Update packer_anomaly.py

Correct signature for PE static format
CAPESandbox · Oct 4, 2024 · 330146f · 330146f
1 parent 2bcef9d
commit 330146f
Showing 1 changed file with 8 additions and 12 deletions.
diff --git a/modules/signatures/all/packer_anomaly.py b/modules/signatures/all/packer_anomaly.py
@@ -15,7 +15,6 @@
 
 from lib.cuckoo.common.abstracts import Signature
 
-
 class PackerUnknownPESectionName(Signature):
     name = "packer_unknown_pe_section_name"
     description = "The binary contains an unknown PE section name indicative of packing"
@@ -58,16 +57,13 @@ def run(self):
             ".xdata",
         ]
 
-        for section in self.results.get("static", {}).get("pe", {}).get("sections", []):
-            if section["name"].lower() not in knownsections:
-                ret = True
-                descmsg = "name: {0}, entropy: {1}, characteristics: {2}, raw_size: {3}, virtual_size: {4}".format(
-                    section["name"],
-                    section["entropy"],
-                    section["characteristics"],
-                    section["size_of_data"],
-                    section["virtual_size"],
-                )
-                self.data.append({"unknown section": descmsg})
+        target = self.results.get("target", {})
+        if target.get("category") in ("file", "static") and target.get("file"):
+            pe = self.results["target"]["file"].get("pe", [])
+            if pe:
+                for section in pe["sections"]:
+                    if section["name"].lower() not in knownsections:
+                        ret = True
+                        self.data.append({"unknown section": section})
 
         return ret