1
2
3
4
5 import logging
6 from _winreg import OpenKey, SetValueEx
7 from _winreg import HKEY_LOCAL_MACHINE, KEY_SET_VALUE, REG_SZ
8
9 from lib.common.abstracts import Auxiliary
10 from lib.common.rand import random_integer
11
12 log = logging.getLogger(__name__)
13
15 """Disguise the analysis environment."""
16
18 """Randomizes Windows ProductId.
19 The Windows ProductId is occasionally used by malware
20 to detect public setups of Cuckoo, e.g., Malwr.com.
21 """
22 key = OpenKey(HKEY_LOCAL_MACHINE,
23 "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
24 0, KEY_SET_VALUE)
25
26 value = "{0}-{1}-{2}-{3}".format(random_integer(5), random_integer(3),
27 random_integer(7), random_integer(5))
28
29 SetValueEx(key, "ProductId", 0, REG_SZ, value)
30
34