diff options
Diffstat (limited to 'tests/analysis')
-rw-r--r-- | tests/analysis/scan/pyapi.py | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/tests/analysis/scan/pyapi.py b/tests/analysis/scan/pyapi.py index e81e947..cfd12b3 100644 --- a/tests/analysis/scan/pyapi.py +++ b/tests/analysis/scan/pyapi.py @@ -165,6 +165,7 @@ class TestRostPythonAPI(ChrysalideTestCase): # Example : # - ?? (2021) - https://www.threatspike.com/blogs/reflective-dll-injection + # - Mustang Panda (2022) - https://blog.talosintelligence.com/mustang-panda-targets-europe/ mod = find_token_modifiers_for_name('ror13') self.assertIsNotNone(mod) @@ -174,6 +175,23 @@ class TestRostPythonAPI(ChrysalideTestCase): self.assertEqual(b2i(transformed[0]), 0x7c0dfcaa) + source = b'VirtualAlloc' + transformed = mod.transform(source) + + self.assertEqual(b2i(transformed[0]), 0x91afca54) + + + # Example + # - Energetic Bear (2019) - https://insights.sei.cmu.edu/blog/api-hashing-tool-imagine-that/ + + mod = find_token_modifiers_for_name('sll1-add-hash32') + self.assertIsNotNone(mod) + + source = b'LoadLibraryA' + transformed = mod.transform(source) + + self.assertEqual(b2i(transformed[0]), 0x000d5786) + def testBytePatternModifiersAPI(self): """Validate the API for pattern modifiers.""" |