panoptcy · August 5, 2022 15:19 · Jul 23, 2021 · Jul 23, 2021 · Jul 23, 2021 · Jul 23, 2021
diff --git a/DhashIcon.py b/DhashIcon.py
@@ -10,16 +10,15 @@
 import argparse
 from PIL import Image
 
-
+# Extracting first icon available
 def extract_icon(exe):
     binary = lief.parse(exe)
-
     bin = binary.resources_manager
     ico = bin.icons
     ico = ico[0].save("peico.ico")
     return
 
-
+# Generate dhash on the icon previously extracted
 def generate_icon_dhash(exe, hash_size = 8):
     extract_icon(exe)
     image = Image.open("peico.ico")
@@ -29,7 +28,7 @@ def generate_icon_dhash(exe, hash_size = 8):
         )
 
     difference = []
-
+    
     for row in range(hash_size):
         for col in range(hash_size):
             pixel_left = image.getpixel((col, row))

diff --git a/DhashIcon.py b/DhashIcon.py
@@ -56,12 +56,9 @@ def generate_icon_dhash(exe, hash_size = 8):
 def main():
     # select arguments
     parser = argparse.ArgumentParser(description='Generate icon dhash by Thomas Roccia')
-    parser.add_argument("-f", "--file", help="sample", required=True)
+    parser.add_argument("-f", "--file", help="Specify the PE file", required=True)
     args = parser.parse_args()
 
-    # handle ctrl+c
-    #signal.signal(signal.SIGINT, signal_handler)
-
     if args.file:
         try: 
             dhash = generate_icon_dhash(args.file)

diff --git a/DhashIcon.py b/DhashIcon.py
@@ -56,7 +56,7 @@ def generate_icon_dhash(exe, hash_size = 8):
 def main():
     # select arguments
     parser = argparse.ArgumentParser(description='Generate icon dhash by Thomas Roccia')
-    parser.add_argument("-f", "--file", help="Check domain list", required=True)
+    parser.add_argument("-f", "--file", help="sample", required=True)
     args = parser.parse_args()
 
     # handle ctrl+c

diff --git a/DhashIcon.py b/DhashIcon.py
@@ -28,7 +28,6 @@ def generate_icon_dhash(exe, hash_size = 8):
         Image.ANTIALIAS,
         )
 
-  # Compare adjacent pixels.
     difference = []
 
     for row in range(hash_size):

diff --git a/DhashIcon.py b/DhashIcon.py
@@ -37,9 +37,6 @@ def generate_icon_dhash(exe, hash_size = 8):
             pixel_right = image.getpixel((col + 1, row))
             difference.append(pixel_left > pixel_right)
 
-
-  # Convert the binary array to a hexadecimal string.
-
     decimal_value = 0
     hex_string = []
 
@@ -56,7 +53,6 @@ def generate_icon_dhash(exe, hash_size = 8):
     return ''.join(hex_string)
 
 
-
 # main function
 def main():
     # select arguments

diff --git a/DhashIcon.py b/DhashIcon.py
@@ -27,9 +27,6 @@ def generate_icon_dhash(exe, hash_size = 8):
         (hash_size + 1, hash_size),
         Image.ANTIALIAS,
         )
-
-    pixels = list(image.getdata())
-
 
   # Compare adjacent pixels.
     difference = []

diff --git a/DhashIcon.py b/DhashIcon.py
@@ -3,6 +3,7 @@
 # Thomas Roccia | IconDhash.py
 # pip3 install lief
 # pip3 install pillow
+# resource: https://www.hackerfactor.com/blog/?/archives/529-Kind-of-Like-That.html
 
 import lief
 import os

diff --git a/DhashIcon.py b/DhashIcon.py
@@ -10,42 +10,42 @@
 from PIL import Image
 
 
-# Extracting first available icon with lief
 def extract_icon(exe):
     binary = lief.parse(exe)
-    # extracting icon and saves in a temp file peico.ico
+
     bin = binary.resources_manager
     ico = bin.icons
     ico = ico[0].save("peico.ico")
     return
 
