Skip to content

Collected data

Jump to bottom
nheijmans edited this page Jul 19, 2016 · 4 revisions

Overview of data collected per filetype

Portable Executable
Office Documents
ZIP files
E-mails
Other-files

PE-files

  • Filename of the sample
  • Filetype
  • Filesize
  • MD5 hash
  • SHA-1 hash
  • PE hash
  • Fuzzy hash
  • Imphash
  • YARA rules that match
  • PE compile time
  • Imported DLL's
  • PE packer information (if available)
  • PE language
  • Original filename (if available)
  • Strings

Office-documents

  • MD5
  • SHA-1
  • Filetype
  • Filename
  • Indicators (with olevba)

ZIP

  • MD5
  • SHA-1
  • Files in ZIP (each file will be pushed for static analysis)
  • Filesize
  • Filetype

E-mails

  • From
  • To
  • CC
  • BCC
  • Subject
  • Date
  • Attachments (will be pushed for static analysis as well)
  • Msg_id
  • attachment filenames
  • URL's from the message body

Other-files

  • Filename
  • Filetype
  • Filesize
  • MD5
  • SHA-1
  • YARA results
Clone this wiki locally