Giters

CybercentreCanada / assemblyline-service-characterize

Assemblyline 4 metadata extraction and entropy calculation plugin

Home Page:https://cybercentrecanada.github.io/assemblyline4_docs/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

assemblylinemalware-analysismetadata-extractionentropylnkshortcuts

Characterize Service

This Assemblyline service extract information about the file:

  • It partitions the file and calculates visual entropy for each partition.
  • It runs the hachoir-metadata and exiftool commands to extract metadata information about the file.
  • If the file is a Windows Shortcut, this service runs a forked version of the LnkParse3 tool to pull out metadata information.
  • If the file is a Web Shortcut, this service will parse the configuration accordingly.

NOTE: This service does not require you to buy any licence and is preinstalled and working after a default installation

About

Assemblyline 4 metadata extraction and entropy calculation plugin

https://cybercentrecanada.github.io/assemblyline4_docs/

assemblylinemalware-analysismetadata-extractionentropylnkshortcuts

License:MIT License

Languages

Language:Python 93.3%Language:PowerShell 4.3%Language:Dockerfile 2.4%