This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA NetWitness® Platform Discussions

Discussions about the RSA NetWitness Platform.
GuyBruneau
Beginner
Beginner
‎2017-02-22 08:47 AM

How Difficult is it to add Timestamp to Malware Analysis?

Invincea published an interesting analysis of timestamp from PE file header. How difficult would it be to add the timestamp information in the Malware Analysis "Static Analysis Results" section to attempt to track file time that are either really old and way in the future?

 

https://www.invincea.com/2017/01/the-timestamping-problem-a-case-study-in-data-driven-malware-analyt...

0 Likes
Reply
1 Reply
WilliamMotley1
Employee
Employee
‎2017-02-22 09:41 AM

For what its worth, the parser 'windows_executable' registers meta related to timestamps:

 

analysis.file:  exe timestamp zero

analysis.file:  exe timestamp close to zero

analysis.file:  exe timestamp before 1999

analysis.file:  exe timestamp in the future

analysis.file:  exe recently compiled

0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.