modules/signatures/creates_exe.py
# Copyright (C) 2010-2012 Cuckoo Sandbox Developers.
# This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org
# See the file 'docs/LICENSE' for copying permission.
from lib.cuckoo.common.abstracts import Signature
class CreatesExe(Signature):
name = "creates_exe"
description = "Creates a Windows executable on the filesystem"
severity = 2
categories = ["generic"]
authors = ["Cuckoo Developers"]
minimum = "0.4"
def run(self, results):
for file_name in results["behavior"]["summary"]["files"]:
if file_name.endswith(".exe"):
self.data.append({"file_name" : file_name})
return True
return False