#文件静态信息报告示例
- PE 文件
{
"response_code": 0,
"data": {
"static": {
"details": {
"pe_version_info": [ // PE 文件版本
{
"name": "LegalCopyright",
"value": "Copyright (C) 2019 Mrack"
}
],
"pe_sections": [ // PE 节表信息
{
"pointer_to_rawdata": "0x00000400",
"name": ".text",
"virtual_address": "0x00001000",
"size_of_data": "0x00001c00",
"entropy": 6.242158533103589,
"SectionPermission": "R-E",
"virtual_size": "0x00001bc1"
}
],
"pe_signatures": {}, // PE 文件签名
"pe_imports": [ // PE 导入表
{
"imports": [
{
"name": "DisableThreadLibraryCalls",
"address": "0x10003014"
}
],
"dll": "KERNEL32.dll"
}
],
"pe_resources": [ // PE 资源信息
{
"name": "RT_VERSION",
"language": "LANG_CHINESE",
"filetype": "data",
"sublanguage": "SUBLANG_CHINESE_SIMPLIFIED",
"offset": "0x000090a0",
"size": "0x000002b0"
}
],
"tag": [ // 静态标签
"PE32",
"lang_chinese"
],
"pe_detect": { // 第三方检测信息
"find_crypt": null,
"urls": []
},
"pe_basic": { // PE 基本信息
"tls_info": {},
"import_hash": "1abe41975242325c19b3c9a004fa31b9",
"time_stamp": "2019-07-01 07:46:46",
"peid": [
"PE: protector: VMProtect(-)[-]",
"PE: linker: Microsoft Linker(14.0)[DLL32]"
],
"entry_point_section": ".text",
"image_base": "0x10000000",
"entry_point": "0x23f9"
},
"pe_exports": [ // PE 导出表
{
"ordinal": 1,
"name": "adler32",
"address": "0x10001b40"
}
]
},
"basic": { // 文件基本信息
"sha1": "9b415f74b471014c188c3ca4b93370007fed4f5e",
"sha256": "72ccd2b142d73e0bd6c7fa3ebec5ffe80fff233767207804a5a50a4641f8b23a",
"file_type": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows",
"file_name": "72ccd2b142d73e0bd6c7fa3ebec5ffe80fff233767207804a5a50a4641f8b23a",
"ssdeep": "384:Pje6+rxkF2OitkOcr9cerrloQY89ZEmIJ+pXRmvIKnTD+TsME:rQrxnOiklhcGZ78rA4n9",
"file_size": 22016,
"md5": "a148642a57e87818b8684d5956bdb3d6"
}
}
},
"msg": "OK"}- Office Document(OLE) 文件
{
"response_code": 0,
"data": {
"static": {
"details": {
"oledump": { // OLE Dump
"0": {
"type": "",
"name": "'\\x01CompObj'",
"size": "107"
}
},
"base_info": { // OLE基本信息
"MIMEType": "application/vnd.ms-excel",
"CompObjUserTypeLen": 31,
"CompObjUserType": "Microsoft Excel 2003 Worksheet",
"ModifyDate": "2017:07:05 06:02:29",
"ScaleCrop": "No",
"SharedDoc": "No",
"TitleOfParts": "",
"FileType": "XLS",
"AppVersion": 14.0,
"LinksUpToDate": "No",
"FileName": "macro.xls",
"CodePage": "Windows Japanese (Shift-JIS)",
"HeadingPairs": [
"Worksheets",
1
],
"FileTypeExtension": "xls",
"HyperlinksChanged": "No",
"LastPrinted": "2016:09:30 14:56:13",
"Security": "None",
"CreateDate": "2016:09:28 11:10:05",
"Software": "Microsoft Excel"
},
"tag": [ // 静态标签
"vba_macors",
"xls"
],
"oleid": { // OLEID
"Excel Workbook": true,
"VBA Macros": true,
"Encrypted": false,
"Application name": "Microsoft Excel",
"Flash objects": 0,
"ObjectPool": false,
"Visio Drawing": false,
"PowerPoint Presentation": false,
"Has SummaryInformation stream": true,
"OLE format": true,
"Word Document": false
},
"embedded": { // 嵌入信息
"macros": [{ // 嵌入宏代码
"vba_filename": "ThisWorkbook.cls",
"code": "",
"subfilename": "Z:\\SUBMIT_SAMPLE\\a2602b9c94a2bdbcac75b95d4430d4cda3a79986c016ac2ef2211afb00420f24",
