FileSignatures - Code Metrics - undo-ransomware/ransomware_detection - Measure and Improve Code Quality continuously with Scrutinizer

FileSignatures A
last analyzed 2020-12-20 17:41 UTC

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	61
Duplicated Lines	0 %

Importance

Changes	4
Bugs	0	Features	0

Metric	Value
eloc	48
c	4
b	0
f	0
dl	0
loc	61
rs	10
wmc	1

1 Method

Rating	Name	Duplication	Size	Complexity
A	getSignatures()	0	3	1

<?php

/**
 * @copyright Copyright (c) 2017 Matthias Held <[email protected]>
 * @author Matthias Held <[email protected]>
 * @license GNU AGPL version 3 or any later version
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */

namespace OCA\RansomwareDetection;

use OCA\RansomwareDetection\Analyzer\EntropyResult;

class FileSignatures
{
    /**
     * Signature definition.
     *
     * @var array
     */
    private static $signatures = [
        ['mimeType' => 'application/pdf', 'extensions' => ['pdf'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/25504446/']], 'trailing' => ['offset' => 0, 'bytes' => ['/0a2525454f46/', '/0a2525454f460a/', '/0d0a2525454f460d0a/', '/0d2525454f460d/']]]],
        ['mimeType' => 'image/jpeg', 'extensions' => ['jpg', 'jpeg', 'jfif', 'jpe'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/ffd8ffe000104a46494600/', '/ffd8ffdb/', '/ffd8ffe1[0-9a-f]{4}457869660000/']], 'trailing' => ['offset' => 0, 'bytes' => ['/ffd9/']]]],
        ['mimeType' => 'image/jpg', 'extensions' => ['jp2'], 'signature' => ['trailing' => ['offset' => 0, 'bytes' => ['/0000000c6a5020200d0a/']]]],
        ['mimeType' => '', 'extensions' => ['mp4'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/000000146674797069736f6d/', '/000000186674797033677035/']]]],
        ['mimeType' => '', 'extensions' => ['mov'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/000000146674797071742020/']]]],
        ['mimeType' => '', 'extensions' => ['m4v'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/00000018667479706d703432/']]]],
        ['mimeType' => '', 'extensions' => ['mp4'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/0000001c667479704d534e56012900464d534e566d703432/']]]],
        ['mimeType' => '', 'extensions' => ['m4a'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/00000020667479704d344120/']]]],
        ['mimeType' => '', 'extensions' => ['ttf'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/0001000000/']]]],
        ['mimeType' => '', 'extensions' => ['ppt'], 'signature' => ['starting' => ['offset' => 512, 'bytes' => ['/006E1EF0/', '/0F00E803/']]]],
        ['mimeType' => '', 'extensions' => ['drw'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/07/']]]],
        ['mimeType' => '', 'extensions' => ['xls'], 'signature' => ['starting' => ['offset' => 512, 'bytes' => ['/0908100000060500/']]]],
        ['mimeType' => '', 'extensions' => ['doc'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/0d444f43/']]]],
        ['mimeType' => '', 'extensions' => ['webm'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/1a45dfa3/']]]],
        ['mimeType' => '', 'extensions' => ['mkv','mka', 'mks', 'mk3d', 'webm'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/45dfa3934282886d6174726f736b61/', '/1a45dfa3/']]]],
        ['mimeType' => '', 'extensions' => ['gz', 'tgz', 'vlt'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/1f8b08/']]]],
        ['mimeType' => '', 'extensions' => ['tar'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/1f9d/', '/1fA0/']]]],
        ['mimeType' => '', 'extensions' => ['eps'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/252150532d41646f62652d332e3020455053462d332030/']]]],
        ['mimeType' => '', 'extensions' => ['pdf'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/38425053/']]]],
        ['mimeType' => '', 'extensions' => ['xul'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/3c3f786d6c2076657273696f6e3d22312e30223f3e/']]]],
        ['mimeType' => '', 'extensions' => ['dwg'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/41433130/']]]],
        ['mimeType' => '', 'extensions' => ['vcf'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/424547494E3A56434152440D0A/']]]],
        ['mimeType' => '', 'extensions' => ['bz2', 'tar.bz2', 'tbz2', 'tb2'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/425a68/']]]],
        ['mimeType' => '', 'extensions' => ['iso'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/4344303031/']]]],
        ['mimeType' => '', 'extensions' => ['swf'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/435753/', '/465753/']]]],
        ['mimeType' => '', 'extensions' => ['gif'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/474946383761/', '/474946383961/']], 'trailing' => ['offset' => 0, 'bytes' => ['/003b/']]]],
        ['mimeType' => '', 'extensions' => ['tif', 'tiff'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/492049/', '/49492a00/', '/4d4d002a/', '/4d4d002b/']]]],
        ['mimeType' => '', 'extensions' => ['mp3'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/494433/', '/FFFB/']]]],
        ['mimeType' => '', 'extensions' => ['com', 'dll', 'drv', 'exe', 'pif', 'qts', 'qtx', 'sys', 'acm', 'ax', 'cpl', 'fon', 'ocx', 'olb', 'scr', 'vbx'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/4d5a/']]]],
        ['mimeType' => '', 'extensions' => ['zip', 'jar', 'kmz', 'kwd', 'odt', 'odp', 'ott', 'sxc', 'sxd', 'sxi', 'sxw', 'sxc', 'wmz', 'xpi', 'xps', 'xpt'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/504b030414000100630000000000/']]]],
        ['mimeType' => '', 'extensions' => ['epub'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/504b03040a000200/']]]],
        ['mimeType' => '', 'extensions' => ['docx', 'pptx', 'xlsx'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/504b030414000600/']], 'trailing' => ['offset' => 18, 'bytes' => ['/504b0506/']]]],
        ['mimeType' => '', 'extensions' => ['png'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/89504e470d0a1a0a/']]]],
        ['mimeType' => '', 'extensions' => ['rar'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/526172211a0700/', '/526172211a070100/']]]],
        ['mimeType' => '', 'extensions' => ['asf', 'wmv', 'wma'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/3026b2758e66cf11a6d900aa0062ce6c/']]]],
        ['mimeType' => '', 'extensions' => ['ogg', 'oga', 'ogv'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/4f676753/']]]],
        ['mimeType' => '', 'extensions' => ['psd'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/38425053/']]]],
        ['mimeType' => '', 'extensions' => ['wav'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/52494646[0-9a-f]{8}57415645/']]]],
        ['mimeType' => '', 'extensions' => ['avi'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/52494646[0-9a-f]{8}41564920/']]]],
        ['mimeType' => '', 'extensions' => ['bmp', 'dib'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/424d/']]]],
        ['mimeType' => '', 'extensions' => ['xml'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/3c3f786d6c20/']]]],
        ['mimeType' => '', 'extensions' => ['rtf'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/7b5c72746631/']]]],
        ['mimeType' => '', 'extensions' => ['mpg', 'mpeg'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/000001ba/', '/47/', '/000001b3/']]]],
        ['mimeType' => '', 'extensions' => ['mp4'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/00000018667479706d703432/']]]],
        ['mimeType' => '', 'extensions' => ['txt'], 'signature' => ['exists' => false]],
    ];

