8U',
 'h(zi',
 'NqzM',
 '] ?D',
 'V*@EN',
 'MqlU',
 'dB*',
 ';E*`dt',
 '"}Qgj{',
 'N/nn',
 'fL?d3',
 'fdP-',
 'F}Q(',
 '-5\\hO',
 '1_|$',
 '=>4Gt',
 'W8U\\',
 'b* s',
 '<y++',
 'F$r<>',
 'Hy+(R',
 '>="$E',
 'ZBpj',
 'IT4"',
 "d}b'",
 'Fi=O`',
 ',Ub0',
 'sW1L',
 '$5FT',
 'E|ly',
 '71q,43',
 '|u=L',
 '6k\t*(',
 'M+~n',
 ':to}',
 '%7L_',
 'u*Qn',
 '}y_',
 'ji f',
 'Ok@y',
 '\\JO,',
 '~t4@"Y',
 '}bQk(',
 'H`\\\\',
 'u_r9',
 'hcHx',
 'e_YR',
 'P])H',
 ']^z5',
 'Spo&',
 "U~4'",
 '|$Rs',
 '&!T!X',
 'No9<',
 '#3LS',
 'fnZg',
 '^yCdy',
 'vX<Dp',
 'NU|(Z',
 '3|6"',
 '$0>)q>q',
 '$KG2',
 '<,iN',
 'vl}|',
 '> <g',
 'KCo7',
 'ev)>X*=',
 'zITG',
 'Wrzn',
 '^Hex',
 'IBKW0',
 'eKH?$D(',
 'Tv=\tK',
 'e*Qp',
 '}8jP~',
 "&0Z'",
 'Xx&00',
 'LPG1',
 'ZQ1;#',
 "rL'+",
 '^f@bE',
 'RE|%',
 '0~l',
 'c%3/~A',
 'p]>p^',
 'qex2',
 'R:m',
 '"{"qb',
 '5!Q+',
 '52a>',
 'BH{&',
 "hEq'",
 '7py5c',
 '$6JAA',
 'Rtw1',
 'PtLu',
 'yf<E',
 '2rA=6',
 'AbcVj]',
 '+17y}',
 'ukB]',
 '0>0>',
 '[mf8f',
 'j89&~Z',
 '@Lel',
 'lu\\@',
 'vq.k',
 'Nx\\N',
 'Pq=e',
 'KD(o',
 'egjz',
 '/svRv',
 '5tks',
 '%mT0',
 'H?T^',
 'JpIb',
 't]Lb',
 '8}Lw',
 'H,@_`BT',
 'yz1!',
 'v_B&#',
 '~>NG',
 'wZsz',
 'A2^i',
 'h8T.:',
 '+X)~<R',
 '{e`8',
 'ivIE',
 '\\hhl',
 'PN\\v',
 '8AFZ',
 'HXT>',
 'F}|X',
 '4\tqe',
 'j\tlu',
 'H&`CK',
 '/f`Tw',
 '`VB:',
 'x9Cq',
 '%P&Hx',
 'Jq^K',
 '\\E+8rB',
 'QJ.D',
 'S38.k',
 '@*N`',
 'M<M+',
 '|ygD',
 'uT$Eq@4',
 '\\T{J',
 '*;^Y',
 '%m$',
 'IG;t',
 'W]C',
 '9zYI>',
 'Kb-P',
 ")':Uz@<",
 '<`\\EH',
 '=<&H`',
 '@ ?K',
 'Trd?',
 'GEv=',
 '^BKV',
 '>}e=',
 '|:B)',
 'IT^J',
 'J<n+hF',
 'KU5$N',
 'O@jTnX+',
 '.s*1}y',
 'kR{)F',
 '3r@J}',
 'uDi+',
 '`B`C',
 '\\E\t$',
 'p%" V',
 'Hb] J',
 '-;@Rd#b',
 'c~Fd',
 '8aJR',
 '/nZt;',
 'ZH68{',
 'Z.O+',
 'E,ZN',
 'RXtlc',
 'EU#u',
 '"m5/',
 'cSR-',
 '-A)EX',
 'Q$P7',
 '^NqKn',
 '2H W',
 'l"Tff',
 '7vO{!',
 'a~n6',
 'Lh8',
 'm!\\e~',
 ')xa5',
 'H]n-jsF',
 '?P{nm',
 '{}0p',
 'tQgn',
 '!&U#&',
 'dgZ&',
 'P\\RyQ6',
 'R]gt',
 'rF)i/',
 '=UvT`',
 'i9Jx7N',
 's!Z8bw',
 'qz>Z',
 'tXpy',
 "&'#m",
 'tS4\\',
 '}&Hz',
 'M\t{fU',
 'YospD',
 'c<r,a',
 '+)^l',
 'T,b7',
 'prl5',
 '"%r8',
 'N`3A',
 ':9$HpC',
 'WDDHj',
 '|mt~',
 '~w|Dqr',
 '(!BP',
 'y;Wp',
 '9UH#',
 'Q,o_',
 'bW~x',
 '82b4',
 '#,(t',
 'BvX*',
 'u/8p6',
 'NR#btI',
 ';:]y',
 'j{{\t@',
 '#g{I',
 "@Qc'",
 '%<^`',
 'oR l',
 '8RxP',
 '~2f#',
 'JH7:',
 '7d\tN\\',
 't"*v',
 '^@{z0',
 'P7%"Q',
 'srXH',
 '$!yDY',
 't;_UFUm',
