def __decrypt_configuration()

in nightMARE/src/nightmare/malware/netwire/configuration.py [0:0]

• 22 lines of code
• 7 McCabe index (conditional complexity)

def __decrypt_configuration(size_rva_encrypted: list, pe: lief.PE) -> list:
    """
    Decrypts the configuration.

    :param size_rva_encrypted: A list of extracted addresses where the encryption key and encrypted configuration are found.
    :param pe: The PE (Portable Executable) file object.

    :return: Dictionary of  the decrypted configuration.
    """
    config, rc4_key, ip_match, domain_name_match = __extract_config(size_rva_encrypted, pe)

    for encrypted_str_size, encrypted_str_rva in size_rva_encrypted:
        encrypted_data = utils.get_pe_data_from_rva(
            pe, encrypted_str_rva, size=encrypted_str_size
        )
        if encrypted_data == b"":
            continue
        try:
            if ip_match or domain_name_match:
                decrypted_data = encrypted_data
                if NULL_BYTE in decrypted_data:
                    decrypted_data = decrypted_data[: decrypted_data.index(NULL_BYTE)]
                config.append(decrypted_data.decode("utf-8"))
            else:
                decrypted_data = __decrypt_configuration_field(encrypted_data, rc4_key)
                config.append(decrypted_data.decode("utf-8"))
        except UnicodeDecodeError:
            raise RuntimeError(
                "Unable to extract the configuration: Unsuccessful decryption of the configuration"
            )
    return config