CAPEv2
CAPEv2 copied to clipboard
Published
20 hours ago •
kevoreilly
kevoreilly
This does not work... WHY?!
Is 7z in analyzer/windows/bin?
if not os.path.exists(seven_zip_path):
Let's hope it's in the VM image
actors are using LNK files that use relative directory traversal at arbitrary depth.
They expect to find the root of the drive.
https://github.com/kevoreilly/CAPEv2/blob/4f3cd92cc5b89d747df54c3a4e9b09b9606bfcc8/analyzer/windows/modules/packages/archive.py#L149
return self.execute(file_path, self.options.get("arguments"), file_path)
def start(self, path):
# TODO: This does not work... WHY?!
# Is 7z in analyzer/windows/bin?
# seven_zip_path = os.path.join(os.getcwd(), "bin", "7z.exe")
# if not os.path.exists(seven_zip_path):
# Let's hope it's in the VM image
seven_zip_path = self.get_path_app_in_path("7z.exe")
password = self.options.get("password", "")
archive_name = path.split("\\")[-1].split(".")[0]
# We are extracting the archive to C:\\<archive_name> rather than the TEMP directory because
# actors are using LNK files that use relative directory traversal at arbitrary depth.
# They expect to find the root of the drive.
root = os.path.join("C:\\", archive_name)
# Check if root exists already due to the file path
if os.path.exists(root) and os.path.isfile(root):
root = os.path.join("C:\\", "extracted_iso", archive_name)
os.makedirs(root, exist_ok=True)
file_names = self.get_file_names(seven_zip_path, path)
if not len(file_names):
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}