 'd>B{',
 'G0E^',
 'tP]H',
 'R|&6}',
 '71\\c',
 '*Z5R',
 '^=MI',
 'V%6p',
 '=cbl',
 ']P"T',
 'XE8_',
 'E\tD]3',
 ')tlORR',
 'QK w',
 ',|;w',
 'Q{]L',
 "'E>{",
 '.5ry',
 '+5UWvM5',
 'HFF*8A(>',
 '4U.2',
 'eh6h',
 'TZ{<vy)^',
 'nmVM',
 '5>XR}',
 "nW0'",
 '|FHo',
 't6"iT',
 '4KG$',
 'P&0242',
 '#YuS;',
 '{1/xH~w',
 'wRhtx',
 'Cv#$)',
 'HV&H',
 't ,-',
 '/h(><',
 '!p/L\\o',
 'ow6aJ]',
 'N>Z`',
 'P8cR',
 'l"#U2',
 'B&SS/',
 '3_lOL',
 'n<o*',
 '}XaJ`',
 '%+ZY',
 '9PKE\\',
 'lo+w',
 '\\645',
 'v=,i,3',
 '@A$c$_|',
 '$|p|}4,}P',
 'FAZv',
 'M4^L',
 'Lz/!vy',
 '"<On|s',
 '(0mrmf$',
 'LNVs',
 'vGxr',
 'j2Yv',
 '{@]x',
 'tn2&',
 'UIy:',
 '--R{E',
 'A^G6',
 'l}.~T',
 '!2=S',
 '[:pV+1',
 '`ge\\a',
 '"zkf',
 'ygyH',
 'liLb',
 '\\\\Ho',
 'ZFyPq5',
 'TTvc',
 'aelu],',
 'a3pBm[',
 '|Hk>',
 'Nr..c',
 'M|*d',
 ';__8',
 'WMqAj8`',
 '\\=m=',
 'g.VH',
 '!U&m',
 'msn)',
 'p2UO',
 'hu!a',
 'zK{f',
 ']WLZ',
 'wyf^',
 'lBR_:',
 "'i/s",
 'o*;P',
 'oU61J',
 'YhS{',
 '*ct@',
 'NtnR',
 'js9g',
 ')H3rNB',
 'X>dU',
 'x=$M',
 '8lMBi',
 'T`f"',
 's!,z``',
 'z{&J:Z',
 'jCA-',
 '.C r',
 '[,[8',
 '|Cvh',
 '8rqO',
 'c9~fZ',
 '2"ab',
 '07Zm}P',
 'T1*U?m',
 "P&%?'",
 'KFfu\t@s',
 'noX.P',
 '}V~kP',
 'GX\t9',
 '\\i}b12ot',
 '$s"0',
 'I%I{2',
 'v>|3',
 'cmDM,',
 '^Tx(',
 '#"(H',
 ';rk=',
 ',%?q',
 ',KWVt',
 '<b<E',
 '45$b',
 'RCMf',
 'Q1?y',
 'y\t8R',
 ')wi?',
 '%6(}',
 'vrw$Nl;',
 'DTsc',
 'r(m?',
 'aj z',
 '[p5.',
 '2a{(',
 '_c\tC',
 'a9\tZ',
 'vJ?$',
 's)8|',
 'PIO`',
 't$iF',
 '#3H',
 'X89"3',
 '7fE3',
 '&OxX',
 '~0ZM"',
 '(JwO',
 '5e9`',
 '6W@E',
 'sns.[',
 '5#rN',
 'h/:O',
 'AY_L',
 'bTi(f',
 'e_qcoN',
 'f\\spm8-',
 "Un''",
 'Z-.v',
 'h}bm|',
 'T$B',
 'k@"W_',
 'O7QsF',
 "gJ6k'",
 '[2@)',
 'C*oG',
 "oh5'",
 'l%rO',
 '~Qp',
 'giBk',
 'xfY.',
 'PrK^+',
 '%`(!B<',
 '?[!kJd',
 'a/mC',
 "'~*:1",
 '#5#Z-8',
 '1>P">',
 "N^g'",
 "P-',",
 'PHvPx',
 'a/03\\',
 '?N}y',
 '|"M\t%',
 '?HLV',
 'Nm?R',
 '1x~!/T-',
 'G(.{',
 '[<C^',
 'eE\\A!',
 '~G1c',
 'E|yK',
 'B{~6',
 "na%'1",
 'A*b5',
 '=89(',
 "`2'<",
 'EVY9)',
 "'8nG",
 'h.{zT',
 '#R^V',
 'ei=D',
 '(_B]',
 'LZcw9',
 '8v2Y',
 '6J*I3U',
 '5($+\\',
 '?WV9',
 '.le&',
 '1&o?#r',
 'i^A4',
 'PI$!',
 'lOoJ',
 'Bx[G',
 '"$4G',
 'o.eh',
 'Yuuhw',
 'X;Hp@',
 ']!y^',
 '4Jl|T',
 'W gp',
 '4KC-<',
 '6T,R+',
 '_z.8',
 '$qhP',
 'jz<J',
 'g$cxR',
 '6cCr',
 '8<V2K',
 '!`\\J',
 'tfrTf',
 '-3D6',
 '3Oi&',
 '!r3&',
 '=Jl?@k?',
 '(KlC',
 '50yu',
 'fCwP',
 'yv ${b',
 'vaL(',
 ...]

