Best Python code snippet using ATX
antisandbox_unhook.py
Source:antisandbox_unhook.py
1# Copyright (C) 2014 Claudio "nex" Guarnieri (@botherder), Accuvant, Inc. (bspengler@accuvant.com)2#3# This program is free software: you can redistribute it and/or modify4# it under the terms of the GNU General Public License as published by5# the Free Software Foundation, either version 3 of the License, or6# (at your option) any later version.7#8# This program is distributed in the hope that it will be useful,9# but WITHOUT ANY WARRANTY; without even the implied warranty of10# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the11# GNU General Public License for more details.12#13# You should have received a copy of the GNU General Public License14# along with this program. If not, see <http://www.gnu.org/licenses/>.15from lib.cuckoo.common.abstracts import Signature16class Unhook(Signature):17 name = "antisandbox_unhook"18 description = "Tries to unhook or modify Windows functions monitored by Cuckoo"19 severity = 320 confidence = 6021 categories = ["anti-sandbox"]22 authors = ["nex","Accuvant"]23 minimum = "1.2"24 evented = True25 filter_categories = set(["__notification__"])26 def __init__(self, *args, **kwargs):27 Signature.__init__(self, *args, **kwargs)28 self.saw_unhook = False29 self.unhook_info = set()30 def on_call(self, call, process):31 subcategory = self.check_argument_call(call,32 api="__anomaly__",33 name="Subcategory",34 pattern="unhook")35 if subcategory:36 self.saw_unhook = True37 funcname = self.get_argument(call, "FunctionName")38 if funcname != "":39 if (funcname != "SetUnhandledExceptionFilter" and funcname != "SetWindowsHookExW" and funcname != "UnhookWindowsHookEx" and40 funcname != "CoCreateInstance") or self.get_argument(call, "UnhookType") != "modification":41 self.unhook_info.add("function_name: " + funcname + ", type: " + self.get_argument(call, "UnhookType"))42 43 def on_complete(self):44 if len(self.unhook_info) > 5:45 weight = len(self.unhook_info)46 confidence = 10047 if not self.unhook_info:48 self.saw_unhook = False49 for info in self.unhook_info:50 self.data.append({"unhook" : info })...
Learn to execute automation testing from scratch with LambdaTest Learning Hub. Right from setting up the prerequisites to run your first automation test, to following best practices and diving deeper into advanced test scenarios. LambdaTest Learning Hubs compile a list of step-by-step guides to help you be proficient with different test automation frameworks i.e. Selenium, Cypress, TestNG etc.
You could also refer to video tutorials over LambdaTest YouTube channel to get step by step demonstration from industry experts.
Get 100 minutes of automation test minutes FREE!!