Added summary description and option names

analyzer/windows/modules/packages/Shellcode-Unpacker.py

@@ -14,6 +14,10 @@
 class Shellcode_Unpacker(Package):
     """32-bit Shellcode Unpacker package."""
 
+    summary = "Executes 32-bit Shellcode using loader.exe with the unpacker option"
+    description = """Uses bin\\loader.exe shellcode [offset] <sample> with the option unpacker=1"
+    to execute 32-bit Shellcode"""
+
     def __init__(self, options=None, config=None):
         """@param options: options dict."""
         if options is None:

analyzer/windows/modules/packages/Shellcode.py

@@ -11,6 +11,10 @@
 class Shellcode(Package):
     """32-bit Shellcode analysis package."""
 
+    summary = "Executes 32-bit Shellcode using loader.exe"
+    description = "Uses bin\\loader.exe shellcode [offset] <sample> to execute 32-bit Shellcode"
+    option_names = ("offset",)
+
     def __init__(self, options=None, config=None):
         """@param options: options dict."""
         if options is None:

analyzer/windows/modules/packages/Shellcode_x64.py

@@ -11,6 +11,10 @@
 class Shellcode_x64(Package):
     """64-bit Shellcode analysis package."""
 
+    summary = "Executes 64-bit Shellcode using loader_x64.exe"
+    description = "Uses bin\\loader_x64.exe shellcode [offset] <sample> to execute 64-bit Shellcode"
+    option_names = ("offset",)
+
     def __init__(self, options=None, config=None):
         """@param options: options dict."""
         if options is None:

analyzer/windows/modules/packages/Unpacker.py

@@ -12,6 +12,10 @@ class Unpacker(Package):
     # PATHS = [
     #    ("SystemRoot", "system32"),
     # ]
+    summary = """Executes .exe files with the unpacker option."""
+    description = """Executes the sample with the unpacker option.
+    The .exe extension will be added automatically."""
+    option_names = ("arguments",)
 
     def __init__(self, options=None, config=None):
         """@param options: options dict."""

analyzer/windows/modules/packages/Unpacker_dll.py

@@ -15,6 +15,10 @@ class Unpacker_dll(Package):
     PATHS = [
         ("SystemRoot", "system32", "rundll32.exe"),
     ]
+    summary = """Executes .dll files using rundll32.exe."""
+    description = """Uses rundll32.exe with the "/wait" option to run a .lnk file.
+    The .dll extension will be added automatically."""
+    option_names = ("function", "arguments", "dllloader")
 
     def __init__(self, options=None, config=None):
         """@param options: options dict."""

analyzer/windows/modules/packages/Unpacker_js.py

@@ -13,6 +13,9 @@ class Unpacker_JS(Package):
     PATHS = [
         ("SystemRoot", "system32", "wscript.exe"),
     ]
+    summary = """Executes .JS files using wscript.exe."""
+    description = """Uses wscript.exe to run a .js/.jse file.
+    The appropriate extension will be added automatically."""
 
     def __init__(self, options=None, config=None):
         """@param options: options dict."""

analyzer/windows/modules/packages/Unpacker_ps1.py

@@ -12,6 +12,10 @@ class PS1(Package):
     PATHS = [
         ("SystemRoot", "system32", "WindowsPowerShell", "v*.0", "powershell.exe"),
     ]
+    summary = """Executes sample files with powershell."""
+    description = """Uses powershell -NoProfile -ExecutionPolicy bypass -File <sample>
+    to run a .ps1 file.
+    The .ps1 extension will be added automatically."""
 
     def __init__(self, options=None, config=None):
         """@param options: options dict."""

analyzer/windows/modules/packages/Unpacker_regsvr.py

@@ -12,6 +12,10 @@ class Unpacker_Regsvr(Package):
     PATHS = [
         ("SystemRoot", "system32", "regsvr32.exe"),
     ]
+    summary = """Executes DLL files using regsvr32.exe."""
+    description = """Uses regsvr32.exe to run a .dll file.
+    The .dll extension will be added automatically."""
+    option_names = ("arguments",)
 
     def __init__(self, options=None, config=None):
         """@param options: options dict."""

