select file_info.file.file_id as File_ID, spy_file.spy.name as Definiti

1. select
2.  
3.   file_info.file.file_id as File_ID,
4.   spy_file.spy.name as Definition,
5.   file_info.file.original_file_name as File_Name,
6.   internal_file_name.name_value as internal_file_name,
7.   file_info.file.size,
8.   file_info.file.short_crc,
9.   hex(file_info.file.md5) as Installer_MD5,
10.   mime_type.mime_detail.detail as mime_detail,
11.   pe.lookup_pe_signature.name as PEiD,
12.   pe.file_export_directory_export_address_of_name_index.index,
13.   export_function_name.name_value,
14.   pe.file_export_directory_export_address_of_name_index.name_value_id
15.  
16.  
17. from file_info.file
18.  
19.   inner join spy_file.spy_file using (file_id)
20.   inner join spy_file.spy using (spy_id)
21.   inner join pe.file_export_directory using (file_id)
22.   inner join pe.name_value as internal_file_name on internal_file_name.name_value_id = pe.file_export_directory.name_value_id
23.   inner join pe.file_lookup_pe_signature using (file_id)
24.   inner join pe.lookup_pe_signature using (lookup_pe_signature_id)
25.   inner join pe.file_export_directory_export_address_of_name_index using (file_id)
26.   inner join pe.name_value as export_function_name on export_function_name.name_value_id = pe.file_export_directory_export_address_of_name_index.name_value_id
27.   inner join mime_type.mime_file using (file_id)
28.   inner join mime_type.mime_detail using (mime_detail_id)
29.   inner join virgil.results using (file_id)
30.   inner join virgil.scanner_names using (scanner_name_id)
31.   inner join virgil.result_names using (result_name_id)
32.  
33. where result_name = 'TR/Vundo.BQ'
34. and mime_type.mime_detail.detail = 'PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit'
35.  
36. order by file_id;