def extract()

in nightMARE/src/nightmare/malware/ghostpulse/payload.py [0:0]

• 15 lines of code
• 3 McCabe index (conditional complexity)

def extract(data: bytes) -> bytes:
    """
    Extracts payload from an encrypted file of ghostpulse.

    :param data: bytes of the encrypted file
    :return: payload bytes
    """
    if not (configuration_blob := __idat_extaction_implementation(data)) and not (
        configuration_blob := __pixels_extraction_implementation(data)
    ):
        raise RuntimeError(
            "Extraction unsuccessful, file does not appear to be GhostPulse file\n"
        )

    tmp_content = __get_second_stage_content(configuration_blob)
    encrypted_payload_content = __get_payload(tmp_content)
    encrypted_payload_xor_key = utils.get_data(
        encrypted_payload_content, 0, size=0x32 * 4
    )
    encrypted_payload_content = utils.get_data(encrypted_payload_content, 0x32 * 4)
    payload_content = bits.xor(encrypted_payload_content, encrypted_payload_xor_key)

    return payload_content