2017-02-22
08:47 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
How Difficult is it to add Timestamp to Malware Analysis?
Invincea published an interesting analysis of timestamp from PE file header. How difficult would it be to add the timestamp information in the Malware Analysis "Static Analysis Results" section to attempt to track file time that are either really old and way in the future?
- Tags:
- Community Thread
- Discussion
- Forum Thread
- Malware Analysis
- NetWitness
- NW
- NWP
- pe header
- RSA NetWitness
- RSA NetWitness Platform
- static analysis
- timestamps
1 Reply
2017-02-22
09:41 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
For what its worth, the parser 'windows_executable' registers meta related to timestamps:
analysis.file: exe timestamp zero
analysis.file: exe timestamp close to zero
analysis.file: exe timestamp before 1999
analysis.file: exe timestamp in the future
analysis.file: exe recently compiled
