malwaredb-virustotal 0.2.3

Logic and datatypes for interacting with VirusTotal
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124

use serde::{Deserialize, Serialize};

/// Parsed information for ELF binaries
/// [https://en.wikipedia.org/wiki/Executable_and_Linkable_Format]
#[derive(Clone, Debug, Serialize, Deserialize)]
pub struct ElfInfo {
    /// Shared libraries used
    #[serde(default)]
    pub shared_libraries: Vec<String>,

    /// ELF Sections
    #[serde(default)]
    pub section_list: Vec<ElfSection>,

    /// Details of the ELF header
    pub header: ElfHeader,

    /// Exported Symbols
    #[serde(default)]
    pub export_list: Vec<ElfImportExport>,

    /// Imported Symbols
    #[serde(default)]
    pub import_list: Vec<ElfImportExport>,

    /// ELF Segments
    #[serde(default)]
    pub segment_list: Vec<ElfSegment>,
}

/// Sections of an ELF binary
#[derive(Clone, Debug, Serialize, Deserialize)]
pub struct ElfSection {
    /// Section name
    #[serde(default)]
    pub name: String,

    /// Section type
    pub section_type: String,

    /// Section address in memory
    pub virtual_address: u64,

    /// Section location on disk
    pub physical_offset: u64,

    /// Section flags
    #[serde(default)]
    pub flags: String,

    /// Section size
    pub size: u64,
}

/// ELF header
/// [https://virustotal.readme.io/reference/elf_info]
#[derive(Clone, Debug, Serialize, Deserialize)]
pub struct ElfHeader {
    /// ELF version, should be 1
    pub hdr_version: String,

    /// ELF type, library, program, etc
    #[serde(rename = "type")]
    pub elf_type: String,

    /// 0x1 for original and current ELF files
    pub obj_version: String,

    /// Extra information about the ELF binary
    pub data: String,

    /// Instruction Set Architecture
    pub machine: String,

    /// Number of sections
    pub num_section_headers: u64,

    /// SystemV, FreeBSD, OpenBSD, etc
    pub os_abi: String,

    /// ABI version, ignored for static files
    pub abi_version: u32,

    /// Entry point address
    pub entrypoint: u64,

    /// Number of program headers
    pub num_prog_headers: u64,

    /// ELF32 or ELF64
    pub class: ElfClass,
}

/// Type of ELF, 32 or 64-bit
#[derive(Clone, Copy, Debug, Hash, Serialize, Deserialize)]
pub enum ElfClass {
    /// 32-bit ELF
    ELF32,

    /// 64-bit ELF
    ELF64,
}

/// Imported or Exported ELF symbols
#[derive(Clone, Debug, Serialize, Deserialize)]
pub struct ElfImportExport {
    /// Symbol type
    #[serde(rename = "type")]
    pub export_type: String,

    /// Symbol name
    pub name: String,
}

/// ELF Program Segment
#[derive(Clone, Debug, Serialize, Deserialize)]
pub struct ElfSegment {
    /// Segment type
    pub segment_type: String,

    /// Segment resources (related sections)
    #[serde(default)]
    pub resources: Vec<String>,
}