Closed gdesmar closed 2 years ago
You can also test the pre-release 0.12.1 with these packages:
pip install --index-url https://lief.s3-website.fr-par.scw.cloud/0.12.1 lief==0.12.1
I just tested 0.12.1-b13b2d7c and my results looks good! Thanks!
Describe the bug I believe some keys are present in the String File Info items that doesn't have any parsable value. The value that is then returned seems to be another key.
To Reproduce Download at least one the file attached to this issue: 731bb363a01f45b64c0065e1cdfe8cc653930f102f715bc5073ac77c1d4bae2a.zip 4bfaa99393f635cd05d91a64de73edb5639412c129e049f0fe34f88517a10fc6.zip Extract the file(s) using the password
liefsample
. Verify that your new file(s) have the right hash:For 4bfaa99393f635cd05d91a64de73edb5639412c129e049f0fe34f88517a10fc6
For 731bb363a01f45b64c0065e1cdfe8cc653930f102f715bc5073ac77c1d4bae2a
Expected behavior I did not check the internals of the binary, but PEStudio gives an empty value for both of these and VirusTotal doesn't show them. It is probably hiding empty values as it doesn't show the Build Description of 4bfaa99393f635cd05d91a64de73edb5639412c129e049f0fe34f88517a10fc6 that both PEStudio and LIEF finds as empty.
LegalTrademarks of 4bfaa99393f635cd05d91a64de73edb5639412c129e049f0fe34f88517a10fc6
Comments of 731bb363a01f45b64c0065e1cdfe8cc653930f102f715bc5073ac77c1d4bae2a.
Environment
Additional context Both samples are PE64 (PE32_PLUS), but I have other samples with the same behaviour that are PE32.