fix: patch peframe tostring() for Python 3.9+ compatibility (#3621)

[Abhishek9639]

Closes #3621

Description

The PeFrame analyzer was failing on PE file analysis because peframe-ds==6.1.0 uses array.array.tostring() in its features.py module, which was removed in Python 3.9+. Since the malware_tools_analyzers container runs Python 3.11, PeFrame crashes with AttributeError: 'array.array' object has no attribute 'tostring' whenever it tries to analyze a valid PE file.

The issue is on the analyzer side, not specific to any sample.

Fixed by adding a sed patch in the Dockerfile to replace .tostring() with .tobytes() after pip install.

Type of change

• Bug fix (non-breaking change which fixes an issue).

Checklist

• I have read and understood the rules about how to Contribute to this project
• The pull request is for the branch develop
• Linters (Run) gave 0 errors. If you have correctly installed pre-commit, it does these checks and adjustments on your behalf.

[Abhishek9639]

Greetings @mlodic,
This is ready for review. The issue was analyzer-related peframe-ds uses array.tostring() which was removed in Python 3.9+, so it crashes on every PE file since the container runs Python 3.11. Fixed it with a sed patch in the Dockerfile.
If any changes are needed, please let me know. I will make them.
Thanks

[mlodic]

please add a comment about this in the dockerfile and also show a working analysis of the analyzer

[Abhishek9639]

Added the comment in the Dockerfile. Here's the working analysis after the fix.

[mlodic]

ok but why no analysis from the GUI?

[Abhishek9639]

Greetings @mlodic,
Here's the working analysis from the GUI:

PEframe_Scan ran successfully on a PE file (test_valid.exe) through IntelOwl. The analyzer produced a full report with peinfo, features, yara_plugins, hashes, etc.