Tweak peutils.py

Small style changes.

peutils.py

@@ -59,11 +59,11 @@ def __init__(self, filename=None, data=None):
         # - A dictionary with a string as a key (packer name)
         #   and None as value to indicate a full signature
         #
-        self.signature_tree_eponly_true = dict()
+        self.signature_tree_eponly_true = {}
         self.signature_count_eponly_true = 0
-        self.signature_tree_eponly_false = dict()
+        self.signature_tree_eponly_false = {}
         self.signature_count_eponly_false = 0
-        self.signature_tree_section_start = dict()
+        self.signature_tree_section_start = {}
         self.signature_count_section_start = 0
 
         # The depth (length) of the longest signature
@@ -94,7 +94,7 @@ def generate_section_signatures(self, pe, name, sig_length=512):
                 name,
                 idx + 1,
                 len(pe.sections),
-                "".join([c for c in section.Name if c in string.printable]),
+                "".join(c for c in section.Name if c in string.printable),
             )
 
             section_signatures.append(
@@ -129,7 +129,7 @@ def __generate_signature(
 
         data = pe.__data__[offset : offset + sig_length]
 
-        signature_bytes = " ".join(["%02x" % ord(c) for c in data])
+        signature_bytes = " ".join("%02x" % ord(c) for c in data)
 
         if ep_only == True:
             ep_only = "true"
@@ -342,7 +342,7 @@ def __match_signature_tree(self, signature_tree, data, depth=0):
             if None in list(match.values()):
                 # idx represent how deep we are in the tree
                 #
-                # names = [idx+depth]
+                # names = [idx + depth]
                 names = list()
 
                 # For each of the item pairs we check
@@ -500,9 +500,9 @@ def is_valid(pe):
 
 def is_suspicious(pe):
     """
-    unusual locations of import tables
-    non recognized section names
-    presence of long ASCII strings
+    Unusual locations of import tables
+    Non-recognized section names
+    Presence of long ASCII strings
     """
 
     relocations_overlap_entry_point = False
@@ -544,7 +544,7 @@ def is_suspicious(pe):
         warnings_while_parsing
 
     # If there are few or none (should come with a standard "density" of strings/kilobytes of data) longer (>8)
-    # ascii sequences that might indicate packed data, (this is similar to the entropy test in some ways but
+    # ASCII sequences that might indicate packed data, (this is similar to the entropy test in some ways but
     # might help to discard cases of legitimate installer or compressed data)
 
     # If compressed data (high entropy) and is_driver => uuuuhhh, nasty
@@ -568,7 +568,6 @@ def is_probably_packed(pe):
     # Assume that the file is packed when no data is available
     if not total_pe_data_length:
         return True
-    has_significant_amount_of_compressed_data = False
 
     # If some of the sections have high entropy and they make for more than 20% of the file's size
     # it's assumed that it could be an installer or a packed file
@@ -582,7 +581,8 @@ def is_probably_packed(pe):
         if s_entropy > 7.4:
             total_compressed_data += s_length
 
-    if (total_compressed_data / total_pe_data_length) > 0.2:
-        has_significant_amount_of_compressed_data = True
+    has_significant_amount_of_compressed_data = (
+        total_compressed_data / total_pe_data_length > 0.2
+    )
 
     return has_significant_amount_of_compressed_data