From 330146fb9e012f727e526c150e466b87f05011d1 Mon Sep 17 00:00:00 2001
From: kevross33 <kevross33@gmail.com>
Date: Fri, 4 Oct 2024 17:37:26 +0100
Subject: [PATCH] Update packer_anomaly.py

Correct signature for PE static format
---
 modules/signatures/all/packer_anomaly.py | 20 ++++++++------------
 1 file changed, 8 insertions(+), 12 deletions(-)

diff --git a/modules/signatures/all/packer_anomaly.py b/modules/signatures/all/packer_anomaly.py
index 4143fb94..e9b53e09 100644
--- a/modules/signatures/all/packer_anomaly.py
+++ b/modules/signatures/all/packer_anomaly.py
@@ -15,7 +15,6 @@
 
 from lib.cuckoo.common.abstracts import Signature
 
-
 class PackerUnknownPESectionName(Signature):
     name = "packer_unknown_pe_section_name"
     description = "The binary contains an unknown PE section name indicative of packing"
@@ -58,16 +57,13 @@ def run(self):
             ".xdata",
         ]
 
-        for section in self.results.get("static", {}).get("pe", {}).get("sections", []):
-            if section["name"].lower() not in knownsections:
-                ret = True
-                descmsg = "name: {0}, entropy: {1}, characteristics: {2}, raw_size: {3}, virtual_size: {4}".format(
-                    section["name"],
-                    section["entropy"],
-                    section["characteristics"],
-                    section["size_of_data"],
-                    section["virtual_size"],
-                )
-                self.data.append({"unknown section": descmsg})
+        target = self.results.get("target", {})
+        if target.get("category") in ("file", "static") and target.get("file"):
+            pe = self.results["target"]["file"].get("pe", [])
+            if pe:
+                for section in pe["sections"]:
+                    if section["name"].lower() not in knownsections:
+                        ret = True
+                        self.data.append({"unknown section": section})
 
         return ret