MAP UpdateAuthor: David Zimmer Date: 11.29.24 - 6:44pm Small update to Malcode Analyst Pack Hash Files. Now you can Copy -> SQL Export and it will generate th sqllite Insert statements with the following data: (Sample Db, viewer) CREATE TABLE "files" ( "firstSeen" TEXT, "ssz" TEXT, "size" INTEGER, "fname" TEXT, "details" TEXT, "vt" INTEGER, "detects" INTEGER, "subs" INTEGER, "hash" TEXT, "date" TEXT, "compiled" TEXT, "sectCnt" INTEGER, "epSectIndex" TEXT, "sects" TEXT, "die" TEXT, "pdb" TEXT, "expCnt" INTEGER, "exports" TEXT, "resCnt" INTEGER, "resSize" INTEGER, "resNames" TEXT, "imphash" TEXT, "pever" TEXT, "fileProps" TEXT, "rich" TEXT, "ep" TEXT, "epSect" TEXT, "sig" TEXT, "sigDetails" TEXT ); CREATE TABLE "files_sects" ( "hash" TEXT, "i" INTEGER, "name" TEXT, "virtAddr" TEXT, "virtSz" TEXT, "rawOff" TEXT, "rawSz" TEXT, "flags" TEXT, "flagNames" TEXT, "hasEP" INTEGER, "entropy" TEXT ); A couple of the slower options like including Section Stats, DiE scan, and File Signature have check boxes so they arent mandatory. The VT fields can be filled out by choosing VT-> Lookup All, then right clicking on that list view and choosing Copy->Sql Update Just got tired of building databases like this manually from the csv output. Querable data is just easier to digest than the report dumps. I might make a dedicated viewer form if it has enough advantages over the db browser. If you got your MAP install through FLARE there will be more new stuff, I dont think I have updated that installer in a few years now. Comments: (0) |
About Me More Blogs Main Site
|
||||||||||||||||||||||||||||||||