Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- select
- file_info.file.file_id as File_ID,
- spy_file.spy.name as Definition,
- file_info.file.original_file_name as File_Name,
- internal_file_name.name_value as internal_file_name,
- file_info.file.size,
- file_info.file.short_crc,
- hex(file_info.file.md5) as Installer_MD5,
- mime_type.mime_detail.detail as mime_detail,
- pe.lookup_pe_signature.name as PEiD,
- pe.file_export_directory_export_address_of_name_index.index,
- export_function_name.name_value,
- pe.file_export_directory_export_address_of_name_index.name_value_id
- from file_info.file
- inner join spy_file.spy_file using (file_id)
- inner join spy_file.spy using (spy_id)
- inner join pe.file_export_directory using (file_id)
- inner join pe.name_value as internal_file_name on internal_file_name.name_value_id = pe.file_export_directory.name_value_id
- inner join pe.file_lookup_pe_signature using (file_id)
- inner join pe.lookup_pe_signature using (lookup_pe_signature_id)
- inner join pe.file_export_directory_export_address_of_name_index using (file_id)
- inner join pe.name_value as export_function_name on export_function_name.name_value_id = pe.file_export_directory_export_address_of_name_index.name_value_id
- inner join mime_type.mime_file using (file_id)
- inner join mime_type.mime_detail using (mime_detail_id)
- inner join virgil.results using (file_id)
- inner join virgil.scanner_names using (scanner_name_id)
- inner join virgil.result_names using (result_name_id)
- where result_name = 'TR/Vundo.BQ'
- and mime_type.mime_detail.detail = 'PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit'
- order by file_id;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement