Closed
Description
When running DIE with the JSON flag (-j, --json) against PE files, non-JSON output is included regarding heuristic scan information.
DIE Version
$ diec -v
die 3.10
Basic example
$ diec --json 72fe869aa394ef0a62bb8324857770dd
[!] Heuristic scan is disabled. Use '--heuristicscan' to enable
{
"detects": [
{
"filetype": "PE64",
"info": "",
"offset": "0",
"parentfilepart": "Header",
"size": "157696",
"values": [
{
"info": "",
"name": "Microsoft Linker",
"string": "Linker: Microsoft Linker(14.00.24215)",
"type": "Linker",
"version": "14.00.24215"
},
{
"info": "LTCG/C++",
"name": "Microsoft Visual C/C++",
"string": "Compiler: Microsoft Visual C/C++(19.00.24215)[LTCG/C++]",
"type": "Compiler",
"version": "19.00.24215"
},
{
"info": "",
"name": "Visual Studio",
"string": "Tool: Visual Studio(2015)",
"type": "Tool",
"version": "2015"
}
]
}
]
}
The warning is logged at:
Additional examples
Below are additional examples of heuristic scan information included in JSON output.
$ diec --json --heuristicscan 72fe869aa394ef0a62bb8324857770dd
[!] To get the full heuristic scan result use '--verbose'
[HEUR/About] Generic Heuristic Analysis by DosX (@DosX_dev)
[HEUR] Scanning has begun!
[HEUR] Scan completed.
{
"detects": [
{
"filetype": "PE64",
"info": "",
"offset": "0",
"parentfilepart": "Header",
"size": "157696",
"values": [
{
"info": "",
"name": "Microsoft Linker",
"string": "Linker: Microsoft Linker(14.00.24215)",
"type": "Linker",
"version": "14.00.24215"
},
{
"info": "LTCG/C++",
"name": "Microsoft Visual C/C++",
"string": "Compiler: Microsoft Visual C/C++(19.00.24215)[LTCG/C++]",
"type": "Compiler",
"version": "19.00.24215"
},
{
"info": "",
"name": "Visual Studio",
"string": "Tool: Visual Studio(2015)",
"type": "Tool",
"version": "2015"
}
]
}
]
}
$ diec --json --heuristicscan --verbose 72fe869aa394ef0a62bb8324857770dd
[HEUR/About] Generic Heuristic Analysis by DosX (@DosX_dev)
[HEUR] Scanning has begun!
[HEUR] Scanning to programming language has started!
[HEUR] Scan completed.
{
"detects": [
{
"filetype": "PE64",
"info": "",
"offset": "0",
"parentfilepart": "Header",
"size": "157696",
"values": [
{
"info": "AMD64, 64-bit, DLL",
"name": "Windows",
"string": "Operation system: Windows(Vista)[AMD64, 64-bit, DLL]",
"type": "Operation system",
"version": "Vista"
},
{
"info": "",
"name": "Microsoft Linker",
"string": "Linker: Microsoft Linker(14.00.24215)",
"type": "Linker",
"version": "14.00.24215"
},
{
"info": "LTCG/C++",
"name": "Microsoft Visual C/C++",
"string": "Compiler: Microsoft Visual C/C++(19.00.24215)[LTCG/C++]",
"type": "Compiler",
"version": "19.00.24215"
},
{
"info": "",
"name": "C++",
"string": "Language: C++",
"type": "Language",
"version": ""
},
{
"info": "",
"name": "Visual Studio",
"string": "Tool: Visual Studio(2015)",
"type": "Tool",
"version": "2015"
}
]
}
]
}
Metadata
Metadata
Assignees
Labels
No labels