local calculateTrendScore = function()

in ransomware/artifact.lua [3341:3410]

• 50 lines of code
• 12 McCabe index (conditional complexity)

    local calculateTrendScore = function(mostCreatedFileName, countOfFiles)
        
        
        
        local fileName = mostCreatedFileName:lower()
        local extension = processData.createFileNames[mostCreatedFileName][1].fileExtension:lower()

        
        local suspiciousWordCount = 0
        for _, suspiciousWord in pairs(suspiciousWords) do
            local match = string.find(fileName, suspiciousWord, nil, true)
            if match then
                suspiciousWordCount = suspiciousWordCount + 1
            end
        end

        
        local suspiciousExtension = 0
        local suspiciousExtensionName = nil
        for _, suspiciousExt in pairs(suspiciousExts) do
            if suspiciousExt == extension then
                suspiciousExtension = 1
                suspiciousExtensionName = extension
                break
            end
        end

        
        local uniqueDirectoriesByResponsibility = {}
        local uniqueDirectoriesByResponsibilityCount = 0
        for _, fileNameTable in pairs(processData.createFileNames[mostCreatedFileName]) do
            local normalizedPath = utils.NormalizePath(fileNameTable.filePath)
            if not utils.TableHasValue(uniqueDirectoriesByResponsibility, normalizedPath) then
                table.insert(uniqueDirectoriesByResponsibility, normalizedPath)
                uniqueDirectoriesByResponsibilityCount = uniqueDirectoriesByResponsibilityCount + 1
            end
        end
        if uniqueDirectoriesByResponsibilityCount > 0 then
            uniqueDirectoriesByResponsibilityCount = #uniqueDirectoriesByResponsibility - 1
        end

        
        
        
        
        
        
        
        local trendScore = 0.0
        trendScore = suspiciousWordCount * suspiciousExtension * uniqueDirectoriesByResponsibilityCount * countOfFiles
        if trendScore == 0 then
            return trendScore
        end

        
        utils.DebugLog(mostCreatedFileName .. ' was created ' .. countOfFiles .. ' times')
        if suspiciousWordCount > 0 then
            utils.DebugLog(mostCreatedFileName .. ' contains ' .. suspiciousWordCount .. ' suspicious word(s)')
        end
        if suspiciousExtension > 0 then
            utils.DebugLog(mostCreatedFileName .. ' contains a suspicious extension: ' .. suspiciousExtensionName)
        end
        if uniqueDirectoriesByResponsibilityCount > 0 then
            utils.DebugLog(mostCreatedFileName .. ' was created in directories that serve different responsibilities: ')
            utils.PrintTable(uniqueDirectoriesByResponsibility)
        end

        utils.DebugLog('ransom note detection trend score: ' .. trendScore)
        return trendScore
    end