    /**
     * @var array
     */
    public static function getSignatures()
    {
        return self::$signatures;
    }
}


1			<?php
2
3			/**
4			* @copyright Copyright (c) 2017 Matthias Held <[email protected]>
5			* @author Matthias Held <[email protected]>
6			* @license GNU AGPL version 3 or any later version
7			*
8			* This program is free software: you can redistribute it and/or modify
9			* it under the terms of the GNU Affero General Public License as
10			* published by the Free Software Foundation, either version 3 of the
11			* License, or (at your option) any later version.
12			*
13			* This program is distributed in the hope that it will be useful,
14			* but WITHOUT ANY WARRANTY; without even the implied warranty of
15			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16			* GNU Affero General Public License for more details.
17			*
18			* You should have received a copy of the GNU Affero General Public License
19			* along with this program. If not, see <https://www.gnu.org/licenses/>.
20			*/
21
22			namespace OCA\RansomwareDetection;
23
24			use OCA\RansomwareDetection\Analyzer\EntropyResult;
25
26			class FileSignatures
27			{
28			/**
29			* Signature definition.
30			*
31			* @var array
32			*/
33			private static $signatures = [
34			['mimeType' => 'application/pdf', 'extensions' => ['pdf'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/25504446/']], 'trailing' => ['offset' => 0, 'bytes' => ['/0a2525454f46/', '/0a2525454f460a/', '/0d0a2525454f460d0a/', '/0d2525454f460d/']]]],
35			['mimeType' => 'image/jpeg', 'extensions' => ['jpg', 'jpeg', 'jfif', 'jpe'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/ffd8ffe000104a46494600/', '/ffd8ffdb/', '/ffd8ffe1[0-9a-f]{4}457869660000/']], 'trailing' => ['offset' => 0, 'bytes' => ['/ffd9/']]]],
36			['mimeType' => 'image/jpg', 'extensions' => ['jp2'], 'signature' => ['trailing' => ['offset' => 0, 'bytes' => ['/0000000c6a5020200d0a/']]]],
37			['mimeType' => '', 'extensions' => ['mp4'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/000000146674797069736f6d/', '/000000186674797033677035/']]]],
38			['mimeType' => '', 'extensions' => ['mov'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/000000146674797071742020/']]]],
39			['mimeType' => '', 'extensions' => ['m4v'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/00000018667479706d703432/']]]],
40			['mimeType' => '', 'extensions' => ['mp4'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/0000001c667479704d534e56012900464d534e566d703432/']]]],
41			['mimeType' => '', 'extensions' => ['m4a'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/00000020667479704d344120/']]]],
42			['mimeType' => '', 'extensions' => ['ttf'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/0001000000/']]]],
43			['mimeType' => '', 'extensions' => ['ppt'], 'signature' => ['starting' => ['offset' => 512, 'bytes' => ['/006E1EF0/', '/0F00E803/']]]],
44			['mimeType' => '', 'extensions' => ['drw'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/07/']]]],
45			['mimeType' => '', 'extensions' => ['xls'], 'signature' => ['starting' => ['offset' => 512, 'bytes' => ['/0908100000060500/']]]],
46			['mimeType' => '', 'extensions' => ['doc'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/0d444f43/']]]],
47			['mimeType' => '', 'extensions' => ['webm'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/1a45dfa3/']]]],
48			['mimeType' => '', 'extensions' => ['mkv','mka', 'mks', 'mk3d', 'webm'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/45dfa3934282886d6174726f736b61/', '/1a45dfa3/']]]],
49			['mimeType' => '', 'extensions' => ['gz', 'tgz', 'vlt'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/1f8b08/']]]],
50			['mimeType' => '', 'extensions' => ['tar'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/1f9d/', '/1fA0/']]]],
51			['mimeType' => '', 'extensions' => ['eps'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/252150532d41646f62652d332e3020455053462d332030/']]]],
52			['mimeType' => '', 'extensions' => ['pdf'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/38425053/']]]],
53			['mimeType' => '', 'extensions' => ['xul'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/3c3f786d6c2076657273696f6e3d22312e30223f3e/']]]],
54			['mimeType' => '', 'extensions' => ['dwg'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/41433130/']]]],
55			['mimeType' => '', 'extensions' => ['vcf'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/424547494E3A56434152440D0A/']]]],
56			['mimeType' => '', 'extensions' => ['bz2', 'tar.bz2', 'tbz2', 'tb2'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/425a68/']]]],
57			['mimeType' => '', 'extensions' => ['iso'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/4344303031/']]]],
58			['mimeType' => '', 'extensions' => ['swf'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/435753/', '/465753/']]]],
59			['mimeType' => '', 'extensions' => ['gif'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/474946383761/', '/474946383961/']], 'trailing' => ['offset' => 0, 'bytes' => ['/003b/']]]],
60			['mimeType' => '', 'extensions' => ['tif', 'tiff'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/492049/', '/49492a00/', '/4d4d002a/', '/4d4d002b/']]]],
61			['mimeType' => '', 'extensions' => ['mp3'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/494433/', '/FFFB/']]]],
62			['mimeType' => '', 'extensions' => ['com', 'dll', 'drv', 'exe', 'pif', 'qts', 'qtx', 'sys', 'acm', 'ax', 'cpl', 'fon', 'ocx', 'olb', 'scr', 'vbx'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/4d5a/']]]],
63			['mimeType' => '', 'extensions' => ['zip', 'jar', 'kmz', 'kwd', 'odt', 'odp', 'ott', 'sxc', 'sxd', 'sxi', 'sxw', 'sxc', 'wmz', 'xpi', 'xps', 'xpt'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/504b030414000100630000000000/']]]],
64			['mimeType' => '', 'extensions' => ['epub'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/504b03040a000200/']]]],
65			['mimeType' => '', 'extensions' => ['docx', 'pptx', 'xlsx'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/504b030414000600/']], 'trailing' => ['offset' => 18, 'bytes' => ['/504b0506/']]]],
66			['mimeType' => '', 'extensions' => ['png'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/89504e470d0a1a0a/']]]],
67			['mimeType' => '', 'extensions' => ['rar'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/526172211a0700/', '/526172211a070100/']]]],
68			['mimeType' => '', 'extensions' => ['asf', 'wmv', 'wma'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/3026b2758e66cf11a6d900aa0062ce6c/']]]],
69			['mimeType' => '', 'extensions' => ['ogg', 'oga', 'ogv'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/4f676753/']]]],
70			['mimeType' => '', 'extensions' => ['psd'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/38425053/']]]],
71			['mimeType' => '', 'extensions' => ['wav'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/52494646[0-9a-f]{8}57415645/']]]],
72			['mimeType' => '', 'extensions' => ['avi'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/52494646[0-9a-f]{8}41564920/']]]],
73			['mimeType' => '', 'extensions' => ['bmp', 'dib'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/424d/']]]],
74			['mimeType' => '', 'extensions' => ['xml'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/3c3f786d6c20/']]]],
75			['mimeType' => '', 'extensions' => ['rtf'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/7b5c72746631/']]]],
76			['mimeType' => '', 'extensions' => ['mpg', 'mpeg'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/000001ba/', '/47/', '/000001b3/']]]],
77			['mimeType' => '', 'extensions' => ['mp4'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/00000018667479706d703432/']]]],
78			['mimeType' => '', 'extensions' => ['txt'], 'signature' => ['exists' => false]],
79			];
80
81			/**
82			* @var array
83			*/
84			public static function getSignatures()
85			{
86			return self::$signatures;
87			}
88			}
89

undo-ransomware / ransomware_detection

FileSignatures A last analyzed 2020-12-20 17:41 UTC

Complexity

Size/Duplication

Importance

1 Method

Duplication Side-by-Side

Filter issues like

FileSignatures A
last analyzed 2020-12-20 17:41 UTC