46 # include <winsock2.h>
50 using namespace dca_malware;
52 const std::string S_ToolName =
"malwaresample";
53 const std::string S_ToolVersion =
"1.0";
60 "<dca-redist-folder> <ticket> <product> <input-file>\n"
61 " dca-redist-folder - the folder where the DCA is installed\n"
62 " ticket - a valid ticket\n"
63 " product - the product associated with your ticket\n"
64 " input-file - a file with sample hashes\n\n"
72 # define DCA_BINDIR "bin/Win32"
74 # define DCA_BINDIR "bin/linux"
81 #define DCA_INITDIR "init"
86 #define DCA_LOGDIR "./logs"
98 static void SetupInitData(
const std::string& strRedistFolder,
117 static bool StartupLibraries()
122 WORD wVersionRequested = MAKEWORD( 2, 2 );
124 int err = WSAStartup( wVersionRequested, &wsaData );
126 std::cout <<
"Error on WSAStartup (" << err <<
") occured, aborting" <<
144 static void ShutdownLibraries()
165 const std::string& strProduct,
168 aLicenseData.
ticket = strTicket;
169 aLicenseData.
product = strProduct;
193 static void PrintDbConnectionInfo(
const DbConnection& aDbConnection )
198 std::cout <<
"Malware Database Version: " << databaseInformation.
versionString
211 struct tm *expirationTime = localtime( &expirationDate );
213 std::cout <<
"License Info:" << std::endl;
214 std::cout <<
" DCA is " << ( aLicense.
isLicensed() ?
"licensed." :
215 "not licensed." ) << std::endl;
216 std::cout <<
" MaxUsers:" << aLicense.
getMaxUsers() <<
220 std::cout <<
" Ticket:" << aLicense.
getTicket() <<
222 std::cout <<
" Session:" << aLicense.
getSession() <<
226 std::cout <<
" Expiration Date:" << asctime( expirationTime ) <<
236 std::cout <<
"IBM DCA Sample: " << S_ToolName <<
" (" << S_ToolVersion <<
246 static void PrintUsage(
const char *pSampleName )
248 std::cout << pSampleName <<
" usage:" << std::endl;
265 const std::string& strIndent =
"",
266 const std::string& strValueDesc =
"" )
271 int myValue = aMalwareClassificationResult.
value;
276 std::cout << strIndent <<
"MalwareCategory '" << myMalwareCategory.
name() <<
277 "' (id=" << myCatId <<
")" << std::endl;
282 if( numOfEnums > 0 ) {
284 int enumId = myMalwareCategory.
enumByValue( myValue );
287 std::cout << strIndent <<
"\t MalwareEnum '" << myMalwareEnum.
name() <<
"' (id=" <<
288 enumId <<
")" << std::endl;
292 std::cout << strIndent <<
"\tValue " << myValue << strValueDesc << std::endl;
307 std::cout <<
"Results: Unknown" << std::endl;
311 std::cout <<
"Results: None" << std::endl;
317 std::cout <<
"Results (" << numOfResults <<
") categories" << std::endl;
324 PrintResult( myMalwareClassificationResult, myMalwareCategories, myMalwareEnums );
336 void DoCallMalwareClassification(
const std::vector<std::string>& aHashStrings,
340 std::vector< std::string >::const_iterator I = aHashStrings.begin();
341 std::vector< std::string >::const_iterator IEnd = aHashStrings.end();
346 for( ; I != IEnd; ++I ) {
347 const std::string& strHash = *I;
349 std::cout << std::endl <<
"MALWARE Classification ('" << strHash <<
"')..." << std::endl;
350 unsigned char hashBuffer[33] = {
351 0, 0, 0, 0, 0, 0, 0, 0,
352 0, 0, 0, 0, 0, 0, 0, 0,
353 0, 0, 0, 0, 0, 0, 0, 0,
354 0, 0, 0, 0, 0, 0, 0, 0,
357 const char* hashPtr = strHash.c_str();
359 if (strHash.length() >= 64 && hashPtr) {
361 for (
int i = 0; i < 32; i++) {
362 unsigned char value = 0;
363 char char0 = *(hashPtr + (2*i));
364 char char1 = *(hashPtr + (2*i) + 1);
365 if (char0 >=
'A' && char0 <=
'F') {
368 if (char0 >=
'0' && char0 <=
'9') {
369 value = (
unsigned char)((char0 -
'0') << 4);
371 else if (char0 >=
'a' && char0 <=
'f') {
372 value = (
unsigned char)((char0 -
'A' + 10) << 4);
377 if (char1 >=
'A' && char1 <=
'F') {
380 if (char1 >=
'0' && char1 <=
'9') {
381 value |= ( (char1 -
'0') & 0x0fU );
383 else if (char1 >=
'a' && char1 <=
'f') {
384 value |= ( (char1 -
'A' + 10) & 0x0fU );
390 hashBuffer[i] = value;
396 const Hash myHash(hashBuffer, 32);
398 myFR = aMalwareClassifier.