In [5]:
def read_strings_file(name, stringpath = '../../../data/strings/'):
    with open(stringpath + name + '.strings', 'r') as f:
        return [line.strip() for line in f.readlines()]

In [9]:
malware = utils.get_mongodb(username='populator')


---------------------------------------------------------------------------
AutoReconnect                             Traceback (most recent call last)
/usr/local/lib/python3.4/site-packages/pymongo/mongo_client.py in __init__(self, host, port, max_pool_size, document_class, tz_aware, _connect, **kwargs)
    373             try:
--> 374                 self._ensure_connected(True)
    375             except AutoReconnect as e:

/usr/local/lib/python3.4/site-packages/pymongo/mongo_client.py in _ensure_connected(self, sync)
    938         """
--> 939         self.__ensure_member()
    940 

/usr/local/lib/python3.4/site-packages/pymongo/mongo_client.py in __ensure_member(self)
    812                 try:
--> 813                     member, nodes = self.__find_node()
    814                     return member

/usr/local/lib/python3.4/site-packages/pymongo/mongo_client.py in __find_node(self)
    903             # Couldn't find a suitable host.
--> 904             raise AutoReconnect(', '.join(errors))
    905 

AutoReconnect: timed out

During handling of the above exception, another exception occurred:

ConnectionFailure                         Traceback (most recent call last)
<ipython-input-9-0abfdb5fe3f2> in <module>()
----> 1 malware = utils.get_mongodb(username='populator')

/Users/carlyhendrickson/git/microsoft_malware_challenge/src/utils/utils.py in get_mongodb(db_address, username, password)
     58         db_address="afruizc-office.cs.unm.edu",
     59 
---> 60     mg = pm.MongoClient(db_address)
     61     if not mg.malware.authenticate(username, password):
     62         sys.stderr.write("Authentication error. Terminating...")

/usr/local/lib/python3.4/site-packages/pymongo/mongo_client.py in __init__(self, host, port, max_pool_size, document_class, tz_aware, _connect, **kwargs)
    375             except AutoReconnect as e:
    376                 # ConnectionFailure makes more sense here than AutoReconnect
--> 377                 raise ConnectionFailure(str(e))
    378 
    379         if username:

ConnectionFailure: timed out

In [7]:
all_files = malware.samples.find()

In [8]:
def insert_string(doc):
    strings = read_strings_file(doc['id'])
    doc['strings']['raw'] = strings

In [ ]:


In [ ]: