General

Malware Config

Signatures

Files

• 19d156d205df792a4a8c881b2201c561c9f74babc40cdb8ecd7f55d68f3c135b

  .zip
• ExeFilter-1.1.2-alpha3/Conteneur.py

  .py .sh linux
• ExeFilter-1.1.2-alpha3/Conteneur_Fichier.py

  .py .sh linux
• ExeFilter-1.1.2-alpha3/Conteneur_Repertoire.py

  .py .sh linux
• ExeFilter-1.1.2-alpha3/Conteneur_Zip.py

  .py .sh linux
• ExeFilter-1.1.2-alpha3/DEMO.bat
• ExeFilter-1.1.2-alpha3/ExeFilter.py

  .py .sh linux
• ExeFilter-1.1.2-alpha3/ExeFilter_documentation_EN.pdf

  .pdf

  • http://www.cecill.info/

    Analyze

  • http://www.decalage.info/fr/sstic06

    Analyze

  • http://www.decalage.info/fr/sstic04

    Analyze

  • http://www.decalage.info/fr/sstic03

    Analyze

  • http://www.ruby-lang.org/en/downloads/

    Analyze

  • http://en.wikipedia.org/wiki/INI_file

    Analyze

  • http://www.decalage.info/exefilter

    Analyze

  • http://www.f-prot.com/

    Analyze

  • http://www.decalage.info/python/pyclamd

    Analyze

  • http://www.clamav.net/

    Analyze

  • http://sourceforge.net/projects/pywin32/

    Analyze

  • http://www.activestate.com/Products/activepython

    Analyze

  • http://www.python.org/

    Analyze
  • Show all
• ExeFilter-1.1.2-alpha3/ExeFilter_documentation_FR.pdf

  .pdf

  • http://www.cecill.info/

    Analyze

  • http://actes.sstic.org/SSTIC06/Diode_ExeFilter/

    Analyze

  • http://actes.sstic.org/SSTIC04/Filtrage_messagerie/

    Analyze

  • http://actes.sstic.org/SSTIC03/Formats_de_fichiers/

    Analyze

  • http://www.f-prot.com/

    Analyze

  • http://www.decalage.info/python/pyclamd

    Analyze

  • http://www.clamav.net/

    Analyze

  • http://admisource.gouv.fr/projects/exefilter

    Analyze

  • http://www.jorendorff.com/articles/python/path/

    Analyze

  • http://sourceforge.net/projects/pywin32/

    Analyze

  • http://www.activestate.com/Products/activepython

    Analyze

  • http://www.python.org/

    Analyze
  • Show all
• ExeFilter-1.1.2-alpha3/Fichier.py

  .py .sh linux
• ExeFilter-1.1.2-alpha3/Filtres/Filtre.py

  .py .sh linux
• ExeFilter-1.1.2-alpha3/Filtres/Filtre_AVI.py

  .py .sh linux
• ExeFilter-1.1.2-alpha3/Filtres/Filtre_BMP.py

  .py .sh linux
• ExeFilter-1.1.2-alpha3/Filtres/Filtre_GIF.py

  .py .sh linux
• ExeFilter-1.1.2-alpha3/Filtres/Filtre_HTML.py

  .py .sh linux
• ExeFilter-1.1.2-alpha3/Filtres/Filtre_JPEG.py

  .py .sh linux
• ExeFilter-1.1.2-alpha3/Filtres/Filtre_MP3.py

  .py .sh linux
• ExeFilter-1.1.2-alpha3/Filtres/Filtre_Office.py

  .py .sh linux
• ExeFilter-1.1.2-alpha3/Filtres/Filtre_PDF.py

  .py .sh linux
• ExeFilter-1.1.2-alpha3/Filtres/Filtre_PNG.py

  .py .sh linux
• ExeFilter-1.1.2-alpha3/Filtres/Filtre_RTF.py

  .py .sh linux
• ExeFilter-1.1.2-alpha3/Filtres/Filtre_Texte.py

  .py .sh linux
• ExeFilter-1.1.2-alpha3/Filtres/Filtre_WAV.py

  .py .sh linux
• ExeFilter-1.1.2-alpha3/Filtres/Filtre_Zip.py

  .py .sh linux
• ExeFilter-1.1.2-alpha3/Filtres/HTMLParser_PL.py

  .py .sh linux
• ExeFilter-1.1.2-alpha3/Filtres/OleFileIO_PL.py

  .py .sh linux
• ExeFilter-1.1.2-alpha3/Filtres/RechercherRemplacer.py

  .py .sh linux
• ExeFilter-1.1.2-alpha3/Filtres/__init__.py

  .py .sh linux
• ExeFilter-1.1.2-alpha3/Journal.py

