bintropy.entropy fails for x86-64 malware binary

[nikhilh-20]

Malware sample link: https://bazaar.abuse.ch/sample/26ccf2824534d812c14a59783db85916a03da86ec65e86fc4b356657405080c7/

bintropy.entropy() on v1.3.7 fails to return average and highest block entropy for ELF malware: 26ccf2824534d812c14a59783db85916a03da86ec65e86fc4b356657405080c7 and that causes bintropy.bintropy(<sample_path>, decide=False) to fail.

$ pip freeze | grep bintropy
bintropy==1.3.7

In [1]: import bintropy

In [2]: with open("26ccf2824534d812c14a59783db85916a03da86ec65e86fc4b356657405080c7.elf", "rb") as f:
    ...:     exe = f.read()
    ...: 

In [3]: bintropy.entropy(exe, blocksize=256, ignore_half_block_zeros=True)
Out[3]: 4.275011364621254

In [4]: bintropy.bintropy("26ccf2824534d812c14a59783db85916a03da86ec65e86fc4b356657405080c7.elf", decide=False)
---------------------------------------------------------------------------
TypeError                                 Traceback (most recent call last)
Cell In[5], line 1
----> 1 bintropy.bintropy(sample_path, decide=False)

File ~/venv/lib/python3.8/site-packages/bintropy/__init__.py:126, in bintropy(executable, mode, blocksize, ignore_half_block_zeros, decide, threshold_average_entropy, threshold_highest_entropy, logger, **kwargs)
    124 else:
    125     try:
--> 126         return max([x for x in e[0] if x is not None]), e[1]
    127     except ValueError:  # occurs when ignore_half_block_zeros=True and all the blocks have more than half of
    128         return 0., 0.   #  their bytes being zeros

TypeError: 'float' object is not subscriptable

[dhondta]

Hi @nikhilh-20
Thank you for mentioning this. This is fixed in version 1.4.1.