Skip to content

Commit

Permalink
Merge pull request #344 from CybercentreCanada/id_evtx
Browse files Browse the repository at this point in the history 
Id evtx
  • Loading branch information
@cccs-kevin
cccs-kevin authored Sep 2, 2021
2 parents e2ac5e3 + 03ba5ac commit a7ab80d
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 4 deletions.
4 changes: 2 additions & 2 deletions assemblyline/common/identify.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -372,7 +372,7 @@
['java', r'jar |java'],
['code',
r'Autorun|HTML |KML |LLVM |SGML |Visual C|XML |awk|batch |bytecode|perl|php|program|python'
r'|ruby|color scheme|script text exe|shell script|tcl'],
r'|ruby|script text exe|shell script|tcl'],
['network', r'capture'],
['unknown', r'CoreFoundation|Dreamcast|KEYBoard|OSF/Rose|Zope|quota|uImage'],
['unknown', r'disk|file[ ]*system|floppy|tape'],
Expand All @@ -381,7 +381,7 @@
r'|sound|tracker|video|voice data'],
['executable', r'803?86|COFF|ELF|Mach-O|ia32|executable|kernel|library|libtool|object'],
['unknown', r'Emulator'],
['image', r'DjVu|Surface|XCursor|bitmap|cursor|color|font|graphics|icon|image|jpeg'],
['image', r'DjVu|Surface|XCursor|bitmap|cursor|font|graphics|icon|image|jpeg'],
['archive',
r'BinHex|InstallShield CAB|Transport Neutral Encapsulation Format|archive data|compress|mcrypt'
r'|MS Windows HtmlHelp Data|current ar archive|cpio archive|ISO 9660'],
Expand Down
4 changes: 2 additions & 2 deletions test/test_identify.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -664,7 +664,7 @@ def test_sl_to_tl(sl, tl):
('java', r'jar |java'),
('code',
r'Autorun|HTML |KML |LLVM |SGML |Visual C|XML |awk|batch |bytecode|perl|php|program|python'
r'|ruby|color scheme|script text exe|shell script|tcl'),
r'|ruby|script text exe|shell script|tcl'),
('network', r'capture'),
('unknown', r'CoreFoundation|Dreamcast|KEYBoard|OSF/Rose|Zope|quota|uImage'),
('unknown', r'disk|file[ ]*system|floppy|tape'),
Expand All @@ -673,7 +673,7 @@ def test_sl_to_tl(sl, tl):
r'|sound|tracker|video|voice data'),
('executable', r'803?86|COFF|ELF|Mach-O|ia32|executable|kernel|library|libtool|object'),
('unknown', r'Emulator'),
('image', r'DjVu|Surface|XCursor|bitmap|cursor|color|font|graphics|icon|image|jpeg'),
('image', r'DjVu|Surface|XCursor|bitmap|cursor|font|graphics|icon|image|jpeg'),
('archive',
r'BinHex|InstallShield CAB|Transport Neutral Encapsulation Format|archive data|compress|mcrypt'
r'|MS Windows HtmlHelp Data|current ar archive|cpio archive|ISO 9660'),
Expand Down

0 comments on commit a7ab80d

Please sign in to comment.