analysis

package

v0.0.0-...-e8a6761 Latest Latest Go to latest Published: Dec 5, 2024 License: GPL-3.0 Imports: 23 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/drypb/api

Links

Open Source Insights

Documentation ¶

Overview ¶

Package analysis is responsable for the malware execution orchestration.

Constants ¶

View Source

const (
	TimeFormat string = "02-01-2006 15:04:05 MST"
)

Variables ¶

View Source

var (
	ErrFileEmpty = errors.New("log file is empty") // ErrFileEmpty occurs when the driver log file is empty.
)

Functions ¶

This section is empty.

Types ¶

type Analysis ¶

type Analysis struct {
	Report *Report // Report represents the final artifact of the analysis process.
	// contains filtered or unexported fields
}

func New ¶

func New(header *multipart.FileHeader, id string, template int) (*Analysis, error)

New creates an Analysis object.

func (*Analysis) Cleanup ¶

func (a *Analysis) Cleanup() error

Cleanup deletes the environment after the analysis finished.

func (*Analysis) Run ¶

func (a *Analysis) Run(parent context.Context) error

Run starts an Analysis.

type Environment ¶

type Environment struct {
	// contains filtered or unexported fields
}

type FileMetadata ¶

type FileMetadata struct {
	Filename     string `json:"filename"`
	Extension    string `json:"extension"`
	MimeType     string `json:"mimetype"`
	Size         int64  `json:"size"`
	LastModified string `json:"last_modified"`
	MD5Sum       string `json:"md5sum"`
	SHA1Sum      string `json:"sha1sum"`
	SHA256Sum    string `json:"sha256sum"`
}

Malware sample file information.

type Privilege ¶

type Privilege struct {
	Name  string `json:"name"`
	Value string `json:"value"`
}

type ProcessMetadata ¶

type ProcessMetadata struct {
	WindowsRegisters      []WindowsRegisters      `json:"windows_registers"`
	WindowsFS             []WindowsFileSystem     `json:"windows_fs"`
	WindowsBinariesLoaded []WindowsBinariesLoaded `json:"windows_binaries_loaded"`
	WindowsProcess        []WindowsProcess        `json:"windows_process"`
}

Malware process information

type Report ¶

type Report struct {
	Request RequestMetadata `json:"request_metadata"`
	Process ProcessMetadata `json:"process_metadata"`
}

Report represents the final artifact of the analysis process.

func (*Report) Load ¶

func (r *Report) Load(id string) error

Load loads the report from the disk to the memory.

func (*Report) LogThis ¶

func (r *Report) LogThis(message string)

LogThis adds a message to Report.

func (*Report) Save ¶

func (r *Report) Save(what string) error

Save saves the report or status from memory to disk.

type RequestMetadata ¶

type RequestMetadata struct {
	Status        string       `json:"status"`
	ID            string       `json:"id"`
	DriverVersion string       `json:"driver_version"`
	TemplateID    int          `json:"template_id"`
	StartTime     string       `json:"start_time"`
	EndTime       string       `json:"end_time"`
	Log           []string     `json:"log"`
	Error         string       `json:"error"`
	File          FileMetadata `json:"file_metadata"`
}

type WindowsBinariesLoaded ¶

type WindowsBinariesLoaded struct {
	Date          string `json:"date"`
	Time          string `json:"time"`
	InfoType      string `json:"info_type"`
	PID           string `json:"pid"`
	FullImageName string `json:"full_image_name"`
	FileName      string `json:"file_name"`
}

type WindowsFileSystem ¶

type WindowsFileSystem struct {
	Date            string      `json:"date"`
	Time            string      `json:"time"`
	InfoType        string      `json:"info_type"`
	MJFunc          string      `json:"mj_func"`
	PID             string      `json:"pid"`
	TID             string      `json:"tid"`
	SID             string      `json:"sid"`
	TokenType       string      `json:"token_type"`
	Privileges      []Privilege `json:"privileges"`
	ElevationStatus string      `json:"elevation_status"`
	ImageName       string      `json:"image_name"`
	Path            string      `json:"path"`
	FileName        string      `json:"file_name"`
}

type WindowsProcess ¶

type WindowsProcess struct {
	Date            string      `json:"date"`
	Time            string      `json:"time"`
	InfoType        string      `json:"info_type"`
	PPID            string      `json:"ppid"`
	PID             string      `json:"pid"`
	Operation       string      `json:"operation"`
	TokenType       string      `json:"token_type"`
	Privileges      []Privilege `json:"privileges"`
	ElevationStatus string      `json:"elevation_status"`
	ParentName      string      `json:"parent_name"`
	ChildName       string      `json:"child_name"`
}

type WindowsRegisters ¶

type WindowsRegisters struct {
	Date              string `json:"date"`
	Time              string `json:"time"`
	InfoType          string `json:"info_type"`
	RegistryOperation string `json:"registry_operation"`
	Name              string `json:"name"`
	DataType          string `json:"data_type"`
	Data              string `json:"data"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL