283 lines
7.9 KiB
XML
283 lines
7.9 KiB
XML
<!-- This file is part of the pestudio solution (www.winitor.com)
|
|
This file contains general settings and the names of all XML files used by the solution.
|
|
Since pestudio does not write anything on the system it is running on, This file must be edited manually.-->
|
|
<xml version="1.0" encoding="utf-8">
|
|
|
|
<settings>
|
|
<setting>
|
|
|
|
<!-- 1: Enable, 0: Disable-->
|
|
<EnableDosStub>1</EnableDosStub>
|
|
<EnableDosHeader>1</EnableDosHeader>
|
|
<EnableFileHeader>1</EnableFileHeader>
|
|
<EnableOptionalHeader>1</EnableOptionalHeader>
|
|
<EnableDirectories>1</EnableDirectories>
|
|
<EnableSections>1</EnableSections>
|
|
<EnableImportedLibraries>1</EnableImportedLibraries>
|
|
<EnableImportedSymbols>1</EnableImportedSymbols>
|
|
<EnableExportedSymbols>1</EnableExportedSymbols>
|
|
<EnableExceptions>1</EnableExceptions>
|
|
<EnableRelocations>1</EnableRelocations>
|
|
<EnableThreadLocalStorage>1</EnableThreadLocalStorage>
|
|
<EnableCertificates>1</EnableCertificates>
|
|
<EnableResources>1</EnableResources>
|
|
<EnableStrings>1</EnableStrings>
|
|
<EnableDebug>1</EnableDebug>
|
|
<EnableManifest>1</EnableManifest>
|
|
<EnableVersion>1</EnableVersion>
|
|
<EnableFileSignature>1</EnableFileSignature>
|
|
<EnableOverview>1</EnableOverview>
|
|
<EnableOverlay>1</EnableOverlay>
|
|
<EnableOverlayScore>1</EnableOverlayScore>
|
|
<EnableXmlReport>1</EnableXmlReport>
|
|
<EnableOrdinalFunctionsMapping>1</EnableOrdinalFunctionsMapping>
|
|
|
|
<!-- 1: Show, 0: Hide -->
|
|
<ShowDosStub>1</ShowDosStub>
|
|
<ShowDosHeader>1</ShowDosHeader>
|
|
<ShowFileHeader>1</ShowFileHeader>
|
|
<ShowOptionalHeader>1</ShowOptionalHeader>
|
|
<ShowDirectories>1</ShowDirectories>
|
|
<ShowSections>1</ShowSections>
|
|
<ShowImportedLibraries>1</ShowImportedLibraries>
|
|
<ShowImportedSymbols>1</ShowImportedSymbols>
|
|
<ShowExportedSymbols>1</ShowExportedSymbols>
|
|
<ShowExceptions>1</ShowExceptions>
|
|
<ShowRelocations>1</ShowRelocations>
|
|
<ShowThreadLocalStorage>0</ShowThreadLocalStorage>
|
|
<ShowCertificates>1</ShowCertificates>
|
|
<ShowResources>1</ShowResources>
|
|
<ShowStrings>1</ShowStrings>
|
|
<ShowDebug>1</ShowDebug>
|
|
<ShowManifest>1</ShowManifest>
|
|
<ShowVersion>1</ShowVersion>
|
|
<ShowOverlay>1</ShowOverlay>
|
|
<ShowStringsOffset>0</ShowStringsOffset>
|
|
|
|
<!--
|
|
Set the default Item (in the left Tree) that should be shown when when an Image has loaded.
|
|
|
|
Possible values are:
|
|
0 (Image )
|
|
1 (Indicators )
|
|
2 (Virustotal )
|
|
3 (DOS Stub)
|
|
4 (DOS Header )
|
|
5 (File Header )
|
|
6 (Optional Header )
|
|
7 (Data Directories )
|
|
8 (Sections Headers )
|
|
9 (Imported Libraries )
|
|
10 (Imported Symbols )
|
|
11 (Exported Symbols)
|
|
12 (Resources)
|
|
13 (Strings)
|
|
14 (Version Information)
|
|
15 (Debug Information)
|
|
16 (Manifest)
|
|
17 (Exceptions)
|
|
18 (Thread Local Storage)
|
|
19 (Certificates)
|
|
20 (Relocations)
|
|
-->
|
|
<DefaultItem>7</DefaultItem>
|
|
|
|
<!--
|
|
1: Expand the Image when successfully opened
|
|
0: Compress the Image when successfully opened
|
|
-->
|
|
<ExpandImage>1</ExpandImage>
|
|
|
|
</setting>
|
|
|
|
</settings>
|
|
|
|
<!-- Settings related to VirusTotal functionality -->
|
|
<VirusTotal>
|
|
|
|
<!--
|
|
Set the "prefered" Virustotal Engine. Setting a "prefered" Engine will put the focus on it at the User Interface.
|
|
This features helps a fast identification of an Antivirus coverage of the malware analyzed.
|
|
|
|
Following (58) IDs will be used (Please do not modify theses IDs).
|
|
|
|
AVG = 1
|
|
AVware = 2
|
|
Ad-Aware = 3
|
|
AegisLab = 4
|
|
Agnitum = 5
|
|
AhnLab-V3 = 6
|
|
Aladdin
|
|
AntiVir = 7
|
|
Antiy-AVL = 8
|
|
Avast = 9
|
|
Baidu-International = 10
|
|
BitDefender = 11
|
|
Bkav = 12
|
|
Boost
|
|
BullGuard
|
|
ByteHero = 13
|
|
CAT-QuickHeal = 14
|
|
CMC = 15
|
|
ClamAV = 16
|
|
Commtouch = 17
|
|
Comodo = 18
|
|
DrWeb = 19
|
|
ESET-NOD32 = 20
|
|
Emsisoft = 21
|
|
eSafe = 22
|
|
F-Prot = 23
|
|
F-Secure = 24
|
|
Fortinet = 25
|
|
GData = 26
|
|
Ikarus = 27
|
|
Jiangmin = 28
|
|
K7AntiVirus = 29
|
|
K7GW = 30
|
|
Kaspersky = 31
|
|
KasperskyEndpoint
|
|
Kingsoft = 32
|
|
Malwarebytes = 33
|
|
McAfee = 34
|
|
McAfee-GW-Edition = 35
|
|
MicroWorld-eScan = 36
|
|
Microsoft = 37
|
|
Nano-Antivirus = 38
|
|
Norman = 39
|
|
nProtect = 40
|
|
Panda = 41
|
|
PcTools = 42
|
|
Qihoo-360 = 43
|
|
Rising = 44
|
|
SUPERAntiSpyware = 45
|
|
Sophos = 46
|
|
Symantec = 47
|
|
Tencent = 48
|
|
TheHacker = 49
|
|
TotalDefense = 50
|
|
TrendMicro = 51
|
|
TrendMicro-HouseCall= 52
|
|
VBA32 = 53
|
|
VIPRE = 54
|
|
ViRobot = 55
|
|
Zillya = 56
|
|
Zoner = 57
|
|
Cyren = 58
|
|
Avira = 59
|
|
ALYac = 60
|
|
Alibaba = 61
|
|
ReasonHeuristics
|
|
Outpost
|
|
QuickHeal
|
|
herdProtectFuzzy
|
|
BoostbyReason
|
|
Prevx
|
|
XVirus
|
|
Sunbelt
|
|
SafeCentral
|
|
WebWasherGateway
|
|
EmsisoftASquared
|
|
Filseclab
|
|
eTrustVet
|
|
STOPzilla
|
|
LavaSoft
|
|
MicrosoftSecurityEssentials
|
|
MicrosoftForefront
|
|
MicrosoftWindowsDefender
|
|
mSecure
|
|
Optenet
|
|
Prevention
|
|
Roboscan
|
|
SystemShield
|
|
Tencent
|
|
TrustPort
|
|
Twister
|
|
VexxGuard
|
|
ViRobot
|
|
VirusBokAda
|
|
VirusFighterPlus
|
|
ZoneAlarm
|
|
ZonerAntivirus
|
|
Zeobit
|
|
|
|
-->
|
|
<PreferedVirustotalEngine>0</PreferedVirustotalEngine>
|
|
<ShowVirusTotalLookup>1</ShowVirusTotalLookup>
|
|
<EnableVirusTotalLookup>1</EnableVirusTotalLookup>
|
|
|
|
</VirusTotal>
|
|
|
|
<Filters>
|
|
|
|
<!-- 0: Hide non-PE Images
|
|
1: Show non_PE Images -->
|
|
<Filter name="non_pe_image" id="0">0</Filter>
|
|
|
|
<!-- 0: Hide 32 bit Images
|
|
1: Show 32 bit Images -->
|
|
<Filter name="32bit" id="1">0</Filter>
|
|
|
|
<!-- 0: Hide 64 bit Images
|
|
1: Show 64 bit Images -->
|
|
<Filter name="64bit" id="2">0</Filter>
|
|
|
|
</Filters>
|
|
|
|
<WhiteSections>
|
|
<!--
|
|
1: Enable the detection WhiteList Sections
|
|
0: Disable the detection WhiteList Sections
|
|
-->
|
|
<Enable>1</Enable>
|
|
|
|
<sections>
|
|
<section>/4</section>
|
|
<section>/19</section>
|
|
<section>/35</section>
|
|
<section>/51</section>
|
|
<section>/63</section>
|
|
<section>/77</section>
|
|
<section>/89</section>
|
|
<section>/102</section>
|
|
<section>/113</section>
|
|
<section>/124</section>
|
|
<section>.textbss</section>
|
|
<section>.text</section>
|
|
<section>.bss</section>
|
|
<section>.rsrc</section>
|
|
<section>.rdata</section>
|
|
<section>.data</section>
|
|
<section>.idata</section>
|
|
<section>.idata2</section>
|
|
<section>.edata</section>
|
|
<section>.sdata</section>
|
|
<section>.reloc</section>
|
|
<section>.ndata</section>
|
|
<section>.sxdata</section>
|
|
<section>.tls</section>
|
|
<section>.pdata</section>
|
|
<section>.CRT</section>
|
|
<section>PAGE</section>
|
|
<section>DATA</section>
|
|
<section>BSS</section>
|
|
<section>INIT</section>
|
|
<section>CODE</section>
|
|
</sections>
|
|
|
|
</WhiteSections>
|
|
|
|
<XmlFiles>
|
|
<Thresholds>thresholds.xml</Thresholds>
|
|
<Features>features.xml</Features>
|
|
<Indicators>indicators.xml</Indicators>
|
|
<BlackListStrings>strings.xml</BlackListStrings>
|
|
<BlackListFunctions>functions.xml</BlackListFunctions>
|
|
<Languages>languages.xml</Languages>
|
|
<Translations>translations.xml</Translations>
|
|
<Signatures>signatures.xml</Signatures>
|
|
<KnownResources>resources.xml</KnownResources>
|
|
<WhiteListLibraries>whitelistlibraries.xml</WhiteListLibraries>
|
|
</XmlFiles>
|
|
</xml>
|
|
|