  .py .sh linux
• ExeFilter-1.1.2-alpha3/LICENCE.txt
• ExeFilter-1.1.2-alpha3/Licence_CeCILL_V2-en.html
• ExeFilter-1.1.2-alpha3/Licence_CeCILL_V2-fr.html
• ExeFilter-1.1.2-alpha3/PKG-INFO
• ExeFilter-1.1.2-alpha3/Parametres.py

  .py .sh linux
• ExeFilter-1.1.2-alpha3/Politique.py

  .py .sh linux
• ExeFilter-1.1.2-alpha3/README.txt
• ExeFilter-1.1.2-alpha3/README_origami.txt
• ExeFilter-1.1.2-alpha3/Rapport.py

  .py .sh linux
• ExeFilter-1.1.2-alpha3/Resultat.py

  .py .sh linux
• ExeFilter-1.1.2-alpha3/__init__.py

  .py .sh linux
• ExeFilter-1.1.2-alpha3/commun.py

  .py .sh linux
• ExeFilter-1.1.2-alpha3/demo.py
• ExeFilter-1.1.2-alpha3/demo_files/Executable renamed.txt

  .exe windows x86

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Sections

  UPX0

  Size: - Virtual size: 36KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  UPX1

  Size: 15KB - Virtual size: 16KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  UPX2

  Size: 512B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

• out.upx

  .exe windows x86

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Sections

  .text

  Size: 25KB - Virtual size: 25KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .bss

  Size: - Virtual size: 608B

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 88B - Virtual size: 88B

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 780B - Virtual size: 780B

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

• ExeFilter-1.1.2-alpha3/demo_files/Executable.exe

  .exe windows x86

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Sections

  UPX0

  Size: - Virtual size: 36KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  UPX1

  Size: 15KB - Virtual size: 16KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  UPX2

  Size: 512B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

• out.upx

  .exe windows x86

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Sections

  .text

  Size: 25KB - Virtual size: 25KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .bss

  Size: - Virtual size: 608B

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 88B - Virtual size: 88B

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 780B - Virtual size: 780B

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

• ExeFilter-1.1.2-alpha3/demo_files/GIF Picture.gif

  .gif
• ExeFilter-1.1.2-alpha3/demo_files/HTML Javascript obfuscated.html

  .html
• ExeFilter-1.1.2-alpha3/demo_files/HTML normal.html

  .html
• ExeFilter-1.1.2-alpha3/demo_files/JPEG Picture.jpg

  .jpg
• ExeFilter-1.1.2-alpha3/demo_files/PDF EmbeddedFile HTML.pdf

  .pdf
• HTML Javascript obfuscated.html

  .html
• ExeFilter-1.1.2-alpha3/demo_files/PDF Javascript trigger.pdf

  .pdf
• ExeFilter-1.1.2-alpha3/demo_files/PDF Javascript.pdf

  .pdf
• ExeFilter-1.1.2-alpha3/demo_files/PDF Launch calc.pdf

  .pdf

  • http://Calculator.app

    Analyze
• ExeFilter-1.1.2-alpha3/demo_files/PNG Picture.png

  .png
• ExeFilter-1.1.2-alpha3/demo_files/RTF OLE Package EXE.rtf

  .rtf
• ExeFilter-1.1.2-alpha3/demo_files/Word 2003 OLE Package EXE.doc

  .doc windows office2003
• ExeFilter-1.1.2-alpha3/demo_files/Word 2003 VBA macro.doc

