diff --git a/modules/signatures/binary_yara.py b/modules/signatures/binary_yara.py
index 5000e999..9da0df8a 100644
--- a/modules/signatures/binary_yara.py
+++ b/modules/signatures/binary_yara.py
@@ -15,6 +15,7 @@
 
 from lib.cuckoo.common.abstracts import Signature
 
+
 class BinaryTriggeredYARA(Signature):
     name = "binary_yara"
     description = "Binary file triggered YARA rule"
@@ -23,7 +24,7 @@ class BinaryTriggeredYARA(Signature):
     weight = 1
     enabled = True
     categories = ["static"]
-    authors = ["Yasin Tas",  "Eye Security"]
+    authors = ["Yasin Tas", "Eye Security"]
     minimum = "1.3"
 
     def run(self):
@@ -37,7 +38,7 @@ def run(self):
                 if count > 1:
                     self.description = "Binary file triggered multiple YARA rules"
                 elif count > 3:
-                    self.weight = 3    
+                    self.weight = 3
             return True
         else:
-            return False
\ No newline at end of file
+            return False
diff --git a/modules/signatures/credential_access_phishingkit.py b/modules/signatures/credential_access_phishingkit.py
index 43097bc5..f408bfcf 100644
--- a/modules/signatures/credential_access_phishingkit.py
+++ b/modules/signatures/credential_access_phishingkit.py
@@ -13,10 +13,10 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-from lib.cuckoo.common.abstracts import Signature
-
 import re
 
+from lib.cuckoo.common.abstracts import Signature
+
 try:
     from chepy import Chepy
 except ImportError:
@@ -24,18 +24,18 @@
 
 import base64
 
+
 class HTMLPhisher_0(Signature):
     name = "phishing_kit_detected"
     description = "Phishing Kit Detected, sample is trying to harvest credentials"
     severity = 3
     confidence = 100
-    categories = ["credential_access","evasion","infostealer","phishing", "static"]
-    authors = ["Yasin Tas",  "Eye Security"]
+    categories = ["credential_access", "evasion", "infostealer", "phishing", "static"]
+    authors = ["Yasin Tas", "Eye Security"]
     references = [
         "https://securelist.com/phishing-kit-market-whats-inside-off-the-shelf-phishing-packages/106149/",
-        "https://socradar.io/what-is-a-phishing-kit/"
-        "https://github.com/SteveD3/kit_hunter/tree/master/tag_files"
-        ]
+        "https://socradar.io/what-is-a-phishing-kit/" "https://github.com/SteveD3/kit_hunter/tree/master/tag_files",
+    ]
     enabled = True
     minimum = "1.2"
     ttps = ["T1111", "T1193", "T1140"]  # MITRE v6
@@ -47,10 +47,10 @@ def run(self):
         if self.results["info"]["package"] == "edge" or self.results["info"]["package"] == "html":
             if "strings" not in self.results["target"]["file"] or self.results["target"]["file"]["strings"] == []:
                 return False
-            strings =  self.results["target"]["file"]["strings"]
+            strings = self.results["target"]["file"]["strings"]
             regex_decodedURL = r"unescape\( \'([^&]+?)\' \) \);</script>"
-            data = ''.join(strings)
-            decodeString = re.search(regex_decodedURL,data)
+            data = "".join(strings)
+            decodeString = re.search(regex_decodedURL, data)
             if decodeString:
                 self.description = "File obfuscation detected, with url encoding"
                 decodeString = decodeString.group(1)
@@ -58,9 +58,9 @@ def run(self):
                 regex_user = r'var encoded_string = "([^&]+?)"'
                 regex_url = r"var url =  window.atob\('([^&]+?)'\)"
                 regex_post_url = r'window\.location\.href="([^&]+.*)";'
-                user = re.search(regex_user,decoded_string)
-                url = re.search(regex_url,decoded_string)
-                post_url = re.search(regex_post_url,decoded_string)
+                user = re.search(regex_user, decoded_string)
+                url = re.search(regex_url, decoded_string)
+                post_url = re.search(regex_post_url, decoded_string)
                 if user and url and post_url:
                     self.weight = 3
                     self.families = ["HTMLPhisher_2023"]
@@ -71,17 +71,17 @@ def run(self):
                     return True
         return False
 
