analysis

package
v0.0.0-...-e8a6761 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 5, 2024 License: GPL-3.0 Imports: 23 Imported by: 0

Documentation

Overview

Package analysis is responsable for the malware execution orchestration.

Index

Constants

View Source 
const (
	TimeFormat string = "02-01-2006 15:04:05 MST"
)

Variables

View Source 
var (
	ErrFileEmpty = errors.New("log file is empty") // ErrFileEmpty occurs when the driver log file is empty.
)

Functions

This section is empty.

Types

type Analysis 

type Analysis struct {
	Report *Report // Report represents the final artifact of the analysis process.
	// contains filtered or unexported fields
}

func New 

func New(header *multipart.FileHeader, id string, template int) (*Analysis, error)

New creates an Analysis object.

func (*Analysis) Cleanup 

func (a *Analysis) Cleanup() error

Cleanup deletes the environment after the analysis finished.

func (*Analysis) Run 

func (a *Analysis) Run(parent context.Context) error

Run starts an Analysis.

type Environment 

type Environment struct {
	// contains filtered or unexported fields
}

type FileMetadata 

type FileMetadata struct {
	Filename     string `json:"filename"`
	Extension    string `json:"extension"`
	MimeType     string `json:"mimetype"`
	Size         int64  `json:"size"`
	LastModified string `json:"last_modified"`
	MD5Sum       string `json:"md5sum"`
	SHA1Sum      string `json:"sha1sum"`
	SHA256Sum    string `json:"sha256sum"`
}

Malware sample file information.

type Privilege 

type Privilege struct {
	Name  string `json:"name"`
	Value string `json:"value"`
}

type ProcessMetadata 

type ProcessMetadata struct {
	WindowsRegisters      []WindowsRegisters      `json:"windows_registers"`
	WindowsFS             []WindowsFileSystem     `json:"windows_fs"`
	WindowsBinariesLoaded []WindowsBinariesLoaded `json:"windows_binaries_loaded"`
	WindowsProcess        []WindowsProcess        `json:"windows_process"`
}

Malware process information

type Report 

type Report struct {
	Request RequestMetadata `json:"request_metadata"`
	Process ProcessMetadata `json:"process_metadata"`
}

Report represents the final artifact of the analysis process.

func (*Report) Load 

func (r *Report) Load(id string) error

Load loads the report from the disk to the memory.

func (*Report) LogThis 

func (r *Report) LogThis(message string)

LogThis adds a message to Report.

func (*Report) Save 

func (r *Report) Save(what string) error

Save saves the report or status from memory to disk.

type RequestMetadata 

type RequestMetadata struct {
	Status        string       `json:"status"`
	ID            string       `json:"id"`
	DriverVersion string       `json:"driver_version"`
	TemplateID    int          `json:"template_id"`
	StartTime     string       `json:"start_time"`
	EndTime       string       `json:"end_time"`
	Log           []string     `json:"log"`
	Error         string       `json:"error"`
	File          FileMetadata `json:"file_metadata"`
}

type WindowsBinariesLoaded 

type WindowsBinariesLoaded struct {
	Date          string `json:"date"`
	Time          string `json:"time"`
	InfoType      string `json:"info_type"`
	PID           string `json:"pid"`
	FullImageName string `json:"full_image_name"`
	FileName      string `json:"file_name"`
}

type WindowsFileSystem 

type WindowsFileSystem struct {
	Date            string      `json:"date"`
	Time            string      `json:"time"`
	InfoType        string      `json:"info_type"`
	MJFunc          string      `json:"mj_func"`
	PID             string      `json:"pid"`
	TID             string      `json:"tid"`
	SID             string      `json:"sid"`
	TokenType       string      `json:"token_type"`
	Privileges      []Privilege `json:"privileges"`
	ElevationStatus string      `json:"elevation_status"`
	ImageName       string      `json:"image_name"`
	Path            string      `json:"path"`
	FileName        string      `json:"file_name"`
}

type WindowsProcess 

type WindowsProcess struct {
	Date            string      `json:"date"`
	Time            string      `json:"time"`
	InfoType        string      `json:"info_type"`
	PPID            string      `json:"ppid"`
	PID             string      `json:"pid"`
	Operation       string      `json:"operation"`
	TokenType       string      `json:"token_type"`
	Privileges      []Privilege `json:"privileges"`
	ElevationStatus string      `json:"elevation_status"`
	ParentName      string      `json:"parent_name"`
	ChildName       string      `json:"child_name"`
}

type WindowsRegisters 

type WindowsRegisters struct {
	Date              string `json:"date"`
	Time              string `json:"time"`
	InfoType          string `json:"info_type"`
	RegistryOperation string `json:"registry_operation"`
	Name              string `json:"name"`
	DataType          string `json:"data_type"`
	Data              string `json:"data"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.