"ole_stream": "_VBA_PROJECT_CUR/VBA/ThisWorkbook"
}],
"analysis": [{ // 嵌入分析
"type": "AutoExec",
"description": "Runs when the Excel Workbook is opened",
"keyword": "Workbook_Open"
}]
}
},
"basic": { // 文件基本信息
"sha1": "c20c248cac61c020534fd19c3104f3e4c9b39851",
"sha256": "a2602b9c94a2bdbcac75b95d4430d4cda3a79986c016ac2ef2211afb00420f24",
"file_type": "Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.0, Code page: 932, Name of Creating Application: Microsoft Excel, Last Printed: Fri Sep 30 14:56:13 2016, Create Time/Date: Wed Sep 28 11:10:05 2016, Last Saved Time/Date: Wed Jul 5 06:02:29 2017, Security: 0",
"file_name": "a2602b9c94a2bdbcac75b95d4430d4cda3a79986c016ac2ef2211afb00420f24",
"ssdeep": "1536:ek3hOdsylKlgryzc4bNhZFGzE+cL4LgldAcGoKHdi6nHHLa8USOBEeznXg16bIU0:ek3hOdsylKlgryzc4bNhZFGzE+cL4Lgq",
"file_size": 79872,
"md5": "b81cc045aeb9c0f46d34e9e19732bcec"
}
}
},
"msg": "OK"
}- PDF 文件
{
"response_code": 0,
"data": {
"static": {
"details": {
"urls": [], // 内嵌URL地址
"pdfid": {}, // PDF流信息
"base_info": { // PDF基本信息
"MIMEType": "application/pdf",
"FileType": "PDF",
"Linearized": "No",
"FileTypeExtension": "pdf",
"FileName": "01998715ab51a03cdaddff4ebe004da942ca3ae4e1357f3e1d5d5947b6e20624",
"PDFVersion": 1.3
},
"tag": [ // 静态标签
"pdf"
],
"javascript": [] // 内嵌JavaScript
},
"basic": { // 文件基本信息
"sha1": "0e89becf87b5aa7b68f1e463f47620de3995b1ee",
"sha256": "01998715ab51a03cdaddff4ebe004da942ca3ae4e1357f3e1d5d5947b6e20624",
"file_type": "PDF document, version 1.3",
"file_name": "01998715ab51a03cdaddff4ebe004da942ca3ae4e1357f3e1d5d5947b6e20624",
"ssdeep": "48:FuENYPlyRai1648QeS20KOu+s61GMaC9b57OMhCv++S5UcL60I7qS5+o+AS9Hbe2:cENYtyRaU5sV76RaCf7OMhc++S5Ucq7w",
"file_size": 2996,
"md5": "122ca0d4629ff12c3b0aa21bd18dbf08"
}
}
},
"msg": "OK"
}- RTF 文件
{
"response_code": 0,
"data": {
"static": {
"details": {
"base_info": { // RTF基本信息
"MIMEType": "text/rtf",
"FileType": "RTF",
"FileTypeExtension": "rtf",
"FileName": "69ee6723340148cec550251d4151ea953ef1f637839ec4b4769d260917bedc8e"
},
"tag": [ // 静态标签
"rtf"
]
},
"basic": { // 文件基本信息
"sha1": "b03271072ab126b33316da3f02c528c297d683fe",
"sha256": "69ee6723340148cec550251d4151ea953ef1f637839ec4b4769d260917bedc8e",
"file_type": "Rich Text Format data, version 1, unknown character set",
"file_name": "69ee6723340148cec550251d4151ea953ef1f637839ec4b4769d260917bedc8e",
"ssdeep": "12288:k+kD4uLZMDuarevCd5OXjkttS5tnLSD8djMQnVTG4LBckzrG/gH9J:l1u1OrbdVA7Lg8djXnM4LKkzP",
"file_size": 820927,
"md5": "b8bcdad201dc03be9f312afca81029b2"
}
}
},
"msg": "OK"
}- ELF 文件
{
"response_code": 0,
"data": {
"static": {
"details": {
"dynamic_tags": [ // 动态段信息
{
"tag": "0x0000000000000010",
"type": "SYMBOLIC",
"value": "0x0000000000000000"
}
],
"notes": [], // 注释信息
"section_headers": [ // 段信息
{
"addr": "0x0000000000000000",
"type": "NULL",
"name": "",
"size": 0
}
],
"file_header": { // ELF 基本信息
"magic": "\\x7fELF",
"version": "0x1",
"os_abi": "UNIX - System V",
"ei_version": "1 (current)",
"number_of_program_headers": 6,
"abi_version": 0,
"size_of_section_headers": 64,
