We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Describe the bug After the fix for certain samples, other samples are now giving a corrupted result for the String File Info items.
To Reproduce Download the malware file attached to this issue: 07e7d2848b6f9f626e9c7dc06de13c3d1f31ab31ce55226931d6e4d426178be6.zip Extract the file using the password liefsample. Verify that your new file has the right hash:
liefsample
$ sha256sum 07e7d2848b6f9f626e9c7dc06de13c3d1f31ab31ce55226931d6e4d426178be6 07e7d2848b6f9f626e9c7dc06de13c3d1f31ab31ce55226931d6e4d426178be6 07e7d2848b6f9f626e9c7dc06de13c3d1f31ab31ce55226931d6e4d426178be6
Using LIEF 0.12.0
>>> import lief >>> lief.__version__ '0.12.0-f8918911' >>> b = lief.parse("07e7d2848b6f9f626e9c7dc06de13c3d1f31ab31ce55226931d6e4d426178be6") >>> [print(k,v) for k,v in b.resources_manager.version.string_file_info.langcode_items[0].items.items()] ProductVersion b'1, 0, 0, 0' ProductName b'\xe6\x95\xb0\xe5\xad\x97\xe7\xad\xbe\xe5\x90\x8d\xe5\xb7\xa5\xe5\x85\xb7(\xe5\x91\xbd\xe4\xbb\xa4\xe8\xa1\x8c)' OriginalFilename b'DSignTool' InternalName b'CSignTool' FileVersion b'1, 9, 0, 0' LegalCopyright b'Copyright ? 2012' FileDescription b'\xe6\x95\xb0\xe5\xad\x97\xe7\xad\xbe\xe5\x90\x8d\xe5\xb7\xa5\xe5\x85\xb7(\xe5\x91\xbd\xe4\xbb\xa4\xe8\xa1\x8c)' CompanyName b'\xe4\xb8\x8a\xe6\xb5\xb7\xe5\x9f\x9f\xe8\x81\x94\xe8\xbd\xaf\xe4\xbb\xb6\xe6\x8a\x80\xe6\x9c\xaf\xe6\x9c\x89\xe9\x99\x90\xe5\x85\xac\xe5\x8f\xb8'
Using LIEF 0.13.0
>>> import lief >>> lief.__version__ '0.13.0-87689bec' >>> b = lief.parse("07e7d2848b6f9f626e9c7dc06de13c3d1f31ab31ce55226931d6e4d426178be6") >>> [print(k,v) for k,v in b.resources_manager.version.string_file_info.langcode_items[0].items.items()] String.wType should be 0 or 1 instead of 22495 String.wType should be 0 or 1 instead of 31614 String.wType should be 0 or 1 instead of 32 String.wType should be 0 or 1 instead of 105 String.wType should be 0 or 1 instead of 112 String.wType should be 0 or 1 instead of 101 String.wType should be 0 or 1 instead of 105 String.wType should be 0 or 1 instead of 114 String.wType should be 0 or 1 instead of 31614 String.wType should be 0 or 1 instead of 32 String.wType should be 0 or 1 instead of 112 ivateBuild b'8\x0c\x01ProductName' galTrademarks b'<\n\x01OriginalFilename' 9, 0, 0 b'4\n\x01InternalName' ecialBuild b'' 名工具(命令行) b'6\x0b\x01FileVersion' 0, 0, 0 b' ' 联软件技术有限公司 b'@\x0c\x01FileDescription' yright ? 2012 b'(' gnTool b'F\x11\x01LegalCopyright' Comments b':\r\x01CompanyName'
Expected behavior I was expecting the same output as version 0.12.0. Thank you for your hard work. :) I wish I could help more with the C++ code.
Environment
Additional context The attached sample is a malware. Please handle it as such.
The text was updated successfully, but these errors were encountered:
6fc45a5
romainthomas
No branches or pull requests
Describe the bug
After the fix for certain samples, other samples are now giving a corrupted result for the String File Info items.
To Reproduce
Download the malware file attached to this issue: 07e7d2848b6f9f626e9c7dc06de13c3d1f31ab31ce55226931d6e4d426178be6.zip
Extract the file using the password
liefsample
.Verify that your new file has the right hash:
Using LIEF 0.12.0
Using LIEF 0.13.0
Expected behavior
I was expecting the same output as version 0.12.0.
Thank you for your hard work. :) I wish I could help more with the C++ code.
Environment
Additional context
The attached sample is a malware. Please handle it as such.
The text was updated successfully, but these errors were encountered: