public Thread StartStaticAnalyzeThread(string _method, string _target, StaticAnalyzeCppWrap _StaticAnalyzeCppWrapInst, System.Windows.Forms.NotifyIcon _notifyIcon)
{
var t = new Thread(() => StaticAnalyzeThreadFunc(_method, _target, _StaticAnalyzeCppWrapInst, _notifyIcon));
t.Start();
return(t);
}
private static void StaticAnalyzeThreadFunc(string _method, string _target, StaticAnalyzeCppWrap _StaticAnalyzeCppWrapInst, System.Windows.Forms.NotifyIcon _notifyIcon)
{
IToolResParse resParser = GetTool(_method, _target);
if (_method == "csharp")
{
string[] args_arr = new string[] { _target };
de4dot.cui.Program.Main(args_arr);
}
else if (_method == "cpp")
{
string _toolpath = @"..\..\..\__LIBS\Manalyze\bin\manalyze.exe";
string _argflags = "--output=json --hashes --plugins=all";
string _fext = ".cpp.res.txt";
SAManager.RunToolOutCapture(_target, _toolpath, _argflags, _fext);
}
else if (_method == "yara")
{
string _toolpath = @"..\..\..\__LIBS\YARA\yara64.exe";
string _argflags = @"..\..\..\__LIBS\YARA\rules\index.yar -w";
string _fext = ".yara.res.txt";
SAManager.RunToolOutCapture(_target, _toolpath, _argflags, _fext);
}
ResContainer res = resParser.ParseResVerbose();
_notifyIcon.Visible = true;
string appInfo = string.Empty;
if (res.isMalware)
{
_notifyIcon.ShowBalloonTip(5000, "Malware App", "Malware App: " + _target, System.Windows.Forms.ToolTipIcon.Error);
appInfo = String.Join("\n", res.suspiciousAttr.ToArray());
}
if (res.isSuspicious)
{
_notifyIcon.ShowBalloonTip(5000, "Suspitious App", "Suspicious App: " + _target, System.Windows.Forms.ToolTipIcon.Warning);
appInfo = String.Join("\n", res.suspiciousAttr.ToArray());
}
else
{
_notifyIcon.ShowBalloonTip(5000, "Nothing Suspitious in App", "App: " + _target, System.Windows.Forms.ToolTipIcon.Info);
}
}