save

Author: karust

parse_log.py

@@ -7,14 +7,13 @@
 import hashlib
 
 # Anti-error: https://stackoverflow.com/questions/15063936/csv-error-field-larger-than-field-limit-131072
-csv.field_size_limit(sys.maxsize)
+#csv.field_size_limit(sys.maxsize)
 
 
 def cls():
     """Clear console"""
     os.system('cls' if os.name=='nt' else 'clear')
 
-
 def numProcs(reportname):
     """Number of created processes by executable in report"""
     with open(reportname, "rb") as f:
@@ -66,7 +65,6 @@ def sort(leg=True, reportsDir = "./reports/"):
         print("Filename: ", f)
         print("Progress: {0}/{1}. One process files: {2}. Broken: {3}".format(i, len(dirFiles), num, broken))
 
-
 def dataStats(reportsDir = "./reports/"):
     """Statistics about number of reports"""
     legMulti = glob.glob(reportsDir+"/leg/*.json")
@@ -83,7 +81,7 @@ def dataStats(reportsDir = "./reports/"):
     print("""Malicious files:
      Total: {0}, One-proc: {1}, Multi-proc: {2}, Broken: {3} """
      .format(len(malBroken+malMulti+malOne), len(malOne), len(malMulti), len(malBroken)))
-    print("Woking samples: {0}".format(len(malMulti+malOne+legMulti+legOne)))
+    print("Working samples: {0}".format(len(malMulti+malOne+legMulti+legOne)))
 
 def parseReport(report, numAPIs=None):
     numProcesses = numProcs(report)
@@ -104,7 +102,6 @@ def parseReport(report, numAPIs=None):
         #returns = " ".join(returns)
         yield apis#, statuses, returns
 
-
 def collectDataset(saveto='data.csv', reportsDir = "./reports/", append=False, limitNumAPI=None):
     csvData = [['Malicious', 'API Calls'],]#, 'Statuses', 'Returns'],]
     csvFile = open(saveto, 'w')
@@ -132,7 +129,6 @@ def collectDataset(saveto='data.csv', reportsDir = "./reports/", append=False, l
             writer.writerows([["1", apis]])#, statuses, returns]])
     csvFile.close()
 
-
 def countProcesses(reportsDir = "./reports/", printProcNum = 4, skipLegal=False):
     """Count processes in reports and print reports with provided number of processes
     Also write to reports/malprocs.json the malicious files and the number of procs to analyze them manually"""
@@ -180,7 +176,6 @@ def countProcesses(reportsDir = "./reports/", printProcNum = 4, skipLegal=False)
     print("In Malicious reports: {0}".format(malProcNum))
     print("Total: {0}".format({ k: legalProcNum.get(k, 0) + malProcNum.get(k, 0) for k in set(legalProcNum) | set(malProcNum) }))
 
-
 def hashSortAPI(data, saveto):
     csvData = [['Malicious', 'API Calls'],]
     saveFile = open(saveto, mode='w+')

reports/sort.py

@@ -1,8 +1,22 @@
 import os
 import shutil
 
-for f in os.listdir("./"):
-    if f[:3] == "mal":
-        shutil.move(f, "./mal/")
-    elif f[:3] == "leg":
-        shutil.move(f, "./leg/")
+def move():
+    for f in os.listdir("./out"):
+        if f[:3] == "mal":
+            shutil.move(f, "./mal/")
+        elif f[:3] == "leg":
+            shutil.move(f, "./leg/")
+
+def count():
+    leg, mal = 0, 0
+    for f in os.listdir("reports/out"):
+        if f[:3] == "mal":
+            mal += 1
+        elif f[:3] == "leg":
+            leg += 1
+    print("Legal files: ", leg)
+    print("Malicious files: ", mal)
+
+if __name__ == "__main__":
+    count()