+
 class HTMLPhisher_1(Signature):
     name = "phishing_kit_detected"
     description = "Phishing Kit Detected, sample is trying to harvest credentials"
     severity = 3
     confidence = 100
-    categories = ["credential_access","evasion","infostealer","phishing", "static"]
-    authors = ["Yasin Tas",  "Eye Security"]
+    categories = ["credential_access", "evasion", "infostealer", "phishing", "static"]
+    authors = ["Yasin Tas", "Eye Security"]
     references = [
-    "https://securelist.com/phishing-kit-market-whats-inside-off-the-shelf-phishing-packages/106149/",
-    "https://socradar.io/what-is-a-phishing-kit/"
-    "https://github.com/SteveD3/kit_hunter/tree/master/tag_files"
+        "https://securelist.com/phishing-kit-market-whats-inside-off-the-shelf-phishing-packages/106149/",
+        "https://socradar.io/what-is-a-phishing-kit/" "https://github.com/SteveD3/kit_hunter/tree/master/tag_files",
     ]
     enabled = True
     minimum = "1.2"
@@ -95,23 +95,23 @@ def run(self):
             if "strings" not in self.results["target"]["file"] or self.results["target"]["file"]["strings"] == []:
                 return False
             strings = self.results["target"]["file"]["strings"]
-            data = ''.join(strings)
-            regex_decoded = [ 
+            data = "".join(strings)
+            regex_decoded = [
                 r"unescape\(\'([^&]+?)\'\)\); </script>",
                 r"unescape\( \'([^&]+?)\' \) \);</script>",
                 r"unescape\(\'([^&]+?)\'\) \);</script>",
                 r"unescape\( \'([^&]+?)\'\) \);</script>",
             ]
             for regex in regex_decoded:
-                decodeString = re.search(regex,data)
+                decodeString = re.search(regex, data)
                 if decodeString:
                     decodeString = decodeString.group(1)
                     decoded_string = Chepy(decodeString).url_decode().url_decode().o
                     self.description = "File obfuscation detected, with url encoding"
                     regex_user = r'value="([^&]+?)"'
                     regex_url = r"url: '([^&]+?)',"
-                    user = re.search(regex_user,decoded_string)
-                    url = re.search(regex_url,decoded_string)
+                    user = re.search(regex_user, decoded_string)
+                    url = re.search(regex_url, decoded_string)
                     if user and url:
                         self.weight = 3
                         self.families = ["HTMLPhisher_2023"]
@@ -120,18 +120,18 @@ def run(self):
                         self.data.append({"user": user.group(1)})
                         return True
             return False
-        
+
+
 class HTMLPhisher_2(Signature):
     name = "phishing_kit_detected"
     description = "Phishing Kit Detected, sample is trying to harvest credentials"
     severity = 3
     confidence = 100
-    categories = ["credential_access","evasion","infostealer","phishing", "static"]
-    authors = ["Yasin Tas",  "Eye Security"]
+    categories = ["credential_access", "evasion", "infostealer", "phishing", "static"]
+    authors = ["Yasin Tas", "Eye Security"]
     references = [
-    "https://securelist.com/phishing-kit-market-whats-inside-off-the-shelf-phishing-packages/106149/",
-    "https://socradar.io/what-is-a-phishing-kit/"
-    "https://github.com/SteveD3/kit_hunter/tree/master/tag_files"
+        "https://securelist.com/phishing-kit-market-whats-inside-off-the-shelf-phishing-packages/106149/",
+        "https://socradar.io/what-is-a-phishing-kit/" "https://github.com/SteveD3/kit_hunter/tree/master/tag_files",
     ]
     enabled = True
     minimum = "1.2"
@@ -145,12 +145,12 @@ def run(self):
             if "strings" not in self.results["target"]["file"] or self.results["target"]["file"]["strings"] == []:
                 return False
             strings = self.results["target"]["file"]["strings"]
-            data = ''.join(strings)
-        
+            data = "".join(strings)
+
             regex_user = r"<input  name=\"login\" type=\"email\" value=\"([^&]+?)\" disabled>"
             regex_url = r"<form method=\"post\" action=\"([^&]+?)\">"
-            user = re.search(regex_user,data)
-            url = re.search(regex_url,data)
+            user = re.search(regex_user, data)
+            url = re.search(regex_url, data)
             if user and url:
                 self.weight = 3
                 self.families = ["HTMLPhisher_2023"]
@@ -158,4 +158,4 @@ def run(self):
                 self.data.append({"url": url.group(1)})
                 self.data.append({"user": user.group(1)})
                 return True
-            return False
\ No newline at end of file
+            return False
diff --git a/modules/signatures/suspicious_html.py b/modules/signatures/suspicious_html.py
index 18e91656..393d3f86 100644
--- a/modules/signatures/suspicious_html.py
+++ b/modules/signatures/suspicious_html.py
@@ -13,48 +13,47 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-from lib.cuckoo.common.abstracts import Signature
-    
 import re
 
