function Ransomware:EntropyComparison()

in ransomware/artifact.lua [2984:3022]

• 33 lines of code
• 8 McCabe index (conditional complexity)

function Ransomware:EntropyComparison(eventData, processData, fileExtension, extensionData)
    local entropyStatus = globals.ENTROPY_STATUS_DEFAULT
    local entropyString = 'ENTROPY_DEFAULT'

    if globals.EXTENSION_IGNORED == extensionData.category then
        return entropyStatus
    end

    if globals.ENTROPY_REALLY_HIGH < eventData.entropy then
        if extensionData.lowEntropy then
            
            entropyString = 'ENTROPY_MISMATCH_REALLY_HIGH'
            entropyStatus = globals.ENTROPY_STATUS_MISMATCH_REALLY_HIGH
            self.EntropyMismatch(processData, fileExtension)
        else
            entropyString = 'ENTROPY_REALLY_HIGH'
            entropyStatus = globals.ENTROPY_STATUS_REALLY_HIGH
        end
    elseif globals.ENTROPY_VERY_HIGH < eventData.entropy then
        if extensionData.lowEntropy then
            
            entropyString = 'ENTROPY_MISMATCH_VERY_HIGH'
            entropyStatus = globals.ENTROPY_STATUS_MISMATCH_VERY_HIGH
            self.EntropyMismatch(processData, fileExtension)
        else
            entropyString = 'ENTROPY_VERY_HIGH'
            entropyStatus = globals.ENTROPY_STATUS_VERY_HIGH
        end
    elseif globals.ENTROPY_HIGH < eventData.entropy then
        entropyString = 'ENTROPY_HIGH'
        entropyStatus = globals.ENTROPY_STATUS_HIGH
    end

    if 'ENTROPY_DEFAULT' ~= entropyString then
        alert.RaiseFileAlertMetric(eventData, entropyString)
    end

    return entropyStatus
end