From a797efef8db6f64f9a3829be29b2fadaa7f2c66f Mon Sep 17 00:00:00 2001
From: kevross33 <kevross33@gmail.com>
Date: Fri, 4 Oct 2024 16:15:26 +0100
Subject: [PATCH 1/3] Update packer_nspack.py

Update signature for correct PE static format
---
 modules/signatures/all/packer_nspack.py | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/modules/signatures/all/packer_nspack.py b/modules/signatures/all/packer_nspack.py
index 4a6797c9..44b9b596 100644
--- a/modules/signatures/all/packer_nspack.py
+++ b/modules/signatures/all/packer_nspack.py
@@ -29,9 +29,13 @@ class NsPacked(Signature):
     mbcs = ["OB0001", "OB0002", "OB0006", "F0001"]
 
     def run(self):
-        for section in self.results.get("static", {}).get("pe", {}).get("sections", []):
-            if section["name"].lower().startswith(".nsp"):
-                self.data.append({"section": section})
-                return True
+        target = self.results.get("target", {})
+        if target.get("category") in ("file", "static") and target.get("file"):
+            pe = self.results["target"]["file"].get("pe", [])
+            if pe:
+                for section in pe["sections"]:
+                    if section["name"].lower().startswith(".nsp"):
+                        self.data.append({"section": section})
+                        ret = True         
 
-        return False
+        return ret

From 76fe95769ae7db2aceb9a3e62e67ffb07f7af619 Mon Sep 17 00:00:00 2001
From: kevross33 <kevross33@gmail.com>
Date: Fri, 4 Oct 2024 16:15:47 +0100
Subject: [PATCH 2/3] Update packer_nspack.py

---
 modules/signatures/all/packer_nspack.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/modules/signatures/all/packer_nspack.py b/modules/signatures/all/packer_nspack.py
index 44b9b596..26d52f00 100644
--- a/modules/signatures/all/packer_nspack.py
+++ b/modules/signatures/all/packer_nspack.py
@@ -15,7 +15,6 @@
 
 from lib.cuckoo.common.abstracts import Signature
 
-
 class NsPacked(Signature):
     name = "packer_nspack"
     description = "Executable file is packed/obfuscated with NsPack"

From 73952b8fa4d502d1cf52b3929847dea6f737c97a Mon Sep 17 00:00:00 2001
From: kevross33 <kevross33@gmail.com>
Date: Fri, 4 Oct 2024 16:16:15 +0100
Subject: [PATCH 3/3] Update packer_nspack.py

---
 modules/signatures/all/packer_nspack.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/signatures/all/packer_nspack.py b/modules/signatures/all/packer_nspack.py
index 26d52f00..8e6d2601 100644
--- a/modules/signatures/all/packer_nspack.py
+++ b/modules/signatures/all/packer_nspack.py
@@ -28,6 +28,8 @@ class NsPacked(Signature):
     mbcs = ["OB0001", "OB0002", "OB0006", "F0001"]
 
     def run(self):
+        ret = False
+        
         target = self.results.get("target", {})
         if target.get("category") in ("file", "static") and target.get("file"):
             pe = self.results["target"]["file"].get("pe", [])