예제 #1
0
        public ResContainer ParseResVerbose()
        {
            ResContainer resCont = new ResContainer();
            var          logFile = File.ReadAllLines(ResFname);

            foreach (var line in logFile)
            {
                try {
                    float rate = float.Parse(line);
                    Console.WriteLine("#####################RATE " + rate.ToString());
                    if (rate == 1)
                    {
                        break;
                    }
                    if (rate > 0.2)
                    {
                        resCont.isMalware = true;
                        resCont.suspiciousAttr.Add(line);
                        break;
                    }
                    if (rate > 0.1)
                    {
                        resCont.isSuspicious = true;
                        resCont.suspiciousAttr.Add(line);
                        break;
                    }
                } catch (Exception e) {
                    Console.WriteLine("Exception caught.");
                }
            }
            return(resCont);
        }
예제 #2
0
        public ResContainer ParseResVerbose()
        {
            ResContainer resCont = new ResContainer();
            var          logFile = File.ReadAllLines(ResFname);

            foreach (var line in logFile)
            {
                if (line.Contains("LoadLibraryExW"))
                {
                    resCont.isSuspicious = true;
                }
                if (line.Contains("WinExec"))
                {
                    resCont.isSuspicious = true;
                }
                if (line.Contains("ReadProcessMemory"))
                {
                    resCont.isSuspicious = true;
                }
                if (line.Contains("WriteProcessMemory"))
                {
                    resCont.isSuspicious = true;
                }
                if (line.Contains("SetWindowsHookExA"))
                {
                    resCont.isSuspicious = true;
                }
                if (line.Contains("IsDebuggerPresent"))
                {
                    resCont.isMalware = true;
                }
                if (line.Contains("CreateServiceA"))
                {
                    resCont.isSuspicious = true;
                }
                if (line.Contains("GetSystemDirectoryW"))
                {
                    resCont.isSuspicious = true;
                }
                if (line.Contains("GetSystemTime"))
                {
                    resCont.isSuspicious = true;
                }
            }
            return(resCont);
        }
예제 #3
0
        public ResContainer ParseResVerbose()
        {
            ResContainer resCont = new ResContainer();
            var          logFile = File.ReadAllLines(ResFname);

            foreach (var line in logFile)
            {
                if (line.Contains("suspicious"))
                {
                    resCont.isSuspicious = true;
                }
                if (line.Contains("malware"))
                {
                    resCont.isMalware = true;
                }
                if (line.Contains("too many matches"))
                {
                    resCont.isMalware = true;
                }
                resCont.suspiciousAttr.Add(line);
            }
            return(resCont);
        }