From ed593f7380eb873e2030d915f6784d9d9957798e Mon Sep 17 00:00:00 2001
From: Ricardo van Zutphen <ricardo@hatching.io>
Date: Sat, 9 Feb 2019 00:45:32 +0100
Subject: [PATCH] Verify if there is an initial process from target Without
 verification, it raises an exception during URL analysis, as there is not
 target file in that case.

---
 modules/signatures/windows/moves_self.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/modules/signatures/windows/moves_self.py b/modules/signatures/windows/moves_self.py
index 067f27cc8..6835e2f75 100644
--- a/modules/signatures/windows/moves_self.py
+++ b/modules/signatures/windows/moves_self.py
@@ -18,9 +18,12 @@ class MovesSelf(Signature):
 
     def __init__(self, *args, **kwargs):
         Signature.__init__(self, *args, **kwargs)
-        self.initial_process = self.get_results("target", {}).get("file", {}).get("name", [])
+        self.initial_process = self.get_results("target", {}).get("file", {}).get("name", "")
 
     def on_call(self, call, process):
+        if not self.initial_process:
+            return
+
         oldpath = call["arguments"]["oldfilepath"]
         if self.initial_process in oldpath:
             self.mark_call()