bintropy.entropy fails for x86-64 malware binary
nikhilh-20 opened this issue · comments
Malware sample link: https://bazaar.abuse.ch/sample/26ccf2824534d812c14a59783db85916a03da86ec65e86fc4b356657405080c7/
bintropy.entropy() on v1.3.7 fails to return average and highest block entropy for ELF malware: 26ccf2824534d812c14a59783db85916a03da86ec65e86fc4b356657405080c7 and that causes bintropy.bintropy(<sample_path>, decide=False) to fail.
$ pip freeze | grep bintropy
bintropy==1.3.7
In [1]: import bintropy
In [2]: with open("26ccf2824534d812c14a59783db85916a03da86ec65e86fc4b356657405080c7.elf", "rb") as f:
...: exe = f.read()
...:
In [3]: bintropy.entropy(exe, blocksize=256, ignore_half_block_zeros=True)
Out[3]: 4.275011364621254
In [4]: bintropy.bintropy("26ccf2824534d812c14a59783db85916a03da86ec65e86fc4b356657405080c7.elf", decide=False)
---------------------------------------------------------------------------
TypeError Traceback (most recent call last)
Cell In[5], line 1
----> 1 bintropy.bintropy(sample_path, decide=False)
File ~/venv/lib/python3.8/site-packages/bintropy/__init__.py:126, in bintropy(executable, mode, blocksize, ignore_half_block_zeros, decide, threshold_average_entropy, threshold_highest_entropy, logger, **kwargs)
124 else:
125 try:
--> 126 return max([x for x in e[0] if x is not None]), e[1]
127 except ValueError: # occurs when ignore_half_block_zeros=True and all the blocks have more than half of
128 return 0., 0. # their bytes being zeros
TypeError: 'float' object is not subscriptable
Hi @nikhilh-20
Thank you for mentioning this. This is fixed in version 1.4.1.