"data": "2's complement, little endian",
"machine": "Advanced Micro Devices X86-64",
"class": "ELF64",
"number_of_section_headers": 26,
"flags": "0x0000000000000000",
"type": "DYN (Shared object file)",
"section_header_string_table_index": 25,
"entry_point_address": "0x000000000000fddc",
"start_of_section_headers": 1172768,
"size_of_this_header": 64,
"size_of_program_headers": 56,
"start_of_program_headers": 64
},
"program_headers": [ // Program 信息
{
"type": "LOAD",
"flags": "R E",
"addr": "0x0000000000000000",
"size": 1141456
}
],
"tag": [ // 静态标签
"so"
],
"symbol_tables": [ // 符号表信息
{
"ndx_name": "",
"bind": "LOCAL",
"type": "NOTYPE",
"value": "0x0000000000000000"
}
],
"relocations": [ // 重定位信息
{
"name": ".rela.dyn",
"entries": [
{
"info": "0x0000000000000008",
"type": "R_X86_64_RELATIVE",
"name": "",
"value": "",
"offset": "0x0000000000317650"
}
]
}
]
},
"basic": { // 文件基本信息
"sha1": "520373aa9c5a099db7b0cc8c04418eaac66c6117",
"sha256": "36be26d65808ead53780612007ab0165b62bca2de9779dbd63afdba5ce3062a3",
"file_type": "ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, stripped", "file_name": "36be26d65808ead53780612007ab0165b62bca2de9779dbd63afdba5ce3062a3",
"ssdeep": "24576:JqQiZtBMZFBWDBvuvdztCntu1OscG0g76+QsHTkPiYqUFdHSHeOG+rVyBTUUs1ek:riZtBMZFBWDBvuvdztCntu1OscG0g76+", "file_size": 1174432,
"md5": "cdad1039d8d9f197a693892a2d88124c"
}
}
},
"msg": "OK"
}- 压缩文件(ZIP)
{
"response_code": 0,
"data": {
"static": {
"details": {
"zip": [
{
"Path": "Z:\\SUBMIT_SAMPLE\\8cd40af98ddbfa579376e14fdeed20b20156282c8d3d7253526466836693ad7d",
"Type": "zip", // ZIP 文件结构
"Physical Size": "14898078"
},
{
"Comment": "",
"Attributes": "A",
"Created": "2019-01-02 16:09:56",
"Packed Size": "5010",
"Encrypted": "-",
"Modified": "2019-01-02 15:15:23",
"Host OS": "FAT",
"CRC": "C965CAAE",
"Volume Index": "0",
"Version": "20",
"Accessed": "2019-01-02 16:09:56",
"Path": "pcreposix-0.dll",
"Folder": "-",
"Method": "Deflate",
"Size": "9728"
}
],
"base_info": { // ZIP 基本信息
"MIMEType": "application/zip",
"ZipRequiredVersion": 20,
"ZipCRC": "0xc965caae",
"FileType": "ZIP",
"ZipCompression": "Deflated",
"FileName": "8cd40af98ddbfa579376e14fdeed20b20156282c8d3d7253526466836693ad7d",
"ZipCompressedSize": 5010,
"FileTypeExtension": "zip",
"ZipFileName": "pcreposix-0.dll",
"ZipBitFlag": 0,
"ZipUncompressedSize": 9728,
"ZipModifyDate": "2019:01:02 15:15:11"
},
"tag": [ // 静态标签
"zip"
]
},
"basic": { // 文件基本信息
"sha1": "01cb66a858d8e4c42334149865c204d0a97d7389",
"sha256": "8cd40af98ddbfa579376e14fdeed20b20156282c8d3d7253526466836693ad7d",
"file_type": "Zip archive data, at least v2.0 to extract",
"file_name": "8cd40af98ddbfa579376e14fdeed20b20156282c8d3d7253526466836693ad7d",
"ssdeep": "393216:n3Cz49jJ8xPvYkdBFpyh+6TY8tBMNGlYrAs9HY0Z:nzVkXFYw6cKxCrAg4U",
"file_size": 14898078,
"md5": "170fb01f3a9f47096608c50109365879"
}
}
},
"msg": "OK"
} 云API是北京微步在线科技有限公司旗下产品了解微步在线《用户服务条款》《数据保护政策》
联系我们:api@threatbook.cn
联系我们:api@threatbook.cnCopyright © ThreatBook.CN All Rights Reserved. 京ICP备15044984号-4 北京微步在线科技有限公司 京公网安备11010802025715号