{% load key_tags %}
{% if sub_file.cape_type %} {% endif %} {% if sub_file.type %} {% endif %} {% if sub_file.guest_paths %} {% endif %} {% if sub_file.module_path and sub_file.process_path != sub_file.module_path %} {% endif %} {% if sub_file.cape_type_code == 8 or sub_file.cape_type_code == 9 %} {% endif %} {% if sub_file.cape_type_code == 5 %} {% endif %} {% if sub_file.cape_type_code == 3 or sub_file.cape_type_code == 4 %} {% else %} {% if sub_file.process_name %} {% endif %} {% if sub_file.pid %} {% endif %} {% if sub_file.process_path %} {% endif %} {% endif %} {% if sub_file.timestamp %} {% endif %} {% if sub_file.sha3_384 %} {% endif %} {% if sub_file.rh_hash %} {% endif %} {% if sub_file.tlsh %} {% endif %} {% if sub_file.clamav %} {% endif %} {% if sub_file.yara %} {% endif %} {% if sub_file.cape_yara %} {% endif %} {% if sub_file.trid %} {% endif %} {% if sub_file.die %} {% endif %} {% if sub_file.dropdir %} {% else %} {% endif %}
Type {{sub_file.cape_type}}
Filename {% for name in sub_file.name|str2list %}
{{name|safe}}
{% endfor %}
File Type {{sub_file.type}}
Associated Filenames {% for path in sub_file.guest_paths|str2list %}
{{path}}
{% endfor %}
File Size {{sub_file.size}} bytes
Module Path {{sub_file.module_path}}
Virtual Address {{sub_file.virtual_address}}
Section Handle {{sub_file.section_handle}}
Target Process {{sub_file.target_process}}
Target PID {{sub_file.target_pid}}
Target Path {{sub_file.target_path}}
Injecting Process {{sub_file.process_name}}
Injecting PID {{sub_file.pid}}
Path {{sub_file.process_path}}
Process {{sub_file.process_name}}
PID {{sub_file.pid}}
Path {{sub_file.process_path}}
PE timestamp {{sub_file.timestamp}}
MD5 {{sub_file.md5}}
SHA1 {{sub_file.sha1}}
SHA256 {{sub_file.sha256}} [VT] [MWDB] [Bazaar]
SHA3-384 {{sub_file.sha3_384}}
RichHeader Hash {{sub_file.rh_hash}}
CRC32 {{sub_file.crc32}}
TLSH {{sub_file.tlsh}}
Ssdeep {{sub_file.ssdeep}}
ClamAV
    {% for sign in sub_file.clamav %}
  • {{sign}}
    • {% endfor %}
{% if config.yara_detail %} {% else %} Yara {% endif %}
    {% for sign in sub_file.yara %}
  • {{sign.name}} - {{sign.meta.description}} {% if sign.meta.author %} - Author: {{sign.meta.author}} {% endif %}
    • {% endfor %}
{% if config.yara_detail %} {% else %} CAPE Yara {% endif %}
    {% for sign in sub_file.cape_yara %}
  • {{sign.name}} {% if sign.meta.cape_type %} - {{sign.meta.cape_type}} {% elif sign.meta.description %} - {{sign.meta.description}} {% endif %} {% if sign.meta.author %} - Author: {{sign.meta.author}}{% endif %}
    • {% endfor %}
TriD
    {% for str in sub_file.trid %}
  • {{str}}
    • {% endfor %}
Detect It Easy
    {% for str in sub_file.die %}
  • {{str}}
    • {% endfor %}
Download
{% if file.pe %}{% endif %} {% if file.dotnet %}{% endif %} {% if file.pdf %}{% endif %} {% if file.lnk %}{% endif %} {% if file.java %}{% endif %} {% if file.office %}{% endif %} {% if not config.zipped_download %} {% if tab_name == "static" %} {% else %} {% endif %} {% endif %} {% if tab_name == "static" %} {% else %} {% endif %} File {% if config.flare_capa %} {% if not sub_file.flare_capa and on_demand.flare_capa %} CAPA {% elif sub_file.flare_capa %} {% endif %} {% endif %} {% if config.strings %} {% if "strings" not in sub_file %} Strings {% elif sub_file.strings %} {% endif %} {% endif %} {% if sub_file.dotnet_strings %} {% endif %} {% if config.floss %} {% if not sub_file.floss %} Floss {% else %} {% endif %} {% endif %} {% if config.bingraph %} {% if not graphs.bingraph.content|getkey:sub_file.sha256 and on_demand.bingraph %} Bingraph {% elif graphs.bingraph.content|getkey:sub_file.sha256 %} BinGraph {% endif %} {% endif %} {% if graphs.vba2graph.enabled %} {% if not graphs.vba2graph.content|getkey:sub_file.sha256 and on_demand.vba2graph %} Vba2Graph {% elif graphs.vba2graph.content|getkey:sub_file.sha256 %} Vba2Graph {% endif %} {% endif %} {% if config.virustotal and not sub_file.virustotal and on_demand.virustotal %} VirusTotal {% endif %} {% if config.vtupload and analysis.info.tlp != "Red" %} VirusTotal {% endif %} {% if sub_file.data %} {% endif %} {% if sub_file.decoded_files %} {% endif %} {% if sub_file.extracted_files %} {% endif %}
{% if sub_file.flare_capa %}
{% if sub_file.flare_capa.CAPABILITY %} {{sub_file.flare_capa|flare_capa_capability}} {% endif %} {% if sub_file.flare_capa.ATTCK %} {{sub_file.flare_capa|flare_capa_attck}} {% endif %} {% if sub_file.flare_capa.MBC %} {{sub_file.flare_capa|flare_capa_mbc}} {% endif %}

