In this post, we will cover record type 1 VBN's. This will be fairly short because there is not much to these types of VBN's. They contain one structure that is not XORed after the VBN Metadata. This is the Quarantine Metadata structure. It contains the same kind of data as in record type 2's Quarantine Metadata, minus any header information.
Record Type 1
Quarantine Metadata
The quarantine metadata appears to be in ASN.1 format. It is comprised of a series of tags.
Code | Value Length | Extra Data |
---|---|---|
0x01 | 1 | None |
0x0A | 1 | None |
0x03 | 4 | None |
0x06 | 4 | None |
0x04 | 8 | None |
0x07 | 4 | NUL-terminated ASCII String (of length controlled by dword following 0x07 code) |
0x08 | 4 | NUL-terminated Unicode String (of length controlled by dword following 0x08 code) |
0x09 | 4 | Container (of length controlled by dword following 0x09 code) |
0x0F | 16 | None |
0x10 | 16 | None |
No comments:
Post a Comment