  .doc windows office2003

  ThisDocument

  NewMacros
• ExeFilter-1.1.2-alpha3/demo_files/Word 2003 normal.doc

  .doc windows office2003
• ExeFilter-1.1.2-alpha3/demo_files/Zipped JPEG and EXE.zip

  .zip .ps1
• ExeFilter-1.1.2-alpha3/demo_files/Zipped PDFs.zip

  .zip
• ExeFilter-1.1.2-alpha3/demo_files/Zipped Word 2003 VBA macro.zip

  .zip
• ExeFilter-1.1.2-alpha3/demo_files/_README.txt
• ExeFilter-1.1.2-alpha3/install.bat
• ExeFilter-1.1.2-alpha3/locale/en/LC_MESSAGES/ExeFilter.mo
• ExeFilter-1.1.2-alpha3/locale/en/LC_MESSAGES/ExeFilter.po
• ExeFilter-1.1.2-alpha3/path.py
• ExeFilter-1.1.2-alpha3/plx.py

  .py .sh linux
• ExeFilter-1.1.2-alpha3/policy_origami.ini
• ExeFilter-1.1.2-alpha3/pyclamd.py

  .sh .js linux
• ExeFilter-1.1.2-alpha3/setup.py
• ExeFilter-1.1.2-alpha3/thirdparty/HTML/HTML.py

  .py .sh linux
• ExeFilter-1.1.2-alpha3/thirdparty/HTML/HTML.py.html
• ExeFilter-1.1.2-alpha3/thirdparty/HTML/HTML_tutorial.py
• ExeFilter-1.1.2-alpha3/thirdparty/HTML/Licence_CeCILL_V2-en.html
• ExeFilter-1.1.2-alpha3/thirdparty/HTML/Licence_CeCILL_V2-fr.html
• ExeFilter-1.1.2-alpha3/thirdparty/HTML/README.txt
• ExeFilter-1.1.2-alpha3/thirdparty/HTML/__init__.py
• ExeFilter-1.1.2-alpha3/thirdparty/HTML/install.bat
• ExeFilter-1.1.2-alpha3/thirdparty/HTML/setup.py
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/COPYING.txt
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/README.txt
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/install.bat
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/CHANGELOG.txt
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/COPYING.txt
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/README.txt
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/README_origapy.txt
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/.annotations.rb.swp
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/acroform.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/actions.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/adobe/addressbook.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/adobe/header.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/annotations.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/array.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/boolean.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/catalog.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/destinations.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/dictionary.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/encryption.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/export.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/fdf.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/file.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/filters.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/font.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/functions.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/graphics.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/graphics/colors.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/graphics/instruction.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/graphics/path.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/graphics/patterns.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/graphics/state.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/graphics/text.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/graphics/xobject.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/header.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/linearization.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/metadata.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/name.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/null.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/numeric.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/obfuscation.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/object.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/outline.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/page.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/parser.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/pdf.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/reference.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/signature.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/stream.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/string.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/trailer.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/webcapture.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/parser/xreftable.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/scripts/README.txt
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/scripts/antivir/calc.pdf

  .pdf
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/scripts/antivir/detectsig.rb

  .sh linux
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/scripts/antivir/eicar.pdf

  .pdf
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/scripts/antivir/extractjs.rb

  .sh linux
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/scripts/antivir/getopt.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/scripts/antivir/getopt_new.rb
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/scripts/antivir/pdfclean.rb

  .sh linux
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origami/scripts/antivir/pdfclean_server.rb

  .sh linux
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/origapy.py
• ExeFilter-1.1.2-alpha3/thirdparty/origapy/setup.py
• ExeFilter-1.1.2-alpha3/thirdparty/pdfid/README.txt
• ExeFilter-1.1.2-alpha3/thirdparty/pdfid/pdfid.py

  .py .sh linux
• ExeFilter-1.1.2-alpha3/thirdparty/pdfid/pdfid_PL.py

  .py .sh linux
• ExeFilter-1.1.2-alpha3/thirdparty/pdfid/pdfid_PL_0.0.7.py

  .py .sh linux
• ExeFilter-1.1.2-alpha3/zipfile_PL.py

  .py .sh linux