This new version of byte-stats.py adds option -r (–ranges). This option will print out extra information on the range of byte values (contiguous byte value sequences) found in the analyzed files.
Example for BASE64 data:
Number of ranges: 5 Fir. Last Len. Range 0x2b 1: + 0x2f 0x39 11: /0123456789 0x3d 1: = 0x41 0x5a 26: ABCDEFGHIJKLMNOPQRSTUVWXYZ 0x61 0x7a 26: abcdefghijklmnopqrstuvwxyz
In this example, 5 ranges are reported: they can be thought of as a kind of fingerprint for BASE64 data.
Each range is characterized by 4 properties:
Fir. (First) is the first byte value in the range.
Last is the last byte value in the range (this value is not displayed for ranges of a single byte).
Len. (length) is the number of unique byte values in the range.
Range is the printout of the byte values in the range (. is printed if the byte value is not printable).
byte-stats_V0_0_6.zip (https)
MD5: CA729FF05E314A9CF5C348CB4A720F13
SHA256: 11E41F51EC9911741D71C8BC3278FA22AADBD865F2BF7BE4E73E82A7736A8FA8
[…] byte-stats.py, we can generate statistics for the different byte values found in a file. When we use this to […]
Pingback by Decoding malware via simple statistical analysis | NVISO LABS – blog — Wednesday 30 August 2017 @ 13:18
[…] Update: byte-stats.py Version 0.0.6 […]
Pingback by Overview of Content Published In August | Didier Stevens — Wednesday 6 September 2017 @ 19:54