MicroSCOPE report

Questo report è stato generato il {{now}}.

Parametro	Valore
Nome del file	{{.Name}}
Dimensione	{{.Size}} bytes
Architettura	{{.Architecture}}
Formato file	{{.Format}}
Sha256 Hash	{{.Hash}}

Anomalie

In questa sezione si riassumono tutte le anomalie trovate all'interno del file compatibile con il comportamento di un ransowmare.

{{ range .Anomalies }} {{ end }}

Main Reason	Points
{{.Reason}}	{{.Points}}

{{ if eq .Format "ELF" }}

Ident

Parameter	Value
Magic	{{.ELFInterface.Ident.Magic}}
Class	{{.ELFInterface.Ident.Class}}
Endianness	{{.ELFInterface.Ident.Endianness}}
Version	{{.ELFInterface.Ident.Version}}
OSABI	{{.ELFInterface.Ident.OSABI}}
ABIVersion	{{.ELFInterface.Ident.ABIVersion}}
Padding	{{.ELFInterface.Ident.Padding}}
SizeIdent	{{.ELFInterface.Ident.SizeIdent}}

Header

Parameter	Value
Type	{{ .ELFInterface.Header.Type }}
Machine	{{ .ELFInterface.Header.Machine }} {{.ELFInterface.Header.Machine | ELFprintMachine }}
Version	{{ .ELFInterface.Header.Version }}
Entry	{{ .ELFInterface.Header.Entry }}
ProgramHeaderFileOffset	{{ .ELFInterface.Header.ProgramHeaderFileOffset }}
SectionHeaderFileOffset	{{ .ELFInterface.Header.SectionHeaderFileOffset }}
Flags	{{ .ELFInterface.Header.Flags }}
HeaderSize	{{ .ELFInterface.Header.HeaderSize }}
ProgramEntrySize	{{ .ELFInterface.Header.ProgramEntrySize }}
ProgramEntryNumbers	{{ .ELFInterface.Header.ProgramEntryNumbers }}
SectionEntryNumbers	{{ .ELFInterface.Header.SectionEntryNumbers }}
SectionEntrySize	{{ .ELFInterface.Header.SectionEntrySize }}
StringSectionsName	{{ .ELFInterface.Header.StringSectionsName }}

Sections

{{ range .ELFInterface.Sections }} {{ end }}

Name Pointer	Entropy	Type	Flags	VirtualAddress	Offset	Size	Link	MiscInformation	AddressAlignment	EntrySize
{{.Name}}	{{.Entropy}}	{{.Header.Type}}	{{.Header.Flags}}	{{.Header.VirtualAddress}}	{{.Header.Offset}}	{{.Header.Size}} bytes	{{.Header.Link}}	{{.Header.MiscInformation}}	{{.Header.AddressAlignment}}	{{.Header.EntrySize}}

Symbols

{{ range .ELFInterface.Symbols }} {{ end }}

Name	Information	Other	Index	Value	Size
{{.Name}}	{{.Information}}	{{.Other}}	{{.Index}}	{{.Value}}	{{.Size}}

{{ end }} {{ if eq .Format "PE" }}

DOSHeader

Name	Value
MagicDos	{{.PEInterface.DosHeader.MagicDos}}
AddressOffset	{{.PEInterface.DosHeader.AddressExeOffset}}

COFFHeader

Name	Value
Machine	{{.PEInterface.COFFHeader.Machine}} ( {{.PEInterface.COFFHeader.Machine | PEprintArchitecture }} )
NumberOfSections	{{.PEInterface.COFFHeader.NumberOfSections}}
TimeDateStamp	{{.PEInterface.COFFHeader.TimeDateStamp}}
PointerToSymbolTable	{{.PEInterface.COFFHeader.PointerToSymbolTable}}
NumberOfSymbols	{{.PEInterface.COFFHeader.NumberOfSymbols}}
SizeOfOptionalHeader	{{.PEInterface.COFFHeader.SizeOfOptionalHeader}}
Characteristics	{{.PEInterface.COFFHeader.Characteristics}}

