| Key | Value |
|---|---|
| CRC32 | 775F1402 |
| FileName | ./usr/lib/python2.7/dist-packages/peframe/modules/magic.py |
| FileSize | 8831 |
| MD5 | C871D57393D1ADA2812BCB7E9CA9175A |
| OpSystemCode | {'MfgCode': '1006', 'OpSystemCode': '362', 'OpSystemName': 'TBD', 'OpSystemVersion': 'none'} |
| ProductCode | {'ApplicationType': 'Operating System', 'Language': 'English', 'MfgCode': '1722', 'OpSystemCode': '599', 'ProductCode': '163709', 'ProductName': 'BlackArch Linux', 'ProductVersion': '2017.03.01'} |
| SHA-1 | 26229C9D05628DFFA1AE594EDC3985CB18AD1975 |
| SHA-256 | AE9C45CEFE9CF7EC11DBD55FE2E31B98E032AA3749CE49765DFDD8C079C1EE08 |
| SSDEEP | 192:aQFtmetx+n41ikTGQu75MIr7YLxP/BFLks0/gzRUsRXl/Rt/Lj:aQFtmetx+nKikTGF5NPMxHBxks0/gNUg |
| SpecialCode | |
| TLSH | T1E502A536DD852264EF9264150503B00DEF1DB803D6582A68BCEC62357F30D2DCAEBBD9 |
| db | nsrl_modern_rds |
| insert-timestamp | 1646992663.3296187 |
| source | NSRL |
| hashlookup:parent-total | 2 |
| hashlookup:trust | 60 |
The searched file hash is included in 2 parent files which include package known and seen by metalookup. A sample is included below:
| Key | Value |
|---|---|
| FileSize | 144884 |
| MD5 | D79C047AE73AF45F9F79C5195D291A87 |
| PackageDescription | open source tool to perform static analysis on PE malware PEframe is a open source tool to perform static analysis on Portable Executable malware and generic suspicious files. It can help malware researchers to detect packer, xor, digital signature, mutex, anti debug, anti virtual machine, suspicious sections and functions, and much more information about the suspicious files. |
| PackageMaintainer | Sascha Steinbiss <satta@debian.org> |
| PackageName | peframe |
| PackageSection | utils |
| PackageVersion | 5.0.1+git20170303.0.e482def+dfsg-1~bpo9+1 |
| SHA-1 | 3E6A89FD597C0E4465AD3273DC429749AAB1218E |
| SHA-256 | B46773004D3784164A8ADD3F55A845FB4738275B4803666F400D8B5374C4BF9B |
| Key | Value |
|---|---|
| FileSize | 144248 |
| MD5 | 8E285E04DFF0C3DCF15864F8B39B2DB9 |
| PackageDescription | open source tool to perform static analysis on PE malware PEframe is a open source tool to perform static analysis on Portable Executable malware and generic suspicious files. It can help malware researchers to detect packer, xor, digital signature, mutex, anti debug, anti virtual machine, suspicious sections and functions, and much more information about the suspicious files. |
| PackageMaintainer | Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> |
| PackageName | peframe |
| PackageSection | utils |
| PackageVersion | 5.0.1+git20170303.0.e482def+dfsg-1 |
| SHA-1 | 64D201C7AACD3E9924501C4A4ACD4192FEA04892 |
| SHA-256 | 2E70D9D84F9258B20DBABE4CD5C520EE15C729261A4662BFA45671C012318D89 |