PyPI - CAPE-parsers - Versions diffs - 0.1.60__py3-none-any.whl → 0.1.61__py3-none-any.whl - Mend

CAPE-parsers 0.1.60py3-none-any.whl → 0.1.61py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

cape_parsers/CAPE/core/AuraStealer.py CHANGED Viewed

@@ -40,14 +40,16 @@ def decrypt(data: bytes) -> Tuple[bytes, bytes, bytes]:
 def extract_config(data: bytes) -> Dict[str, Any]:
     cfg: Dict[str, Any] = {}
     plaintext = b""
+    data_section = None
     pe = pefile.PE(data=data, fast_load=True)
-    try:
-        data_section = [s for s in pe.sections if s.Name.find(b".data") != -1][0]
-    except IndexError:
-        return cfg
+    for s in pe.sections:
+        name = s.Name.decode("utf-8", errors="ignore").rstrip("\x00")
+        if name in ("UPX1", ".data"):
+            data_section = s
+            break
-    if not data_section:
+    if data_section is None:
         return cfg
     data = data_section.get_data()

{cape_parsers-0.1.60.dist-info → cape_parsers-0.1.61.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: CAPE-parsers
-Version: 0.1.60
+Version: 0.1.61
 Summary: CAPE: Malware Configuration Extraction
 License: MIT
 License-File: LICENSE

{cape_parsers-0.1.60.dist-info → cape_parsers-0.1.61.dist-info}/RECORD RENAMED Viewed

@@ -30,7 +30,7 @@ cape_parsers/CAPE/community/XWorm.py,sha256=0-FRT3d2x63KQ_cs1xmKFj7x0JRf7ID6QDc_
 cape_parsers/CAPE/community/XenoRAT.py,sha256=0-FRT3d2x63KQ_cs1xmKFj7x0JRf7ID6QDc_DvBa0PM,1003
 cape_parsers/CAPE/community/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cape_parsers/CAPE/core/AdaptixBeacon.py,sha256=j1PN5yYQG9smdzU8lHtIy7wXYZRYPC2doegwNuTb7E4,3462
-cape_parsers/CAPE/core/AuraStealer.py,sha256=RSiclflsvcrcNLHpRokc_qF2cdQKXGBKg8Ti-Q-XmaM,3021
+cape_parsers/CAPE/core/AuraStealer.py,sha256=t1HBlQuoC1Lud648L12PujUE6S0th8bLVywvvfEkDNQ,3097
 cape_parsers/CAPE/core/Azorult.py,sha256=YkMIhC6zRTxEkLVMUdr2MMsbV9iAnZ8hUS8be9GZ5N4,2150
 cape_parsers/CAPE/core/BitPaymer.py,sha256=HQwoE0o7HMiXItxE08vBenf2ZWMxZp84-Hf_1eZ8QdE,3050
 cape_parsers/CAPE/core/BlackDropper.py,sha256=sCSu2T5oPvcFHlSAzSsLj_gCv2Tldl0UPguwy0MVg6A,3282
@@ -112,7 +112,7 @@ cape_parsers/utils/blzpack_lib.so,sha256=5PJtnggw8fV5q4DlhwMJk4ZadvC3fFTsVTNZKvE
 cape_parsers/utils/dotnet_utils.py,sha256=pzQGbCqccz7DRv8T_i1JURlrKDIlDT2axxViiFF9hsU,1672
 cape_parsers/utils/lznt1.py,sha256=X-BmJtP6AwYSl0ORg5dfSt-NIuXbHrtCO5kUaaJI2C8,4066
 cape_parsers/utils/strings.py,sha256=a-nbvP9jYST7b6t_H37Ype-fK2jEmQr-wMF5a4i04e4,3062
-cape_parsers-0.1.60.dist-info/METADATA,sha256=uC0gVg_hKpZuVrHSLzKie3I0QsGgFOahOkC-TOk8BMQ,1826
-cape_parsers-0.1.60.dist-info/WHEEL,sha256=zp0Cn7JsFoX2ATtOhtaFYIiE2rmFAD4OcMhtUki8W3U,88
-cape_parsers-0.1.60.dist-info/licenses/LICENSE,sha256=88c01_HLG8WPj7R7aU_b-O-UoF38vrrifvcko4KDxcE,1069
-cape_parsers-0.1.60.dist-info/RECORD,,
+cape_parsers-0.1.61.dist-info/METADATA,sha256=b5-fy-23Df12UchoLK2vRS3hAusCPLYcPTy9FC3WRj0,1826
+cape_parsers-0.1.61.dist-info/WHEEL,sha256=zp0Cn7JsFoX2ATtOhtaFYIiE2rmFAD4OcMhtUki8W3U,88
+cape_parsers-0.1.61.dist-info/licenses/LICENSE,sha256=88c01_HLG8WPj7R7aU_b-O-UoF38vrrifvcko4KDxcE,1069
+cape_parsers-0.1.61.dist-info/RECORD,,

{cape_parsers-0.1.60.dist-info → cape_parsers-0.1.61.dist-info}/WHEEL RENAMED Viewed

File without changes

{cape_parsers-0.1.60.dist-info → cape_parsers-0.1.61.dist-info}/licenses/LICENSE RENAMED Viewed

File without changes

CAPE-parsers 0.1.60__py3-none-any.whl → 0.1.61__py3-none-any.whl

CAPE-parsers 0.1.60py3-none-any.whl → 0.1.61py3-none-any.whl