 
-# generate dhash icon
 def generate_icon_dhash(exe, hash_size = 8):
-    # extract icon
     extract_icon(exe)
-    # open extracted icon
-    icon = Image.open("peico.ico")
-    icon = icon.convert('L').resize(
+    image = Image.open("peico.ico")
+    image = image.convert('L').resize(
         (hash_size + 1, hash_size),
         Image.ANTIALIAS,
         )
 
-    pixels = list(icon.getdata())
+    pixels = list(image.getdata())
+
 
-    # Compare pixels.
-    diff = []
+  # Compare adjacent pixels.
+    difference = []
 
     for row in range(hash_size):
         for col in range(hash_size):
-            left = icon.getpixel((col, row))
-            right = icon.getpixel((col + 1, row))
-            diff.append(left > right)
+            pixel_left = image.getpixel((col, row))
+            pixel_right = image.getpixel((col + 1, row))
+            difference.append(pixel_left > pixel_right)
+
+
+  # Convert the binary array to a hexadecimal string.
 
     decimal_value = 0
     hex_string = []
 
-    for index, value in enumerate(diff):
+    for index, value in enumerate(difference):
         if value:
             decimal_value += 2**(index % 8)
 
@@ -58,16 +58,23 @@ def generate_icon_dhash(exe, hash_size = 8):
     return ''.join(hex_string)
 
 
+
 # main function
 def main():
     # select arguments
     parser = argparse.ArgumentParser(description='Generate icon dhash by Thomas Roccia')
     parser.add_argument("-f", "--file", help="Check domain list", required=True)
     args = parser.parse_args()
 
+    # handle ctrl+c
+    #signal.signal(signal.SIGINT, signal_handler)
+
     if args.file:
-        dhash = generate_icon_dhash(args.file)
-        print(dhash)
+        try: 
+            dhash = generate_icon_dhash(args.file)
+            print("[+] dhash icon: %s" % dhash)
+        except:
+            print("[!] no icon available")
 
 
 if __name__ == '__main__':

diff --git a/DhashIcon.py b/DhashIcon.py
@@ -0,0 +1,74 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+# Thomas Roccia | IconDhash.py
+# pip3 install lief
+# pip3 install pillow
+
+import lief
+import os
+import argparse
+from PIL import Image
+
+
+# Extracting first available icon with lief
+def extract_icon(exe):
+    binary = lief.parse(exe)
+    # extracting icon and saves in a temp file peico.ico
+    bin = binary.resources_manager
+    ico = bin.icons
+    ico = ico[0].save("peico.ico")
+    return
+
+
+# generate dhash icon
+def generate_icon_dhash(exe, hash_size = 8):
+    # extract icon
+    extract_icon(exe)
+    # open extracted icon
+    icon = Image.open("peico.ico")
+    icon = icon.convert('L').resize(
+        (hash_size + 1, hash_size),
+        Image.ANTIALIAS,
+        )
+
+    pixels = list(icon.getdata())
+
+    # Compare pixels.
+    diff = []
+
+    for row in range(hash_size):
+        for col in range(hash_size):
+            left = icon.getpixel((col, row))
+            right = icon.getpixel((col + 1, row))
+            diff.append(left > right)
+
+    decimal_value = 0
+    hex_string = []
+
+    for index, value in enumerate(diff):
+        if value:
+            decimal_value += 2**(index % 8)
+
+        if (index % 8) == 7:
+            hex_string.append(hex(decimal_value)[2:].rjust(2, '0'))
+            decimal_value = 0
+
+    os.remove("peico.ico")
+
+    return ''.join(hex_string)
+
+
+# main function
+def main():
+    # select arguments
+    parser = argparse.ArgumentParser(description='Generate icon dhash by Thomas Roccia')
+    parser.add_argument("-f", "--file", help="Check domain list", required=True)
+    args = parser.parse_args()
+
+    if args.file:
+        dhash = generate_icon_dhash(args.file)
+        print(dhash)
+
+
+if __name__ == '__main__':
+    main()