{% load key_tags %} {% if analysis.static and analysis.static.pe %}

PE Information

{% if analysis.static.pe.imagebase %} {% endif %} {% if analysis.static.pe.entrypoint %} {% endif %} {% if analysis.static.pe.reported_checksum %} {% endif %} {% if analysis.static.pe.actual_checksum %} {% endif %} {% if analysis.static.pe.osversion %} {% endif %} {% if analysis.static.pe.pdbpath %} {% endif %} {% if analysis.static.pe.timestamp %} {% endif %} {% if analysis.static.pe.imphash %} {% endif %} {% if analysis.static.pe.icon %} {% endif %} {% if analysis.static.pe.icon_hash %} {% endif %} {% if analysis.static.pe.icon_fuzzy %} {% endif %} {% if analysis.static.pe.exported_dll_name %} {% endif %}
Image Base {{analysis.static.pe.imagebase}}
Entry Point {{analysis.static.pe.entrypoint}}
Reported Checksum {{analysis.static.pe.reported_checksum}}
Actual Checksum {{analysis.static.pe.actual_checksum}}
Minimum OS Version {{analysis.static.pe.osversion}}
PDB Path {{analysis.static.pe.pdbpath}}
Compile Time {{analysis.static.pe.timestamp}}
Import Hash {{analysis.static.pe.imphash}}
Icon
Icon Exact Hash {{analysis.static.pe.icon_hash}}
Icon Similarity Hash {{analysis.static.pe.icon_fuzzy}}
Exported DLL Name {{analysis.static.pe.exported_dll_name}}

{% if analysis.static.pe.versioninfo %}

Version Infos

{% for info in analysis.static.pe.versioninfo %} {% if info.name %} {% endif %} {% endfor %}
{{info.name}} {{info.value}}

{% endif %} {% if analysis.static.pe.peid_signatures%}

PEiD Signatures

{% for sig in analysis.static.pe.peid_signatures %} {% endfor %}
{{sig}}

{% endif %} {% if analysis.static.pe.digital_signers %}

Digital Signers

{% for info in analysis.static.pe.digital_signers %} {% endfor %}
Certificate Common Name Serial Number SHA1 Fingerprint MD5 Fingerprint
{{info.cn}} {{info.sn}} {{info.sha1_fingerprint}} {{info.md5_fingerprint}}
{% endif %} {% if analysis.static.pe.guest_signers and analysis.static.pe.guest_signers.aux_signers %}

Microsoft Certificate Validation (Sign Tool)

{% if analysis.static.pe.guest_signers.aux_valid %} {% else %} {% endif %}
SHA1 Timestamp Valid Error
{{analysis.static.pe.guest_signers.aux_sha1}} {{analysis.static.pe.guest_signers.aux_timestamp}}
Yes
None
No
{{analysis.static.pe.guest_signers.aux_error_desc}}
{% for signer in analysis.static.pe.guest_signers.aux_signers %}
Chain {{signer.name}}
Issued to {{signer|getkey:"Issued to"}}
Issued by {{signer|getkey:"Issued by"}}
Expires {{signer.Expires}}
SHA1 Hash {{signer|getkey:"SHA1 hash"}}
{% endfor %}

{% endif %} {% if analysis.static.pe.sections %}

Sections

{% for section in analysis.static.pe.sections %} {% endfor %}
Name Virtual Address Virtual Size Size of Raw Data Characteristics Entropy
{{section.name}} {{section.virtual_address}} {{section.virtual_size}} {{section.size_of_data}} {{section.characteristics}} {{section.entropy}}

{% endif %} {% if analysis.static.pe.overlay %}

Overlay

Offset {{analysis.static.pe.overlay.offset}}
Size {{analysis.static.pe.overlay.size}}

{% endif %} {% if analysis.static.pe.resources %}

Resources

{% for section in analysis.static.pe.resources %} {% endfor %}
Name Offset Size Language Sub-language Entropy File type
{{section.name}} {{section.offset}} {{section.size}} {{section.language}} {{section.sublanguage}} {{section.entropy}} {{section.filetype}}

{% endif %} {% if analysis.static.pe.imports %}

Imports

{% for library in analysis.static.pe.imports %}
Library {{library.dll}}:
{% for function in library.imports %}
{{function.address}} {{function.name}}
{% endfor %}
{% endfor %}

{% endif %} {% if analysis.static.pe.exports %}

Exports

{% for export in analysis.static.pe.exports %} {% endfor %}
Ordinal Address Name
{{export.ordinal}} {{export.address}} {{export.name}}
{% endif %} {% else %} Nothing to display. {% endif %}