Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Non-JSON output included in JSON output #114

Closed
MalwareMechanic opened this issue Nov 6, 2024 · 1 comment
Closed

Non-JSON output included in JSON output #114

MalwareMechanic opened this issue Nov 6, 2024 · 1 comment

Comments

@MalwareMechanic
Copy link

When running DIE with the JSON flag (-j, --json), non-JSON output is included regarding heuristic scan information.

DIE Version

$ diec -v
die 3.10

Basic example

$ diec --json 72fe869aa394ef0a62bb8324857770dd
[!] Heuristic scan is disabled. Use '--heuristicscan' to enable
{
    "detects": [
        {
            "filetype": "PE64",
            "info": "",
            "offset": "0",
            "parentfilepart": "Header",
            "size": "157696",
            "values": [
                {
                    "info": "",
                    "name": "Microsoft Linker",
                    "string": "Linker: Microsoft Linker(14.00.24215)",
                    "type": "Linker",
                    "version": "14.00.24215"
                },
                {
                    "info": "LTCG/C++",
                    "name": "Microsoft Visual C/C++",
                    "string": "Compiler: Microsoft Visual C/C++(19.00.24215)[LTCG/C++]",
                    "type": "Compiler",
                    "version": "19.00.24215"
                },
                {
                    "info": "",
                    "name": "Visual Studio",
                    "string": "Tool: Visual Studio(2015)",
                    "type": "Tool",
                    "version": "2015"
                }
            ]
        }
    ]
}

The warning is logged at https://github.com/horsicq/Detect-It-Easy/blob/df025d3d24cd3712e6adc108ea1948ab39046916/db/PE/__GenericHeuristicAnalysis_By_DosX.7.sg#L111

log(logType.warning, "Heuristic scan is disabled. Use '--heuristicscan' to enable");

Additional examples

Below are additional examples of heuristic scan information included in JSON output.

$ diec --json --heuristicscan 72fe869aa394ef0a62bb8324857770dd
[!] To get the full heuristic scan result use '--verbose'
[HEUR/About] Generic Heuristic Analysis by DosX (@DosX_dev)
[HEUR] Scanning has begun!
[HEUR] Scan completed.
{
    "detects": [
        {
            "filetype": "PE64",
            "info": "",
            "offset": "0",
            "parentfilepart": "Header",
            "size": "157696",
            "values": [
                {
                    "info": "",
                    "name": "Microsoft Linker",
                    "string": "Linker: Microsoft Linker(14.00.24215)",
                    "type": "Linker",
                    "version": "14.00.24215"
                },
                {
                    "info": "LTCG/C++",
                    "name": "Microsoft Visual C/C++",
                    "string": "Compiler: Microsoft Visual C/C++(19.00.24215)[LTCG/C++]",
                    "type": "Compiler",
                    "version": "19.00.24215"
                },
                {
                    "info": "",
                    "name": "Visual Studio",
                    "string": "Tool: Visual Studio(2015)",
                    "type": "Tool",
                    "version": "2015"
                }
            ]
        }
    ]
}

$ diec --json --heuristicscan --verbose 72fe869aa394ef0a62bb8324857770dd
[HEUR/About] Generic Heuristic Analysis by DosX (@DosX_dev)
[HEUR] Scanning has begun!
[HEUR] Scanning to programming language has started!
[HEUR] Scan completed.
{
    "detects": [
        {
            "filetype": "PE64",
            "info": "",
            "offset": "0",
            "parentfilepart": "Header",
            "size": "157696",
            "values": [
                {
                    "info": "AMD64, 64-bit, DLL",
                    "name": "Windows",
                    "string": "Operation system: Windows(Vista)[AMD64, 64-bit, DLL]",
                    "type": "Operation system",
                    "version": "Vista"
                },
                {
                    "info": "",
                    "name": "Microsoft Linker",
                    "string": "Linker: Microsoft Linker(14.00.24215)",
                    "type": "Linker",
                    "version": "14.00.24215"
                },
                {
                    "info": "LTCG/C++",
                    "name": "Microsoft Visual C/C++",
                    "string": "Compiler: Microsoft Visual C/C++(19.00.24215)[LTCG/C++]",
                    "type": "Compiler",
                    "version": "19.00.24215"
                },
                {
                    "info": "",
                    "name": "C++",
                    "string": "Language: C++",
                    "type": "Language",
                    "version": ""
                },
                {
                    "info": "",
                    "name": "Visual Studio",
                    "string": "Tool: Visual Studio(2015)",
                    "type": "Tool",
                    "version": "2015"
                }
            ]
        }
    ]
}
@MalwareMechanic
Copy link
Author

Closing, refiled at horsicq/Detect-It-Easy#242

@MalwareMechanic MalwareMechanic closed this as not planned Won't fix, can't repro, duplicate, stale Nov 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@MalwareMechanic