-
Notifications
You must be signed in to change notification settings - Fork 59
/
db_builder.py
executable file
·53 lines (42 loc) · 2.18 KB
/
db_builder.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
from sqlalchemy import create_engine
from sqlalchemy import MetaData, Column, Table, ForeignKey
from sqlalchemy import Integer, String
from conf.config import DB_ENGINE
engine = create_engine(DB_ENGINE, echo=False, connect_args={'check_same_thread': False})
metadata = MetaData(bind=engine)
samples_table = Table('sample_malwaresample', metadata,
Column('id', Integer, primary_key=True),
Column('timestamp', String(40)),
Column('sha256', String(32)),
Column('ephash', String(32)),
Column('imphash', String(32)),
Column('status', String(16)),
Column('md5', String(16)),
Column('binary_path', String),
sqlite_autoincrement=True)
procdumps_table = Table('sample_dump', metadata,
Column('id', Integer, primary_key=True),
Column('sample_id_id', None, ForeignKey('sample_malwaresample.id')),
Column('md5', String, nullable=False),
Column('sha256', String, nullable=False),
Column('ephash', String(32)),
Column('imphash', String(32)),
Column('process_name', String, nullable=False),
Column('source', String, nullable=False), # Source: injected/DLL/Process
Column('binary_path', String, nullable=False),
Column('timestamp', String, nullable=False)
)
tags_table = Table('sample_tag', metadata,
Column('id', Integer, primary_key=True),
Column('sample_id_id', None, ForeignKey('sample_malwaresample.id')),
Column('tag', String, nullable=False)
)
# create tables in database
metadata.create_all()
samplesTable = Table("sample_malwaresample", metadata, autoload=True, schema="main")
dumpsTable = Table("sample_dump", metadata, autoload=True, schema="main")
tagsTable = Table("sample_tag", metadata, autoload=True, schema="main")
def main():
print("Done")
if __name__ == '__main__':
main()