lanakod/snort-docker
1
0
Fork 0
mirror of https://github.com/Lanakod-Networks/snort-docker.git synced 2025-07-04 13:26:38 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity
master
snort-docker/configs/snort-conf/file_magic.rules
Maxim Malakhov c0a3afaed4
ELK + Grafana
2024-08-22 13:20:45 +03:00

220 lines
44 KiB
Plaintext
Raw Permalink Blame History

file_id (msg:"Excel spreadsheet subheader (MS Office)"; file_meta:type XLW, id 1, category "Office Documents", group "office"; file_data; content:"| 09 08 10 00 00 06 05 00 |", depth 8, offset 512; gid:4; sid:1; rev:1;)
file_id (msg:"POSIX Tape Archive file"; file_meta:type POSIX_TAR, id 2, category "Archive"; file_data; content:"| 75 73 74 61 72 00 20 20 |", depth 8, offset 257; gid:4; sid:2; rev:1;)
file_id (msg:"Pre-POSIX Tape Archive file"; file_meta:type OLD_TAR, id 3, category "Archive"; file_data; content:"| 75 73 74 61 72 20 |", depth 6, offset 257; gid:4; sid:3; rev:1;)
file_id (msg:"QuickTime movie file"; file_meta:type MOV, id 4, category "Multimedia", group "video"; file_data; content:"| 66 72 65 65 |", depth 4, offset 4; gid:4; sid:4; rev:1;)
file_id (msg:"QuickTime movie file"; file_meta:type MOV, id 5, category "Multimedia", group "video"; file_data; content:"| 6D 6F 6F 76 |", depth 4, offset 4; gid:4; sid:5; rev:1;)
file_id (msg:"QuickTime movie file"; file_meta:type MOV, id 6, category "Multimedia", group "video"; file_data; content:"| 6D 64 61 74 |", depth 4, offset 4; gid:4; sid:6; rev:1;)
file_id (msg:"QuickTime movie file"; file_meta:type MOV, id 7, category "Multimedia", group "video"; file_data; content:"| 70 6E 6F 74 |", depth 4, offset 4; gid:4; sid:7; rev:1;)
file_id (msg:"QuickTime movie file"; file_meta:type MOV, id 8, category "Multimedia", group "video"; file_data; content:"| 66 74 79 70 |", depth 4, offset 4; gid:4; sid:8; rev:1;)
file_id (msg:"File compressed with lha utility/algorithm (lha, lzh)"; file_meta:type LHA, id 9, category "Archive"; file_data; content:"| 2D 6C 68 |", depth 3, offset 2; gid:4; sid:9; rev:1;)
file_id (msg:"Disc Image file based on ISO-9660 standard (iso)c"; file_meta:type ISO, id 10, category "System files"; file_data; content:"| 43 44 30 30 31 |", depth 5, offset 32769; gid:4; sid:10; rev:1;)
file_id (msg:"Disc Image file based on ISO-9660 standard (iso)c"; file_meta:type ISO, id 11, category "System files"; file_data; content:"| 43 44 30 30 31 |", depth 5, offset 34817; gid:4; sid:11; rev:1;)
file_id (msg:"Disc Image file based on ISO-9660 standard (iso)c"; file_meta:type ISO, id 12, category "System files"; file_data; content:"| 43 44 30 30 31 |", depth 5, offset 36865; gid:4; sid:12; rev:1;)
file_id (msg:"S3M audio module format"; file_meta:type S3M, id 13, category "Multimedia", group "audio"; file_data; content:"| 53 43 52 4d |", depth 4, offset 44; gid:4; sid:13; rev:1;)
file_id (msg:"FLIC Animation file"; file_meta:type FLIC, id 14, category "Multimedia"; file_data; content:"| 11 AF |", depth 2, offset 4; content:"| 40 01 |", depth 2, offset 8 ; content:"| c8 00 |", depth 2, offset 10 ; file_data; content:"| 00 00 |", depth 2, offset 20 ; file_data; content:"| 00 00 00 00 00 00 00 00 |", depth 8, offset 42; gid:4; sid:14; rev:1;)