+from lib.cuckoo.common.abstracts import Signature
+
+
 class suspiciousHRML_Body(Signature):
     name = "suspicious_html_body"
     description = "Sample contains suspicious HTML body"
     severity = 1
     confidence = 100
     categories = ["phishing", "static"]
-    authors = ["Yasin Tas",  "Eye Security"]
+    authors = ["Yasin Tas", "Eye Security"]
     references = [
-    "https://securelist.com/phishing-kit-market-whats-inside-off-the-shelf-phishing-packages/106149/",
-    "https://socradar.io/what-is-a-phishing-kit/"
-    "https://github.com/SteveD3/kit_hunter/tree/master/tag_files"
+        "https://securelist.com/phishing-kit-market-whats-inside-off-the-shelf-phishing-packages/106149/",
+        "https://socradar.io/what-is-a-phishing-kit/" "https://github.com/SteveD3/kit_hunter/tree/master/tag_files",
     ]
     enabled = True
     evented = True
     minimum = "1.2"
     ttps = ["T1566.001"]  # MITRE v6,7,8
     mbcs = ["C0029.003"]  # micro-behaviour
-        
+
     def run(self):
-        packages = ['html', 'edge', 'chrome', 'firefox']
+        packages = ["html", "edge", "chrome", "firefox"]
         indicators = [
-                'password',
-                'email',
-                'username',
-                'encoded_string',
-                'url',
-                '// remove email, and put ur mailer code',
-                'headers'
-                'tokenName',
-                'headers',
-            ]
+            "password",
+            "email",
+            "username",
+            "encoded_string",
+            "url",
+            "// remove email, and put ur mailer code",
+            "headers" "tokenName",
+            "headers",
+        ]
         if self.results["info"]["package"] in packages:
             if "strings" in self.results["target"]["file"]:
                 strings = self.results["target"]["file"]["strings"]
-                data = ''.join(strings)
+                data = "".join(strings)
                 for indicator in indicators:
                     if indicator in data:
-                        self.add_match(None, 'string', f'Found {indicator} in HTML body')
+                        self.add_match(None, "string", f"Found {indicator} in HTML body")
         return self.has_matches()
 
 
@@ -64,79 +63,77 @@ class suspiciousHTML_Title(Signature):
     severity = 1
     confidence = 100
     categories = ["phishing", "static"]
-    authors = ["Yasin Tas",  "Eye Security"]
+    authors = ["Yasin Tas", "Eye Security"]
     references = [
-    "https://securelist.com/phishing-kit-market-whats-inside-off-the-shelf-phishing-packages/106149/",
-    "https://socradar.io/what-is-a-phishing-kit/"
-    "https://github.com/SteveD3/kit_hunter/tree/master/tag_files"
+        "https://securelist.com/phishing-kit-market-whats-inside-off-the-shelf-phishing-packages/106149/",
+        "https://socradar.io/what-is-a-phishing-kit/" "https://github.com/SteveD3/kit_hunter/tree/master/tag_files",
     ]
     enabled = True
     minimum = "1.2"
     ttps = ["T1566.001"]  # MITRE v6,7,8
     mbcs = ["C0029.003"]  # micro-behaviour
-    
+
     def run(self):
-        
-        packages = ['html', 'edge', 'chrome', 'firefox']
+
+        packages = ["html", "edge", "chrome", "firefox"]
         indicators = [
-            'Please wait',
-            'Sign in',
-            '<title></title>', # Empty title
-            'Redirecting',
-                    ]
-        
-        title_regex = re.compile(r'<\s*title[^>]*>(.*?)<\/\s*title\s*>')
+            "Please wait",
+            "Sign in",
+            "<title></title>",  # Empty title
+            "Redirecting",
+        ]
+
+        title_regex = re.compile(r"<\s*title[^>]*>(.*?)<\/\s*title\s*>")
 
         if self.results["info"]["package"] in packages:
             if "strings" in self.results["target"]["file"]:
                 strings = self.results["target"]["file"]["strings"]
-                data = ''.join(strings)
+                data = "".join(strings)
                 title = title_regex.search(data)
                 if not title:
                     self.description = "Sample contains empty HTML title"
-                    self.add_match(None, 'string', 'Empty HTML title')
+                    self.add_match(None, "string", "Empty HTML title")
                 else:
                     for indicator in indicators:
                         if indicator in title.group(1):
-                            self.add_match(None, 'string', f'Found {indicator} in HTML title')
-                            
+                            self.add_match(None, "string", f"Found {indicator} in HTML title")
+
         return self.has_matches()
 
