CAPE-parsers 0.1.42__py3-none-any.whl → 0.1.44__py3-none-any.whl

{cape_parsers-0.1.42.dist-info → cape_parsers-0.1.44.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: CAPE-parsers
-Version: 0.1.42
+Version: 0.1.44
 Summary: CAPE: Malware Configuration Extraction
 License: MIT
 Keywords: cape,parsers,malware,configuration
@@ -23,7 +23,7 @@ Requires-Dist: pefile
 Requires-Dist: pycryptodomex (>=3.20.0)
 Requires-Dist: rat-king-parser (>=4.1.0)
 Requires-Dist: ruff (>=0.7.2)
-Requires-Dist: unicorn (==2.1.1)
+Requires-Dist: unicorn (>=2.1.1)
 Requires-Dist: yara-python (>=4.5.1)
 Description-Content-Type: text/markdown
 

{cape_parsers-0.1.42.dist-info → cape_parsers-0.1.44.dist-info}/RECORD

@@ -1,6 +1,5 @@
 cape_parsers/CAPE/__init__.py,sha256=JcY8WPKzUFYgexwV1eyKIuT1JyNZzMJjBynlPSzxY_I,7
 cape_parsers/CAPE/community/AgentTesla.py,sha256=T1gUd28eoCGA5by3ylAAK1naenF0fE3jgYx7UBkCRDk,3559
-cape_parsers/CAPE/community/Amadey.py,sha256=LuYt72sYa_c_srekD-H5hzZZQUlcGaeY1iT2HXO2YwE,1258
 cape_parsers/CAPE/community/Arkei.py,sha256=kXn949PC2CksavsL1BgvKgiAUDcq2NQUirosCTQcDF0,3790
 cape_parsers/CAPE/community/AsyncRAT.py,sha256=0nGLNnwnO93SPbCTgoIMvkh6_smuzQxDcYtL77afGx8,1001
 cape_parsers/CAPE/community/AuroraStealer.py,sha256=UUoxgJtDan3fE1r8aDEKweC_URkV97QHBp1Hq_n7ShI,2419
@@ -107,7 +106,7 @@ cape_parsers/utils/blzpack_lib.so,sha256=5PJtnggw8fV5q4DlhwMJk4ZadvC3fFTsVTNZKvE
 cape_parsers/utils/dotnet_utils.py,sha256=pzQGbCqccz7DRv8T_i1JURlrKDIlDT2axxViiFF9hsU,1672
 cape_parsers/utils/lznt1.py,sha256=X-BmJtP6AwYSl0ORg5dfSt-NIuXbHrtCO5kUaaJI2C8,4066
 cape_parsers/utils/strings.py,sha256=a-nbvP9jYST7b6t_H37Ype-fK2jEmQr-wMF5a4i04e4,3062
-cape_parsers-0.1.42.dist-info/LICENSE,sha256=88c01_HLG8WPj7R7aU_b-O-UoF38vrrifvcko4KDxcE,1069
-cape_parsers-0.1.42.dist-info/METADATA,sha256=Oh2BVCGc0yb_4cW3oR2f11JlCKhkXaZoY25ZbSVIZEw,1149
-cape_parsers-0.1.42.dist-info/WHEEL,sha256=b4K_helf-jlQoXBBETfwnf4B04YC67LOev0jo4fX5m8,88
-cape_parsers-0.1.42.dist-info/RECORD,,
+cape_parsers-0.1.44.dist-info/LICENSE,sha256=88c01_HLG8WPj7R7aU_b-O-UoF38vrrifvcko4KDxcE,1069
+cape_parsers-0.1.44.dist-info/METADATA,sha256=4VjbNtdc_w3GCdccHiWb_--tggZS7VT0OpdUG-Cu9DQ,1149
+cape_parsers-0.1.44.dist-info/WHEEL,sha256=b4K_helf-jlQoXBBETfwnf4B04YC67LOev0jo4fX5m8,88
+cape_parsers-0.1.44.dist-info/RECORD,,

cape_parsers/CAPE/community/Amadey.py

@@ -1,43 +0,0 @@
-import base64
-import re
-
-str_hash_data = 'd6052c4fe86a6346964a6bbbe2423e20'
-str_alphabet = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 '
-
-def is_ascii(s):
-    return all(c < 128 or c == 0 for c in s)
-
-def decrypt(str_data, str_hash_data, str_alphabet):
-    str_hash = ''
-
-    for i in range(len(str_data)):
-        str_hash += str_hash_data[i % len(str_hash_data)]
-
-    out = ''
-
-    for i in range(len(str_data)):
-        if str_data[i] not in str_alphabet:
-            out += str_data[i]
-            continue
-        alphabet_count = str_alphabet.find(str_data[i])
-        hash_count = str_alphabet.find(str_hash[i])
-        index_calc = (alphabet_count + len(str_alphabet) - hash_count) % len(str_alphabet)
-        out += str_alphabet[index_calc]
-
-    return base64.b64decode(out)
-
-file_data = open('/tmp/amadey.bin','rb').read()
-
-strings = []
-for m in re.finditer(rb'[a-zA-Z =0-9]{4,}',file_data):
-    strings.append(m.group().decode('utf-8'))
-
-for s in strings:
-    try:
-        temp = decrypt(s, str_hash_data, str_alphabet)
-        if is_ascii(temp) and len(temp) > 3:
-            print(temp.decode('utf-8'))
-    except:
-        continue
-
-decrypt('1RydQIOr3Zcp6emn RYv8IGzgUKS6r5ThSdqDVBERAP2Ir 0JQ1=', str_hash_data, str_alphabet)