This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

How Difficult is it to add Timestamp to Malware Analysis?

GuyBruneau
Frequent Contributor
Frequent Contributor

‎2017-02-22 08:47 AM

Invincea published an interesting analysis of timestamp from PE file header. How difficult would it be to add the timestamp information in the Malware Analysis "Static Analysis Results" section to attempt to track file time that are either really old and way in the future?

 

https://www.invincea.com/2017/01/the-timestamping-problem-a-case-study-in-data-driven-malware-analytics/

0 Likes
1 REPLY 1

WilliamMotley1
Frequent Contributor Frequent Contributor
Frequent Contributor

‎2017-02-22 09:41 AM

For what its worth, the parser 'windows_executable' registers meta related to timestamps:

 

analysis.file:  exe timestamp zero

analysis.file:  exe timestamp close to zero

analysis.file:  exe timestamp before 1999

analysis.file:  exe timestamp in the future

analysis.file:  exe recently compiled

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.