diff --git a/analyzers/FileInfo/submodules/submodule_outlook.py b/analyzers/FileInfo/submodules/submodule_outlook.py index 8f7bbbac8..a9214d6b9 100644 --- a/analyzers/FileInfo/submodules/submodule_outlook.py +++ b/analyzers/FileInfo/submodules/submodule_outlook.py @@ -30,12 +30,10 @@ def xstr(s): attachments = m.attachments a = [] for attachment in attachments: - with attachment.data as fh: - buf = fh.read() - sha256 = hashlib.sha256() - sha256.update(buf) + sha256 = hashlib.sha256() + sha256.update(attachment.data) a.append({'name': attachment.longFilename, - 'sha256': sha256}) + 'sha256': sha256.hexdigest()}) email = {'header': xstr(m.header), 'from': xstr(m.sender), diff --git a/analyzers/FileInfo/submodules/submodule_pdfid.py b/analyzers/FileInfo/submodules/submodule_pdfid.py index c4e82560b..4233c51db 100644 --- a/analyzers/FileInfo/submodules/submodule_pdfid.py +++ b/analyzers/FileInfo/submodules/submodule_pdfid.py @@ -1,5 +1,5 @@ from pdfid.pdfid import * -import optparse + import json from .submodule_base import SubmoduleBaseclass @@ -25,6 +25,7 @@ def pdfid_cmd(self, path): PDFiD2JSON(PDFiD(path, allNames=True, extraData=True, disarm=True, force=True), force=True)) except Exception as e: return e + return j def analyze_file(self, path): self.add_result_subsection('PDFiD Information', self.pdfid_cmd(path)) diff --git a/thehive-templates/FileInfo_3_0/long.html b/thehive-templates/FileInfo_3_0/long.html index 8420b6bb4..10c88ff11 100644 --- a/thehive-templates/FileInfo_3_0/long.html +++ b/thehive-templates/FileInfo_3_0/long.html @@ -130,8 +130,23 @@ 

{{r.submodule_section_content.body}}
-
Attachment hashes
- 
{{r.submodule_section_content.attachments}}
+
Attachments
+
+ + + + + + + + + + + + + +
FilenameSHA256
{{a.name}}{{a.sha256}}
+
All Headers
@@ -139,6 +154,51 @@

+ + + +
+
+
+
+

+ {{r.submodule_section_header}} +

+
+
+
+
+
{{k}}
+
{{v}}
+
+
+
{{k}}
+
+ + + + + + + + + + + + + + + +
namehexcodecountcount
{{a.name}}{{a.hexcodecount}}{{a.count}}
+
+
+
+ +
+
+ + +