前提

突然收到比较多数量的PE文件分析要去,通过文件大小和ImpHash进行分类,避免重复分析😣

🐍Python🐍

逻辑

  1. 遍历文件夹
  2. 获取文件MD5
  3. 获取ImpHash

image.png

代码

  1. #coding=utf-8
  2. import os
  3. import hashlib
  4. import pefile
  6. def GetFileMD5(filename):
  7.     if not os.path.isfile(filename):
  8.         print(filename)
  9.         return
  10.     strMD5 = hashlib.md5()
  11.     f = open(filename, 'rb')
  12.     while True:
  13.         fContent = f.read()
  14.         if not fContent:
  15.             break
  16.         strMD5.update(fContent)
  17.     f.close()
  18.     return strMD5.hexdigest().upper()
  20. def EnumFile(dir):
  21.     for home, dirs, files in os.walk(dir):
  22.         for dir in dirs:
  23.             print(dir)
  24.         for filename in files:
  25.             pathFile = os.path.join(home, filename)
  26.             nameNew = GetFileMD5(pathFile)
  27.             #print(pathFile)
  28.             print("MD5:", nameNew)
  29.             ImpHash = GetImpHash(pathFile)
  30.             print("ImpHash:", ImpHash)
  31.             #os.rename(pathFile, nameNew)
  33. def GetImpHash(filename):
  34.     file = pefile.PE(filename)
  35.     return file.get_imphash().upper()
  37. path = "路径"
  39. if __name__ == "__main__":
  40.     EnumFile(path)

升级

后因为要可视化成图表,新写了另一个Python:
数据处理 | pandas处理数据后输出为Excel表格