MalwareAnalysis.py

import pefile
import hashlib
import string
import binascii
import os
from OTXv2 import OTXv2, IndicatorTypes

OTX_API_KEY = ""
filename = ""

def hex_editor(filename):
    with open(filename, "rb") as file:
        hex_lines = [binascii.b2a_hex(file.read(16)).decode('utf-8') for _ in iter(lambda: file.read(1), b'')]
    return '\n'.join(['\t'.join(hex_lines[i:i+16]) for i in range(0, len(hex_lines), 16)])

def get_file_hashes(filename):
    with open(filename, mode="rb") as file:
        content = file.read()
        return hashlib.md5(content).hexdigest(), hashlib.sha256(content).hexdigest(), hashlib.sha1(content).hexdigest()

def get_imports(pe):
    return [(dll.dll.decode('utf-8'), [func.name.decode('utf-8') for func in dll.imports]) for dll in pe.DIRECTORY_ENTRY_IMPORT]

def get_alien_vault_result(otx, md5_hash):
    return otx.get_indicator_details_full(IndicatorTypes.FILE_HASH_MD5, md5_hash)

def get_strings(filename, min_length=8):
    with open(filename, errors="ignore") as file:
        return (result for result in file.read().split() if len(result) >= min_length)

if __name__ == "__main__":
    size = os.path.getsize(filename)
    print("File size:", size)

    pe = pefile.PE(filename)
    md5_hash, sha256_hash, sha1_hash = get_file_hashes(filename)
    print("File hashes:\nMD5:", md5_hash, "\nSHA-256:", sha256_hash, "\nSHA-1:", sha1_hash)
    print("Imphash:", pe.get_imphash())

    for dll, functions in get_imports(pe):
        print(dll)
        print('\n'.join(functions))

    otx = OTXv2(OTX_API_KEY, server='https://otx.alienvault.com/')
    alien_vault_result = get_alien_vault_result(otx, md5_hash)
    print("Alienvault Result:\n", alien_vault_result)

    print("String Result:")
    for string_line in get_strings(filename):
        print(string_line)

    print("File Hex Editor:")
    try:
        print(hex_editor(filename))
    except Exception as e:
        print("Error:", e)