Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable static analysis view on WebUI if FSG2.0 packer #2706



None yet
2 participants
Copy link

commented Apr 1, 2019

Hi cuckoo team

I created PR about the improvement of static analysis viewer.

What I have added/changed is:

to add FSG packer's pattern in

Before this changes, static analysis result on WebUI is shown as " No static analysis available. " when we analyse FSG packed file.

Because FSG DoS header is like below. This doesn't include the data of PE header's offset(usually 0x40).
Thus, file type is recognised as "MS-DOS executable", however this file is PE and we could use _pe32.html. This characteristic is found on FSG 1.33 ~ 2.0 packers.

00000000 4d 5a 00 00 00 00 00 00 00 00 00 00 50 45 00 00 |MZ..........PE..|
00000010 4c 01 02 00 46 53 47 21 00 00 00 00 00 00 00 00 |L...FSG!........|
00000020 e0 00 8f 81 0b 01 00 00 00 f4 03 00 00 c2 00 00 |................|

The goal of my change is:

To enable cuckoo to show static analysis view on WebUI about FSG packer.

What I have tested about my change is:

I have tested this code on my local cuckoo 2.0.6.

Kind Regards,

@jbremer jbremer merged commit b8e859d into cuckoosandbox:master Jun 13, 2019

1 check was pending

continuous-integration/travis-ci/pr The Travis CI build is in progress
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.