+
 class suspiciousHTML_Filename(Signature):
     name = "suspicious_html_name"
     description = "Sample contains suspicious HTML name"
     severity = 1
     confidence = 80
     categories = ["phishing", "static"]
-    authors = ["Yasin Tas",  "Eye Security"]
+    authors = ["Yasin Tas", "Eye Security"]
     references = [
-    "https://securelist.com/phishing-kit-market-whats-inside-off-the-shelf-phishing-packages/106149/",
-    "https://socradar.io/what-is-a-phishing-kit/"
-    "https://github.com/SteveD3/kit_hunter/tree/master/tag_files"
+        "https://securelist.com/phishing-kit-market-whats-inside-off-the-shelf-phishing-packages/106149/",
+        "https://socradar.io/what-is-a-phishing-kit/" "https://github.com/SteveD3/kit_hunter/tree/master/tag_files",
     ]
-    enabled = True      
+    enabled = True
     minimum = "1.2"
     ttps = ["T1566.001"]  # MITRE v6,7,8
     mbcs = ["C0029.003"]  # micro-behaviour
-    
+
     def run(self):
-        packages = ['html', 'edge', 'chrome', 'firefox']
+        packages = ["html", "edge", "chrome", "firefox"]
         indicators = [
-            'payment',
-            'remittence',
-            'remmitance '
-            'invoice',
-            'inv',
-            'voicemail',
-            'remit',
-            'voice',
-            'statement',
-                      ]
-        
+            "payment",
+            "remittence",
+            "remmitance " "invoice",
+            "inv",
+            "voicemail",
+            "remit",
+            "voice",
+            "statement",
+        ]
+
         if self.results["info"]["package"] in packages:
             name = self.results["target"]["file"]["name"]
             lower = name.lower()
             for indicator in indicators:
                 if indicator in lower:
-                    self.add_match(None, 'string', f'Found {indicator} in HTML name')
-        return self.has_matches()
\ No newline at end of file
+                    self.add_match(None, "string", f"Found {indicator} in HTML name")
+        return self.has_matches()
diff --git a/modules/signatures/windows/antivm_generic_cpu.py b/modules/signatures/windows/antivm_generic_cpu.py
index b7c84c5b..2902ec10 100644
--- a/modules/signatures/windows/antivm_generic_cpu.py
+++ b/modules/signatures/windows/antivm_generic_cpu.py
@@ -29,11 +29,13 @@ class AntiVMCPU(Signature):
     mbcs = ["OB0001", "B0009", "B0009.005", "B0009.024", "OB0007", "E1082"]
     mbcs += ["OC0008", "C0036", "C0036.005"]  # micro-behaviour
 
-    filter_apinames = set([
-        "RegQueryValueExW", 
-        "RegQueryValueExA",
-        "NtQueryValueKey",
-        ])
+    filter_apinames = set(
+        [
+            "RegQueryValueExW",
+            "RegQueryValueExA",
+            "NtQueryValueKey",
+        ]
+    )
     filter_categories = set(["registry"])
 
     def __init__(self, *args, **kwargs):
@@ -58,6 +60,6 @@ def on_call(self, call, process):
             )
             if match:
                 self.add_match(process, "registry", match)
-                            
+
     def on_complete(self):
-        return self.has_matches()
\ No newline at end of file
+        return self.has_matches()
diff --git a/modules/signatures/windows/antivm_generic_disk.py b/modules/signatures/windows/antivm_generic_disk.py
index 23a2b1bf..3ddf0714 100644
--- a/modules/signatures/windows/antivm_generic_disk.py
+++ b/modules/signatures/windows/antivm_generic_disk.py
@@ -51,7 +51,7 @@ def __init__(self, *args, **kwargs):
     def on_call(self, call, process):
         if process["process_name"].lower() in self.office_proc_list:
             return False
-        
+
         ioctls = [
             0x2D1400,  # IOCTL_STORAGE_QUERY_PROPERTY
             0x70000,  # IOCTL_DISK_GET_DRIVE_GEOMETRY
diff --git a/modules/signatures/windows/antivm_generic_system.py b/modules/signatures/windows/antivm_generic_system.py
index 3e96b318..cba852de 100644
--- a/modules/signatures/windows/antivm_generic_system.py
+++ b/modules/signatures/windows/antivm_generic_system.py
@@ -30,9 +30,11 @@ class AntiVMSystem(Signature):
     mbcs += ["OC0008", "C0036", "C0036.005"]  # micro-behaviour
     evented = True
 
