Last Updated: 2023-04-02 08:32:42 UTC
by Didier Stevens (Version: 1)
I have a new release that brings some changes to the output.
Let me illustrate with this sample from MalwareBazaar:
At the end of the report (Remaining streams), I've added an indicator.
! indicates PE files and CAB files.
? indicates files that are not images (PNG, JPEG, BMP), neither PE or CAB files.
In this example, a SVG file (image) is marked with indicator ?.
I parse CAB files to list their content.
And you can change the hash algorithm with environment variable DSS_DEFAULT_HASH_ALGORITHMS.