Giters

guelfoweb / peframe

PEframe is a open source tool to perform static analysis on Portable Executable malware and malicious MS Office documents.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Peframe err

gbiagomba opened this issue · comments

commented

Hello,

I tried running peframe and i keep getting the below error. I am running MacOSX 10.15.6 Darwin Kernel Version 19.6.0: Thu Jun 18 20:49:00 PDT 2020; root:xnu-6153.141.1~1/RELEASE_X86_64 x86_64. I did try running it on my kali vm and i got the same err

Traceback (most recent call last):
  File "/usr/local/bin/peframe", line 33, in <module>
    sys.exit(load_entry_point('peframe==6.0.3', 'console_scripts', 'peframe')())
  File "/usr/local/bin/peframe", line 25, in importlib_load_entry_point
    return next(matches).load()
  File "/usr/local/Cellar/python@3.9/3.9.1_7/Frameworks/Python.framework/Versions/3.9/lib/python3.9/importlib/metadata.py", line 77, in load
    module = import_module(match.group('module'))
  File "/usr/local/Cellar/python@3.9/3.9.1_7/Frameworks/Python.framework/Versions/3.9/lib/python3.9/importlib/__init__.py", line 127, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 1030, in _gcd_import
  File "<frozen importlib._bootstrap>", line 1007, in _find_and_load
  File "<frozen importlib._bootstrap>", line 986, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 680, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 790, in exec_module
  File "<frozen importlib._bootstrap>", line 228, in _call_with_frames_removed
  File "/usr/local/lib/python3.9/site-packages/peframe-6.0.3-py3.9.egg/peframe/peframecli.py", line 289, in <module>
    result = peframe.analyze(filename)
  File "/usr/local/lib/python3.9/site-packages/peframe-6.0.3-py3.9.egg/peframe/peframe.py", line 143, in analyze
    "features": features.get_result(pe, filename),
  File "/usr/local/lib/python3.9/site-packages/peframe-6.0.3-py3.9.egg/peframe/modules/features.py", line 110, in get_result
    "xor": get_xor(filename),
  File "/usr/local/lib/python3.9/site-packages/peframe-6.0.3-py3.9.egg/peframe/modules/features.py", line 37, in get_xor
    key_delta = xor_delta(search_string, l)
  File "/usr/local/lib/python3.9/site-packages/peframe-6.0.3-py3.9.egg/peframe/modules/features.py", line 21, in xor_delta
    return delta.tostring()[:-key_len]
AttributeError: 'array.array' object has no attribute 'tostring'
commented

array.array: tostring() and fromstring() methods have been removed. They were aliases to tobytes() and frombytes(), deprecated since Python 3.2. (Contributed by Victor Stinner in bpo-38916.)

cf. https://docs.python.org/3/whatsnew/3.9.html

If you can run it using python 3.8 or less it should work, otherwise we may need to suggest a patch through a pull request (just did it).

commented

Alright, I just modified my peframe install to use python3.8