-    filter_category = set([
-        "registry",
-    ])
+    filter_category = set(
+        [
+            "registry",
+        ]
+    )
 
     def __init__(self, *args, **kwargs):
         Signature.__init__(self, *args, **kwargs)
@@ -45,17 +47,20 @@ def __init__(self, *args, **kwargs):
             "acrord32.exe",
             "acrord64.exe",
         ]
+
     def on_call(self, call, process):
         pname = process["process_name"].lower()
         if pname in self.office_proc_list:
             return False
         else:
-            match = self.check_argument_call(call, 
-                                             pattern=".*\\\\SYSTEM\\\\(CurrentControlSet|ControlSet001)\\\\Control\\\\SystemInformation\\\\SystemManufacturer$", 
-                                             category="registry",
-                                             regex=True)    
+            match = self.check_argument_call(
+                call,
+                pattern=".*\\\\SYSTEM\\\\(CurrentControlSet|ControlSet001)\\\\Control\\\\SystemInformation\\\\SystemManufacturer$",
+                category="registry",
+                regex=True,
+            )
         if match:
             self.add_match(process, "registry", match)
 
     def on_complete(self):
-        return self.has_matches()
\ No newline at end of file
+        return self.has_matches()
diff --git a/modules/signatures/windows/browser_proxy.py b/modules/signatures/windows/browser_proxy.py
index 5e0c17a1..f8ce530a 100644
--- a/modules/signatures/windows/browser_proxy.py
+++ b/modules/signatures/windows/browser_proxy.py
@@ -62,7 +62,7 @@ def __init__(self, *args, **kwargs):
             ".*\\\\SOFTWARE\\\\(Wow6432Node\\\\)?Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet\\ Settings\\\\Wpad\\\\[^\\\\]*\\\\WpadDecision$",
             ".*\\\\SOFTWARE\\\\(Wow6432Node\\\\)?Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet\\ Settings\\\\Wpad\\\\[^\\\\]*\\\\WpadNetworkName$",
         ]
-        
+
     def on_call(self, call, process):
         if process["process_name"].lower() in self.proc_safelist:
             return False
diff --git a/modules/signatures/windows/http_request.py b/modules/signatures/windows/http_request.py
index 89fa1f52..e223e2a4 100644
--- a/modules/signatures/windows/http_request.py
+++ b/modules/signatures/windows/http_request.py
@@ -46,7 +46,7 @@ def on_call(self, call, process):
             host = self.get_argument(call, "ServerName")
             port = self.get_argument(call, "ServerPort")
             self.lasthost = host
-            if any(domain in host for domain in domain_passlist) :
+            if any(domain in host for domain in domain_passlist):
                 return None
             if host not in self.request:
                 self.request[host] = dict()
diff --git a/modules/signatures/windows/infostealer_cookies.py b/modules/signatures/windows/infostealer_cookies.py
index 4e7659ea..ffcdb7bb 100644
--- a/modules/signatures/windows/infostealer_cookies.py
+++ b/modules/signatures/windows/infostealer_cookies.py
@@ -44,24 +44,27 @@ def __init__(self, *args, **kwargs):
             ".*\\\\Opera Software\\\\Opera Stable\\\\Cookies$",
             ".*\\\\Brave-Browser\\\\User Data\\\\.*\\\\Cookies$",
         ]
-        self.safe_indicators = ["chrome.exe", 
-                                "firefox.exe",
-                                "opera.exe", 
-                                "msedge.exe", 
-                                "acrobat.exe",
-                                "excel.exe",
-                                "winword.exe",
-                                ]
+        self.safe_indicators = [
+            "chrome.exe",
+            "firefox.exe",
+            "opera.exe",
+            "msedge.exe",
+            "acrobat.exe",
+            "excel.exe",
+            "winword.exe",
+        ]
+
     def on_call(self, call, process):
         pname = process["process_name"].lower()
         if pname in self.safe_indicators:
             return False
         else:
             for indicator in self.indicators:
-                match = self.check_argument_call(call, pattern=indicator, api="NtQueryAttributesFile", category="filesystem", regex=True)
+                match = self.check_argument_call(
+                    call, pattern=indicator, api="NtQueryAttributesFile", category="filesystem", regex=True
+                )
                 if match:
-                    self.add_match(process, 'file', match)
-
+                    self.add_match(process, "file", match)
 