analyzer/windows/modules/packages/Unpacker_zip.py

@@ -24,6 +24,11 @@ class Unpacker_zip(Package):
     PATHS = [
         ("SystemRoot", "system32", "cmd.exe"),
     ]
+    summary = """Unzip a file with the supplied password, execute its contents."""
+    description = """Extract the sample from a zip file. If the file name is not
+    supplied in the 'file" option, the first file in the zip is taken.
+    The appropriate extension will be added automatically."""
+    option_names = ("file", "password", "function", "arguments", "dllloader")
 
     def __init__(self, options=None, config=None):
         """@param options: options dict."""

analyzer/windows/tests/test_analysis_packages.py

@@ -16,10 +16,6 @@ def class_from_analysis_package(self, module_name):
         self.assertEqual(1, len(pkg_classes))
         cls = pkg_classes[0]
         self.assertTrue(issubclass(cls, Package))
-        # self.assertIsInstance(str, cls.summary)
-        # self.assertGreater(len(cls.summary), 0)
-        # self.assertIsInstance(str, cls.description)
-        # self.assertGreater(len(cls.description), 0)
         return cls
 
     def test_choose_package_Shellcode_Unpacker(self):
@@ -28,35 +24,49 @@ def test_choose_package_Shellcode_Unpacker(self):
 
     def test_Shellcode(self):
         pkg_class = self.class_from_analysis_package("modules.packages.Shellcode")
-        pkg_class()
+        obj = pkg_class()
+        self.assertEqual("offset", obj.option_names[0])
+        expected_summary = """Uses firefox (or iexplore) to open a java applet."""
+        self.assertEqual(expected_summary, obj.summary)
 
     def test_Shellcode_x64(self):
         pkg_class = self.class_from_analysis_package("modules.packages.Shellcode_x64")
         pkg_class()
 
     def test_Unpacker(self):
         pkg_class = self.class_from_analysis_package("modules.packages.Unpacker")
-        pkg_class()
+        obj = pkg_class()
+        expected_summary = """Executes .exe files with the unpacker option."""
+        self.assertEqual(expected_summary, obj.summary)
 
     def test_Unpacker_dll(self):
         pkg_class = self.class_from_analysis_package("modules.packages.Unpacker_dll")
-        pkg_class()
+        obj = pkg_class()
+        self.assertEqual("function", obj.option_names[0])
+        self.assertEqual("arguments", obj.option_names[1])
+        self.assertEqual("dllloader", obj.option_names[2])
 
     def test_Unpacker_js(self):
         pkg_class = self.class_from_analysis_package("modules.packages.Unpacker_js")
-        pkg_class()
+        obj = pkg_class()
+        expected_summary = """Executes .JS files using wscript.exe."""
+        self.assertEqual(expected_summary, obj.summary)
 
     def test_Unpacker_ps1(self):
         pkg_class = self.class_from_analysis_package("modules.packages.Unpacker_ps1")
-        pkg_class()
+        obj = pkg_class()
+        expected_summary = """Executes sample files with powershell."""
+        self.assertEqual(expected_summary, obj.summary)
 
     def test_Unpacker_regsvr(self):
         pkg_class = self.class_from_analysis_package("modules.packages.Unpacker_regsvr")
         pkg_class()
 
     def test_Unpacker_zip(self):
         pkg_class = self.class_from_analysis_package("modules.packages.Unpacker_zip")
-        pkg_class()
+        obj = pkg_class()
+        expected_summary = """Unzip a file with the supplied password, execute its contents."""
+        self.assertEqual(expected_summary, obj.summary)
 
     def test_access(self):
         pkg_class = self.class_from_analysis_package("modules.packages.access")
@@ -168,7 +178,7 @@ def test_js_antivm(self):
     def test_lnk(self):
         pkg_class = self.class_from_analysis_package("modules.packages.lnk")
         obj = pkg_class()
-        self.assertEqual("Executes .lnk files using cmd.exe", obj.summary)
+        self.assertEqual("Executes .lnk files using cmd.exe.", obj.summary)
 
     def test_mht(self):
         pkg_class = self.class_from_analysis_package("modules.packages.mht")