From 5edf2c2834f99e15476b5c32d5f18a372b3c2a92 Mon Sep 17 00:00:00 2001
From: kevross33 <kevross33@gmail.com>
Date: Fri, 4 Oct 2024 17:44:20 +0100
Subject: [PATCH] Update packer_aspack.py

Correct signature to PE static format
---
 modules/signatures/all/packer_aspack.py | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/modules/signatures/all/packer_aspack.py b/modules/signatures/all/packer_aspack.py
index a1f56c36..389c5f74 100644
--- a/modules/signatures/all/packer_aspack.py
+++ b/modules/signatures/all/packer_aspack.py
@@ -15,7 +15,6 @@
 
 from lib.cuckoo.common.abstracts import Signature
 
-
 class ASPackPacked(Signature):
     name = "packer_aspack"
     description = "Executable file is packed/obfuscated with ASPack"
@@ -29,9 +28,15 @@ class ASPackPacked(Signature):
     mbcs = ["OB0001", "OB0002", "OB0006", "F0001", "F0001.013"]
 
     def run(self):
-        for section in self.results.get("static", {}).get("pe", {}).get("sections", []):
-            if section["name"].lower().startswith(".aspack"):
-                self.data.append({"section": section})
-                return True
+        ret = False
+
+        target = self.results.get("target", {})
+        if target.get("category") in ("file", "static") and target.get("file"):
+            pe = self.results["target"]["file"].get("pe", [])
+            if pe:
+                for section in pe["sections"]:
+                    if section["name"].lower().startswith("aspack"):
+                        self.data.append({"section": section})
+                        ret = True         
 
-        return False
+        return ret