     def on_complete(self):
-        return self.has_matches()
\ No newline at end of file
+        return self.has_matches()
diff --git a/modules/signatures/windows/network_docfile_http.py b/modules/signatures/windows/network_docfile_http.py
index 490fd020..af36851a 100644
--- a/modules/signatures/windows/network_docfile_http.py
+++ b/modules/signatures/windows/network_docfile_http.py
@@ -17,6 +17,7 @@
 
 from data.safelist.domains import domain_passlist
 
+
 class NetworkDocumentHTTP(Signature):
     name = "network_document_http"
     description = "A document file initiated network communications indicative of a potential exploit or payload download"
@@ -89,10 +90,10 @@ def on_complete(self):
             len(self.data) == 1
             and "http_request" in self.data[0]
             and self.data[0]["http_request"].startswith("acrord32.exe_WSASend_get /10/rdr/enu/win/nooem/none/message.zip")
-            and self.check_url("http://acroipm.adobe.com/10/rdr/ENU/win/nooem/none/message.zip")    
+            and self.check_url("http://acroipm.adobe.com/10/rdr/ENU/win/nooem/none/message.zip")
         ):
             return False
-        
+
         if self.data:
             return True
 
diff --git a/modules/signatures/windows/network_payload_download.py b/modules/signatures/windows/network_payload_download.py
index b339702d..c87f3a00 100644
--- a/modules/signatures/windows/network_payload_download.py
+++ b/modules/signatures/windows/network_payload_download.py
@@ -17,6 +17,7 @@
 
 from data.safelist.domains import domain_passlist
 
+
 class NetworkDocumentFile(Signature):
     name = "network_document_file"
     description = "A document or script file initiated network communications indicative of a potential exploit or payload download"
diff --git a/modules/signatures/windows/windows_utilities.py b/modules/signatures/windows/windows_utilities.py
index c3ce8601..98307c08 100644
--- a/modules/signatures/windows/windows_utilities.py
+++ b/modules/signatures/windows/windows_utilities.py
@@ -21,13 +21,15 @@ class UsesWindowsUtilitiesScheduler(Signature):
 
     evented = True
 
-    filter_processnames = set([
-                "at ",
-                "at.exe",
-                "schtasks",
-                "schtasks.exe",
-            ])
-        
+    filter_processnames = set(
+        [
+            "at ",
+            "at.exe",
+            "schtasks",
+            "schtasks.exe",
+        ]
+    )
+
     def on_call(self, _, process):
         if process["process_name"].lower() in self.filter_processnames:
             self.ttps += ["T1053.005"] if process["process_name"].lower() == "schtasks" else ["T1053.002"]  # MITRE v7,8
@@ -39,6 +41,7 @@ def on_call(self, _, process):
             return True
         return False
 
+
 class UsesWindowsUtilities(Signature):
     name = "uses_windows_utilities"
     description = "Uses Windows utilities for basic functionality"
@@ -118,12 +121,17 @@ def run(self):
             lower = cmdline.lower()
             for utility in utilities:
                 if re.search(utility, lower):
-                    if utility in lower and "-" + utility not in lower and not any(re.search(whitelist_regex, cmdline) for whitelist_regex in whitelist):
+                    if (
+                        utility in lower
+                        and "-" + utility not in lower
+                        and not any(re.search(whitelist_regex, cmdline) for whitelist_regex in whitelist)
+                    ):
                         ret = True
                         self.data.append({"command": cmdline})
 
         return ret
 
+
 GENERIC_CMD = '"c:\\windows\\system32\\cmd.exe" /c start /wait "" '
 SUBSEQUENT_GENERIC_CMD = "c:\\windows\\system32\\cmd.exe  /k "
 
@@ -519,7 +527,6 @@ def run(self):
         return False
 
 
-
 class UsesWindowsUtilitiesAppCmd(Signature):
     name = "uses_windows_utilities_appcmd"
     description = "Uses the IIS Command Line Tool, likely for installing a service or loading a file"