Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Parse and present VERSIONINFO (Version) resource in fileinfo #408

Closed
mbandzi opened this issue Oct 8, 2018 · 0 comments
Closed

Parse and present VERSIONINFO (Version) resource in fileinfo #408

mbandzi opened this issue Oct 8, 2018 · 0 comments
Labels
C-cpdetect C-fileformat C-fileinfo new-feature T-format-pe

Comments

@mbandzi
Copy link
Contributor

mbandzi commented Oct 8, 2018

Some PE binaries may contain VERSIONINFO structure that can provide interesting information.

For file 5156348b9dfad8b9a923eb703883ee5d3ad467897cc9f69ac31dde0011c1d7ff VirusTotal provides the following information:

Copyright: Copyright 2006-2011 VMware, Inc.
Product: VMware ThinApp
Original name: runtime_res.dll
Internal name: runtime_res
File version: 4.6.1-4679
Description: Runtime resources for ThinApp packages

This can be also used for tools detection.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
C-cpdetect C-fileformat C-fileinfo new-feature T-format-pe
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@metthal @mbandzi