added ELGG & added Binary match to scanner

2018-06-07 08:34:38 +02:00
parent a272b428f0
commit e2329ce9b9
3 changed files with 7 additions and 1 deletions
--- a/scan.py
+++ b/scan.py
@@ -243,6 +243,7 @@ scoring = {
  'EITEST':                   (65, u'Eitest'),
  'CRYPTO':                   (65, u'Cryptocurrency Miners'),
  'HTML_JS':                  (20, u'HTML & Javascript Malware'),
+  'BINARY':                   (10, u'Binary File - Possible LRE or CryptoMiner'),
 }


@@ -560,6 +561,10 @@ def is_hacked(filename):
            score.append(('HTML_JS', ''))
        previous_line = l

+        if 'PROT_EXEC|PROT_WRITE failed.' in l \
+            or 'This file is packed with the UPX executable packer' in l:
+            score.append(('BINARY', ''))
+
    if line_num < 20:
        score.append(('FEW_LINES', '%i lines' % line_num))
    elif line_num < 100: