Package modules :: Package auxiliary :: Module disguise
[hide private]
[frames] | no frames]

Source Code for Module modules.auxiliary.disguise

 1  # Copyright (C) 2010-2015 Cuckoo Foundation. 
 2  # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 
 3  # See the file 'docs/LICENSE' for copying permission. 
 4   
 5  import logging 
 6  from _winreg import OpenKey, SetValueEx 
 7  from _winreg import HKEY_LOCAL_MACHINE, KEY_SET_VALUE, REG_SZ 
 8   
 9  from lib.common.abstracts import Auxiliary 
10  from lib.common.rand import random_integer 
11   
12  log = logging.getLogger(__name__) 
13   
14 -class Disguise(Auxiliary):
15 """Disguise the analysis environment.""" 16
17 - def change_productid(self):
18 """Randomizes Windows ProductId. 19 The Windows ProductId is occasionally used by malware 20 to detect public setups of Cuckoo, e.g., Malwr.com. 21 """ 22 key = OpenKey(HKEY_LOCAL_MACHINE, 23 "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", 24 0, KEY_SET_VALUE) 25 26 value = "{0}-{1}-{2}-{3}".format(random_integer(5), random_integer(3), 27 random_integer(7), random_integer(5)) 28 29 SetValueEx(key, "ProductId", 0, REG_SZ, value)
30
31 - def start(self):
32 self.change_productid() 33 return True
34