From 6beeeebe3c43f0643e521139d3f8b1ff4a7f3059 Mon Sep 17 00:00:00 2001 From: Julien Voisin Date: Thu, 5 Mar 2015 15:36:22 +0100 Subject: Yara is cooler than Python --- modules/entropy.py | 56 ------------------------------------------------------ 1 file changed, 56 deletions(-) delete mode 100644 modules/entropy.py (limited to 'modules/entropy.py') diff --git a/modules/entropy.py b/modules/entropy.py deleted file mode 100644 index 48b2924..0000000 --- a/modules/entropy.py +++ /dev/null @@ -1,56 +0,0 @@ -''' This module uses shannon's Entropy to detect packed malwares -''' -import os -import math -import logging -logging.basicConfig(level=logging.DEBUG) - -import scanmodule - -def main(): - return Entropy() - -class Entropy(scanmodule.ScanModule): - name = 'entropy' - def populate(self, path): - pass - def load(self, path): - pass - def save(self, path): - pass - - def __compute_score(self, path): - return (self.__entropy(path) - 5) * 100 - - def is_malware(self, path): - score = self.__compute_score(path) - logging.info('Entropy score for ' + path + ' : ' + str(score)) - return score > 75 - - def evaluate(self, path): - ''' Computes an arbitraty score for the given path - @ret A sorted list of the form [name, match_in_percent_superior_to_zero] - ''' - score = self.__compute_score(path) - if score > 0: - return [['MALWARE', score],] - return None - - def __entropy(self, path): - ''' Computes shannon's entropy for the given file - @param path Path to the file - ''' - # Computes the frequency of each byte in the file - fsize = max(float(os.path.getsize(path)), 1.0) - - freq = [0] * 256 - with open(path, 'rb') as f: - for c in f.read(): - freq[ord(c)] += 1 - - entropy = 0.0 - for f in freq: - if f: - f /= fsize - entropy += f * math.log(f, 2) - return -entropy -- cgit v1.3