file_id (msg:"FLIC Animation file"; file_meta:type FLIC, id 15, category "Multimedia"; file_data; content:"| 12 AF |", depth 2, offset 4; content:"| 40 01 |", depth 2, offset 8 ; content:"| c8 00 |", depth 2, offset 10 ; file_data; content:"| 00 00 |", depth 2, offset 20 ; file_data; content:"| 00 00 00 00 00 00 00 00 |", depth 8, offset 42; gid:4; sid:15; rev:1;)
file_id (msg:"Windows/DOS executable file"; file_meta:type MSEXE, id 21, category "Executables,Dynamic Analysis Capable,Local Malware Analysis Capable"; file_data; content:"| 4D 5A |", depth 2, offset 0; gid:4; sid:16; rev:1;)
file_id (msg:"PDF file"; file_meta:type PDF, id 22, category "PDF files,Dynamic Analysis Capable,Local Malware Analysis Capable"; file_data; content:"| 25 50 44 46 |", depth 4, offset 0; gid:4; sid:17; rev:1;)
file_id (msg:"Rich text format word processing file"; file_meta:type RTF, id 23, category "Office Documents,Dynamic Analysis Capable"; file_data; content:"| 7B 5C 72 74 |", depth 4, offset 0; gid:4; sid:18; rev:1;)
file_id (msg:"Resource Interchange File Format"; file_meta:type RIFF, id 24, category "Multimedia"; file_data; content:"| 52 49 46 46 |", depth 4, offset 0; gid:4; sid:19; rev:1;)
file_id (msg:"Microsoft Compiled HTML Help File"; file_meta:type MSCHM, id 25, category "Office Documents"; file_data; content:"| 49 54 53 46 |", depth 4, offset 0; gid:4; sid:20; rev:1;)
file_id (msg:"Microsoft Windows CAB"; file_meta:type MSCAB, id 26, category "Archive"; file_data; content:"| 4D 53 43 46 |", depth 4, offset 0; gid:4; sid:21; rev:1;)
file_id (msg:"Microsoft Object Linking and Embedding Compound File, used for office documents as well as installers"; file_meta:type MSOLE2, id 27, category "Office Documents,Dynamic Analysis Capable,Local Malware Analysis Capable"; file_data; content:"| D0 CF 11 E0 A1 B1 1A E1 |", depth 8, offset 0; gid:4; sid:22; rev:1;)
file_id (msg:"SZDD file format"; file_meta:type MSSZDD, id 28, category "Archive"; file_data; content:"| 53 5A 44 44 88 F0 27 33 |", depth 8, offset 0; gid:4; sid:23; rev:1;)
file_id (msg:"PKZIP archive file"; file_meta:type ZIP, id 29, category "Archive"; file_data; content:"| 50 4B 03 04 |", depth 4, offset 0; gid:4; sid:24; rev:1;)
file_id (msg:"WinRAR compressed archive file"; file_meta:type RAR, id 30, category "Archive"; file_data; content:"| 52 61 72 21 1A 07 00 |", depth 7, offset 0; gid:4; sid:25; rev:1;)
file_id (msg:"7-Zip compressed file"; file_meta:type 7Z, id 31, category "Archive"; file_data; content:"| 37 7A BC AF 27 1C |", depth 6, offset 0; gid:4; sid:26; rev:1;)
file_id (msg:"bzip2 compressed archive"; file_meta:type BZ, id 32, category "Archive"; file_data; content:"| 42 5A 68 |", depth 3, offset 0; gid:4; sid:27; rev:1;)
file_id (msg:"GZ"; file_meta:type GZ, id 33, category "Archive"; file_data; content:"| 1F 8B 08 |", depth 3, offset 0; gid:4; sid:28; rev:1;)
file_id (msg:"Compressed archive file"; file_meta:type ARJ, id 34, category "Archive"; file_data; content:"| 60 EA 00 00 |", depth 4, offset 0; gid:4; sid:29; rev:1;)
file_id (msg:"Install Shield v5.x or 6.x compressed file"; file_meta:type ISHIELD_MSI, id 35, category "Executables"; file_data; content:"| 49 53 63 28 |", depth 4, offset 0; gid:4; sid:30; rev:1;)