classify( myHash, myMalwareClassificationResults );
404 else PrintResults( myMalwareClassificationResults, aMalwareCategoriesInfo );
419 const std::string& strFileName )
421 std::ifstream fstream( strFileName.c_str(), std::ios::in );
422 if ( !fstream.is_open() ) {
423 std::cout <<
"Error: File '" << strFileName <<
"' could not be opened!" << std::endl;
428 std::vector< std::string > myHashStrings;
430 while( std::getline( fstream, strLine ) ) {
431 if( strLine.empty() )
435 while( strLine[strLine.length()-1] ==
'\r' ||
436 strLine[strLine.length()-1] ==
'\n' )
437 strLine.erase( strLine.length() - 1 );
439 if( strLine.empty() )
442 if( strLine[0] ==
'#' )
446 myHashStrings.push_back( strLine );
451 if( !myHashStrings.empty() )
452 DoCallMalwareClassification( myHashStrings, aMalwareClassifier, aMalwareCategoriesInfo );
454 std::cout <<
"Could not read any hash from file!" << std::endl;
465 int main(
int argc,
char *argv[] )
477 std::string strRedistFolder = argv[ 1 ];
478 const std::string strTicket = argv[ 2 ];
479 const std::string strProduct = argv[ 3 ];
480 const std::string strFileName = argv[ 4 ];
482 if( strRedistFolder.empty() ||
484 strProduct.empty() ||
485 strFileName.empty() )
492 const char c = strRedistFolder[ strRedistFolder.length() - 1 ];
493 if( c !=
'/' && c !=
'\\' )
494 strRedistFolder +=
"/";
497 if( !StartupLibraries() )
516 if( myLicense.
isLicensed( MalwareClassification::ID ) ) {
519 MalwareClassification::create( myDca, myLicense );
522 SetupConnectionData( myDbConnectionData );
528 PrintDbConnectionInfo( myDbConnection );
533 myMalwareDbClassifierOptions.enable_Feedback =
false;
535 myMalwareClassification.
createDbClassifier( myDbConnection, myMalwareDbClassifierOptions );
543 TestMalwareClassification( myClassifier, myCategoriesInfo,
550 catch(
const ExDca& ex ) {
551 std::cerr <<
"DCA Exception occured. Details: " << ex.
getDescription()
555 catch(
const std::exception& s ) {
556 std::cerr <<
"std::exception occured. Details: " << s.what() <<
"." <<
561 std::cerr <<
"Unknown exception caught." << std::endl;
The result item of a Malware classification.
MalwareCategory byId(DCA_CATEGORY_ID_TYPE catid) const
Returns the category with the given category id.
Is used to create a License object. A license first must be created with DcaInstance::createLicense t...
Main class for the Malware classification.
Exception class used in the DCA.
Definition of the Hash class.
DCA_CATEGORY_ID_TYPE categoryId
A Malware category id.
void InitCUrl()
Initializes libcurl. Do not use any DCA function before initializing libcurl.
std::string initDir
the directory in which the DCA init files are stored
This header includes all header files of the Malware Classification Package.
int getMaxSessions() const
Returns the maximum allowed sessions associated with your ticket/license.
time_t getExpirationDate() const
Returns the expiration date of the license in UTC.
std::string getDescription() const
Returns a description of the error.
The MalwareCategory class contains information for a single category.
DatabaseInformation getDatabaseInformation() const
Returns information about the underlying database.
DCA_RESULT_TYPE getReturnCode() const
Returns the last error code (if any).
static void SetupInitData(const std::string &redist_folder, InitData &initData)
Sets up the given initData by substituting the given redist_folder with DCA subdirectories.
Container class for all Malware enumeration objects.
std::string binDir
the directory in which the DCA binary (*.dca) files are stored
This header includes initialization/deinitialization support functions for the 3rd party libraries us...
std::string name(const std::string &localeString=std::string()) const
Returns the localized (display) name of the category.
void SetOpenSslCallbacks()
Initializes the required callbacks for OpenSSL when using HTTPS or SSL connections in a multi-threade...
const DbType DBT_Malware
Used to specify an Malware Classification database when creating a dca::DbConnection instance.
