« July 2011 · January 2012 · December 2017 »

September 2011
MonTueWedThuFriSatSun
   01020304
05060708091011
12131415161718
19202122232425
2627282930  
October 2011
MonTueWedThuFriSatSun
     0102
03040506070809
10111213141516
17181920212223
24252627282930
31      
November 2011
MonTueWedThuFriSatSun
 010203040506
07080910111213
14151617181920
21222324252627
282930    

Calendar:

Newest first Oldest first

Friday, 21 October 2011

Expanded Meta Data in Whitelisting API

One of the recent projects we have been making progress on is to expand out the available meta data on the White Listing project. Previously we only had the NIST NSRL data imported and made available, but with donations of some MSDN licenses we have begun going through and extracting out additional meta data from the different Microsoft Windows installations.

Some of the new fields include actual path of each file as well as signature information of the files. Our work is far from complete, but we have indexed several versions of Windows 7. We will be slowly adding more OS versions over time.

An example of the new available data is like this:

freed0> wget -q -O - http://bin-test.shadowserver.org/api?sha1=e8f39163219c02d94ff5e2afaf73e916d4211b90

e8f39163219c02d94ff5e2afaf73e916d4211b90 {"binary": "1", 
                                          "mfg_name": "Microsoft Corporation", 
                                          "signer": "Microsoft Windows Component Publisher", 
                                          "crc32": "E2E37697", 
                                          "application_type": "dll", 
                                          "dirname": "c:\WINDOWS\system32", 
                                          "reference": "os", 
                                          "filesize": "44032", 
                                          "os_version": "5.1", 
                                          "sig_trustfile": "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\NT5.CAT", 
                                          "strongname_signed": "0", "bit": "32", "source_version": "1.3", 
                                          "os_mfg": "Microsoft Corporation", 
                                          "os_name": "Microsoft Windows XP Professional Service Pack 3 (build 2600)", 
                                          "source": "AppInfo", 
                                          "sha512": "64911CB349C67888CE5D9EA47720356B37B0465A7BC4A10AE1C4032B98D5C50E159A2EF20AB65977F8E5A4A2B4E7EEEBA53931959743806E837671248BABE7CB", 
                                          "fileversion": "8.20.8730.1", 
                                          "language": "Chinese", 
                                          "filename": "msxml3r.dll", 
                                          "description": "XML Resources", 
                                          "trusted_signature": "1", 
                                          "sig_timestamp": "04/14/2008 03:14:17", 
                                          "filetimestamp": "04/14/2008 12:00:00", 
                                          "product_name": "Microsoft Data Access Components", 
                                          "product_version": "8.20.8730.1"}

=>Posted October 21, 2011, at 04:48 PM by freed0