OptionalHeader

{{ if not .PEInterface.Is64bit }} {{ end }}

Name	Value
MajorLinkerVersion	{{.PEInterface.OptionalHeader.MajorLinkerVersion}}
MinorLinkerVersion	{{.PEInterface.OptionalHeader.MinorLinkerVersion}}
SizeOfCode	{{.PEInterface.OptionalHeader.SizeOfCode}}
SizeOfInitializedData	{{.PEInterface.OptionalHeader.SizeOfInitializedData}}
SizeOfUninitializedData	{{.PEInterface.OptionalHeader.SizeOfUninitializedData}}
AddressOfEntryPoint	{{.PEInterface.OptionalHeader.AddressOfEntryPoint}}
BaseOfCode	{{.PEInterface.OptionalHeader.BaseOfCode}}
BaseOfData	{{.PEInterface.OptionalHeader.BaseOfCode}}
ImageBase	{{.PEInterface.OptionalHeader.ImageBase}}
SectionAlignment	{{.PEInterface.OptionalHeader.SectionAlignment}}
FileAlignment	{{.PEInterface.OptionalHeader.FileAlignment}}
MajorOperatingSystemVersion	{{.PEInterface.OptionalHeader.MajorOperatingSystemVersion | PEprintMajorOperatingVersion }}
MinorOperatingSystemVersion	{{.PEInterface.OptionalHeader.MinorOperatingSystemVersion}}
MajorImageVersion	{{.PEInterface.OptionalHeader.MajorImageVersion}}
MinorImageVersion	{{.PEInterface.OptionalHeader.MinorImageVersion}}
MajorSubsystemVersion	{{.PEInterface.OptionalHeader.MajorSubsystemVersion}}
MinorSubsystemVersion	{{.PEInterface.OptionalHeader.MajorSubsystemVersion}}
Win32VersionValue	{{.PEInterface.OptionalHeader.Win32VersionValue}}
SizeOfImage	{{.PEInterface.OptionalHeader.SizeOfImage}}
SizeOfHeaders	{{.PEInterface.OptionalHeader.SizeOfHeaders}}
Checksum	{{.PEInterface.OptionalHeader.Checksum}}
Subsystem	{{ .PEInterface.OptionalHeader.Subsystem }} {{.PEInterface.OptionalHeader.Subsystem | PEprintSubsystem}}
DllCharacteristics	{{.PEInterface.OptionalHeader.DllCharacteristics}}
SizeOfStackReserve	{{.PEInterface.OptionalHeader.SizeOfStackReserve}}
SizeOfStackCommit	{{.PEInterface.OptionalHeader.SizeOfStackCommit}}
SizeOfHeapReserve	{{.PEInterface.OptionalHeader.SizeOfHeapReserve}}
SizeOfHeapCommit	{{.PEInterface.OptionalHeader.SizeOfHeapCommit}}
LoaderFlags	{{.PEInterface.OptionalHeader.LoaderFlags}}
NumberOfRvaAndSize	{{.PEInterface.OptionalHeader.NumberOfRvaAndSizes}}

Sections

{{ range .PEInterface.Sections }} {{ end }}

Name	VirtualSize	VirtualAddress	SizeOfRawData	Characteristics	Entropy	Flags
{{.Name }}	{{.VirtualSize}} bytes	{{.VirtualAddress}}	{{.SizeOfRawData}} bytes	{{.Characteristics}}	{{.Entropy}}	{{.Characteristics | PEprintSectionFlags}}

{{ if .PEInterface.Imports }}

Imports

{{ range .PEInterface.Imports }} {{ end }}

Function name	DLL name
{{.APICalled}}	{{.DllName}}

{{ if .PEInterface.Exports }}

Exports

{{ range .PEInterface.Exports }} {{ end }}

Name	Ordinal	RVA
{{.Name}}	{{.Ordinal}}	{{.RVA}}

{{ end }} {{ if .PEInterface.Resource }}

Resources

{{ range .PEInterface.Resource }} {{ end }}

Name	Offset	Size	Content Type	Resource Type	Timestamp	Entropy
{{.Name}}	{{.Offset}}	{{.Size}} bytes	{{.ContentType}}	{{.Type}}	{{.TimedateStamp}}	{{.Entropy}}

{{ range .PEInterface.Resource }}

{{.Name}} raw content {{if .ContentType}} ({{.}}) {{ end }}

{{ if eq .Type 24 }} {{ printf "%s" .Content}} {{ else }} {{.Content}} {{ end }}

{{ end }} {{ end }} {{ if .PEInterface.RichHeader }}

RichHeader

Name	Value
XORKey	{{.PEInterface.RichHeader.XORKey}}

{{end }} {{ end }} {{ end }}

Extracted Strings

{{range .ExtractedStrings}} {{ end }}

{{.}}