Stores the connection data for a database.
void UnsetOpenSslCallbacks()
Unsets the openssl callbacks. Do not call any DCA function after you have called this function.
DCA_ENUM_ID_TYPE enumByValue(int value) const
Returns the id of an enum item associated with the current MalwareCategory.
int getMaxUsers() const
Returns the maximum allowed users associated with your ticket/license.
void DeinitCUrl()
Deinitializes libcurl. Do not call any DCA function after you have called this function.
Database connection class for a local or remote database.
#define DCA_LOGDIR
Relative directory for logfile(s).
Definition of a container class for MalwareEnum objects.
#define DCA_INITDIR
DCA subdirectory of the DCA initialization data.
Malware database classifier class.
DCA_RESULT_TYPE getReturnCode() const
Gets the code of the error.
std::string name(const std::string &localeString=std::string()) const
Returns the localized (display) name of the enumerable item.
DCA_SIZE_TYPE size() const
Returns the number of results in the container.
static void PrintToolHeader()
Prints out the name and the version of this sample.
Use a License to initialize a classification package or a toolbox package.
Results of a Malware classification.
MalwareCategories getCategories() const
Returns the contained MalwareCategories.
bool isLicensed(DCA_MODULE_ID_TYPE id=0, bool force=false) const
Checks whether the given License is valid for the given module id.
static void PrintLicenseInfo(const License &aLicense)
Prints out the information about the provided License.
std::string ticket
The ticket as provided in the license.
This header includes all header files of the DCA Base Package.
bool useLocalDatabase
Set to true to connect to a local or custom database, set to false to use a remote database.
bool isCategorized() const
Returns whether or not the Malware matched one or more categories.
Encapsulates the init and deinit of the DCA API.
std::string product
The product code used with the license.
int DCA_CATEGORY_ID_TYPE
Type for category ids.
std::string logDir
the directory in which the DCA log file should be created
static void PrintUsage(const char *name)
Prints out the syntax of the sample.
std::string getLastMessage() const
Returns the last message received from our license server or if none available the last available mes...
size_t DCA_INDEX_TYPE
Type for index access (used for arrays and collections).
DbType dbType
The type of the database.
std::string getDescription() const
Returns the description for the error or warning.
size_t DCA_SIZE_TYPE
Type for size (used for size of array and collections).
bool isUnknownMalware() const
Returns whether a Malware is known or unknown. A Malware is unknown if it is not contained in the dat...
std::string getTicket() const
Returns the ticket of the license as string.
MalwareCategoriesInfo getCategoriesInfo() const
Retrieve the MalwareCategoriesInfo class.
#define DCA_BINDIR
DCA subdirectory of the DCA binaries.
Definition of a container class for MalwareCategory objects.
Standard function result.
dca::FunctionResult classify(const Hash &aHash, MalwareClassificationResults &malwareResults) const
Performs the Malware classification and returns the results.
std::string getSession() const
Returns the session of the license as string.
MalwareDbClassifier createDbClassifier(const dca::DbConnection &aDbConnection, const MalwareDbClassifierOptions &options=MalwareDbClassifierOptions()) const
Create a Malware database classifier. The classifier is created by using the provided database connec...
MalwareEnum byId(DCA_ENUM_ID_TYPE id) const
Returns the MalwareEnums with the given id.
DCA_SIZE_TYPE enumsSize() const
Returns the count of MalwareEnum items associated with current MalwareCategory.
const std::string S_UsageString
Usage string, displayed if a parameter is missing.
DbConnection createDbConnection(const License &aLicense, const DbConnectionData &dbcData, const ProxySettings &proxySettings=ProxySettings(), LogLevel aLogLevel=LOG_Initial) const
Creates a DbConnection object using the given DbConnectionData.
This structure is used to initialize the DcaInstance.
MalwareEnums getEnums() const
Returns the contained MalwareEnums.
static DcaInstance create(const InitData &initData)
Creates a DcaInstance, starts up the DCA API and initializes the required main module.
static void SetupLicense(const std::string &ticket, const std::string &product, LicenseData &licenseData)
Sets up the given licenseData by copying the given ticket and product strings.
int value
The value related to the given category.
The MalwareEnum class describes a single enumerable item (currebtly not used for malware)
License createLicense(const LicenseData &licData, const ProxySettings &proxySettings=ProxySettings(), LogLevel aLogLevel=LOG_Initial) const
Creates a License object using the given LicenseData.
int main(int argc, char *argv[])
The main routine.