Parse PE VS_VERSIONINFO structure and return JSON string.
Project description
VS_VERSIONINFO Structure Extractor
This package parses a VS_VERSIONINFO structure and returns a JSON string. Certain szKey members in this struct and its children are compared with the expected and the structs are marked non-standard if the strings are not as expected. Data returned from this parser is meant for malware analysis.
If you need to isolate the RT_VERSION resource for input into this extractor, try this Jupyter Notebook.
Usage
Native Python Dictionary Output
versioninfo.parser.get_versioninfo(data)
JSON Output
versioninfo.parser.to_json(data)
Bugs
If the parsing fails or there are any other problems, please provide the file that caused the problem in addition to opening a Github issue.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file versioninfo-1.1.2.tar.gz.
File metadata
- Download URL: versioninfo-1.1.2.tar.gz
- Upload date:
- Size: 6.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.11.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 7432e32920a8637685ffe78f8049b71053344537e390ffc441a8de3aa485bde0 |
|
| MD5 | c0bf90a3b783a7f8f91d62385a4fc611 |
|
| BLAKE2b-256 | 2a24d60511a5bc98168f854337b5768647e50b5107a40adb407d8e1a94ed64c3 |
File details
Details for the file versioninfo-1.1.2-py3-none-any.whl.
File metadata
- Download URL: versioninfo-1.1.2-py3-none-any.whl
- Upload date:
- Size: 6.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.11.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 0dedd2d3387cfe9b9fe9cd343796752712faf2da43c1ad9a53bf845400e51830 |
|
| MD5 | 138b0b232c368042ce764007dc7c7426 |
|
| BLAKE2b-256 | 7abddd8203b474becbece868938ba4ce127b13003c58c0c6673552f79a390322 |