{% endif %} {% if graphs.vba2graph.enabled and graphs.vba2graph.content|getkey:sub_file.sha256 %} {{ graphs.vba2graph.content|getkey:sub_file.sha256|safe }} {% endif %} {% if sub_file.virustotal %} {% include "analysis/generic/_virustotal.html" %} {% endif %} {% if sub_file.strings %}
{{sub_file.strings|safe}}
{% endif %} {% if sub_file.dotnet_strings %}
{% for string in sub_file.dotnet_strings %}
{{string|safe}}
{% endfor %}
{% endif %} {% if sub_file.data %} 
{{sub_file.data|escape}}
{% endif %} {% if sub_file.decoded_files %}

{{sub_file.decoded_files|escape}}

{% endif %} {% if sub_file.extracted_files %}
{% for sub_file in sub_file.extracted_files %} {% include "analysis/generic/_subfile_info.html" %} {% endfor %}

{% endif %} {% if config.yara_detail and subfile.yara %}
{% include "analysis/generic/_yara.html" %}

{% endif %} {% if config.yara_detail and subfile.cape_yara %}
{% include "analysis/generic/_capeyara.html" %}

{% endif %} {% if subfile.pe %}
{% include "analysis/generic/_pe.html" %}

{% endif %} {% if subfile.dotnet %}
{% include "analysis/generic/_dotnet.html" %}

{% endif %} {% if subfile.pdf %}
{% include "analysis/generic/_pdf.html" %}

{% endif %} {% if subfile.lnk %}
{% include "analysis/generic/_lnk.html" %}

{% endif %} {% if subfile.java %}
{% include "analysis/generic/_java.html" %}

{% endif %} {% if subfile.office %}
{% include "analysis/generic/_office.html" %}

{% endif %} {% if subfile.floss %}
{% include "analysis/generic/_floss.html" %}

{% endif %} {% if graphs.bingraph.enabled and graphs.bingraph.content|getkey:sub_file.sha256 %}
{{ graphs.bingraph.content|getkey:sub_file.sha256|safe }}

{% endif %}