Didier Stevens

Saturday 12 August 2017

Update: byte-stats.py Version 0.0.6

Filed under: My Software,Update — Didier Stevens @ 13:00

This new version of byte-stats.py adds option -r (–ranges). This option will print out extra information on the range of byte values (contiguous byte value sequences) found in the analyzed files.

Example for BASE64 data:

Number of ranges: 5
Fir. Last Len. Range
0x2b        1: +
0x2f 0x39  11: /0123456789
0x3d        1: =
0x41 0x5a  26: ABCDEFGHIJKLMNOPQRSTUVWXYZ
0x61 0x7a  26: abcdefghijklmnopqrstuvwxyz

In this example, 5 ranges are reported: they can be thought of as a kind of fingerprint for BASE64 data.
Each range is characterized by 4 properties:
Fir. (First) is the first byte value in the range.
Last is the last byte value in the range (this value is not displayed for ranges of a single byte).
Len. (length) is the number of unique byte values in the range.
Range is the printout of the byte values in the range (. is printed if the byte value is not printable).

byte-stats_V0_0_6.zip (https)
MD5: CA729FF05E314A9CF5C348CB4A720F13
SHA256: 11E41F51EC9911741D71C8BC3278FA22AADBD865F2BF7BE4E73E82A7736A8FA8

2 Comments »

  1. […] byte-stats.py, we can generate statistics for the different byte values found in a file. When we use this to […]

    Pingback by Decoding malware via simple statistical analysis | NVISO LABS – blog — Wednesday 30 August 2017 @ 13:18

  2. […] Update: byte-stats.py Version 0.0.6 […]

    Pingback by Overview of Content Published In August | Didier Stevens — Wednesday 6 September 2017 @ 19:54


RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.