import os

import pefile
import capstone
import math
import csv
from collections import Counter

# Dossier contenant les fichiers malwares

malware_dir = 'tfx'

# Fonction pour calculer l'entropie

def calculate_entropy(data):
if not data:
return 0
entropy = 0
counter = Counter(data)
for count in counter.values():
p_x = count / len(data)
entropy -= p_x * math.log2(p_x)
return entropy

# Fonction pour extraire les informations d'en-t�te

def extract_pe_header(pe):
return {
'Machine': pe.FILE_HEADER.Machine,
'NumberOfSections': pe.FILE_HEADER.NumberOfSections,
'Characteristics': pe.FILE_HEADER.Characteristics
}

# Fonction pour extraire les informations des sections

def extract_sections(pe):
sections_info = []
for section in pe.sections:
sections_info.append({
'Name': section.Name.decode(errors='ignore').strip(),
'VirtualSize': section.Misc_VirtualSize,
'VirtualAddress': section.VirtualAddress,
'SizeOfRawData': section.SizeOfRawData,
'Entropy': calculate_entropy(section.get_data())
})
return sections_info

# Fonction pour extraire les imports

def extract_imports(pe):
imports = []
if hasattr(pe, 'DIRECTORY_ENTRY_IMPORT'):
for entry in pe.DIRECTORY_ENTRY_IMPORT:
for imp in entry.imports:
imports.append(imp.name.decode(errors='ignore') if imp.name else
"N/A")
return imports

# Fonction pour extraire les exports

def extract_exports(pe):
exports = []
if hasattr(pe, 'DIRECTORY_ENTRY_EXPORT'):
for exp in pe.DIRECTORY_ENTRY_EXPORT.symbols:
exports.append(exp.name.decode(errors='ignore') if exp.name else "N/A")
return exports
# Fonction pour extraire l'histogramme des octets
def extract_byte_histogram(data):
byte_histogram = [0] * 256
for byte in data:
byte_histogram[byte] += 1
return byte_histogram

# Fonction pour extraire les opcodes

def extract_opcodes(pe):
opcodes = []
md = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_32)
for section in pe.sections:
if section.Characteristics & 0x20: # Section ex�cutable
code = section.get_data()
for instr in md.disasm(code, section.VirtualAddress):
opcodes.append(instr.mnemonic)
return opcodes

# Extraction des caract�ristiques pour chaque fichier

malware_data = []
for filename in os.listdir(malware_dir):
if filename.endswith('.exe') or filename.endswith('.dll'):
filepath = os.path.join(malware_dir, filename)
try:
pe = pefile.PE(filepath)
file_data = {}
file_data['Filename'] = filename

# Caract�ristiques statiques
file_data.update(extract_pe_header(pe))
file_data['Imports'] = ",".join(extract_imports(pe))
file_data['Exports'] = ",".join(extract_exports(pe))
file_data['Entropy'] = calculate_entropy(pe.__data__)
file_data['ByteHistogram'] = ",".join(map(str,
extract_byte_histogram(pe.__data__)))
file_data['Opcodes'] = ",".join(extract_opcodes(pe))

# Sections PE
for i, section_info in enumerate(extract_sections(pe), 1):
for key, value in section_info.items():
file_data[f'Section_{i}_{key}'] = value

malware_data.append(file_data)

except Exception as e:
print(f"Erreur lors du traitement de {filename}: {e}")

# �criture dans un fichier CSV

csv_filename = 'malware_features.csv'
csv_columns = malware_data[0].keys() if malware_data else []

with open(csv_filename, mode='w', newline='', encoding='utf-8') as csvfile:

writer = csv.DictWriter(csvfile, fieldnames=csv_columns)
writer.writeheader()
for data in malware_data:
writer.writerow(data)

print(f"Extraction termin�e. Les caract�ristiques ont �t� enregistr�es dans

{csv_filename}.")