file_id (msg:"Macintosh BinHex 4 Compressed Archive"; file_meta:type BINHEX, id 36, category "Executables"; file_data; content:"| 28 54 68 69 73 20 66 69 6C 65 20 6D 75 73 74 20 62 65 20 63 6F 6E 76 65 72 74 65 64 20 77 69 74 68 20 42 69 6E 48 65 78 20 |", depth 41, offset 0; gid:4; sid:31; rev:1;)
file_id (msg:"E-mail files for Netscape, Eudora, Outlook Express and QuickMail."; file_meta:type MAIL, id 37, category "Office Documents"; file_data; content:"| 46 72 6F 6D 20 20 20 |", depth 7, offset 0; gid:4; sid:32; rev:1;)
file_id (msg:"E-mail files for Netscape, Eudora, Outlook Express and QuickMail."; file_meta:type MAIL, id 38, category "Office Documents"; file_data; content:"| 46 72 6F 6D 20 3F 3F 3F |", depth 8, offset 0; gid:4; sid:33; rev:1;)
file_id (msg:"E-mail files for Netscape, Eudora, Outlook Express and QuickMail."; file_meta:type MAIL, id 39, category "Office Documents"; file_data; content:"| 46 72 6F 6D 3A 20 |", depth 6, offset 0; gid:4; sid:34; rev:1;)
file_id (msg:"E-mail files for Netscape, Eudora, Outlook Express and QuickMail."; file_meta:type MAIL, id 40, category "Office Documents"; file_data; content:"| 52 65 74 75 72 6E 2D 50 61 74 68 3A 20 |", depth 13, offset 0; gid:4; sid:35; rev:1;)
file_id (msg:"E-mail files for Netscape, Eudora, Outlook Express and QuickMail."; file_meta:type MAIL, id 41, category "Office Documents"; file_data; content:"| 58 2D |", depth 2, offset 0; gid:4; sid:36; rev:1;)
file_id (msg:"Transport Neutral Encapsulation Format, an E-mail attachment format"; file_meta:type TNEF, id 42, category "Office Documents"; file_data; content:"| 78 9F 3E 22 |", depth 4, offset 0; gid:4; sid:37; rev:1;)
file_id (msg:"Universal Binary/Java Bytecode"; file_meta:type BINARY_DATA, id 43, category "Executables"; file_data; content:"| CA FE BA BE |", depth 4, offset 0; gid:4; sid:38; rev:1;)
file_id (msg:"UUencoded file"; file_meta:type UUENCODED, id 44, category "Encoded"; file_data; content:"| 62 65 67 69 6E |", depth 5, offset 0; gid:4; sid:39; rev:1;)
file_id (msg:"Script encoder file"; file_meta:type SCRENC, id 45, category 'Encoded"; file_data; content:"| 23 40 7E 5E |", depth 4, offset 0; gid:4; sid:40; rev:1;)
file_id (msg:"Executable and Linking Format executable file (Linux/Unix)"; file_meta:type ELF, id 46, category "Executables"; file_data; content:"| 7F 45 4C 46 |", depth 4, offset 0; gid:4; sid:41; rev:1;)
file_id (msg:"Mach object file format"; file_meta:type MACHO, id 47, category "Executables"; file_data; content:"| CE FA ED FE |", depth 4, offset 0; gid:4; sid:42; rev:1;)
file_id (msg:"Mach object file format"; file_meta:type MACHO, id 48, category "Executables"; file_data; content:"| CF FA ED FE |", depth 4, offset 0; gid:4; sid:43; rev:1;)
file_id (msg:"Mach object file format"; file_meta:type MACHO, id 49, category "Executables"; file_data; content:"| FE ED FA CE |", depth 4, offset 0; gid:4; sid:44; rev:1;)
file_id (msg:"Mach object file format"; file_meta:type MACHO, id 50, category "Executables"; file_data; content:"| FE ED FA CF |", depth 4, offset 0; gid:4; sid:45; rev:1;)
file_id (msg:"Software Installation Script, an archive for Symbian OS"; file_meta:type SIS, id 51, category "Archive"; file_data; content:"| 19 04 00 10 |", depth 4, offset 0; gid:4; sid:46; rev:1;)
file_id (msg:"Flash file "; file_meta:type SWF, id 52, category "Multimedia"; file_data; content:"| 43 57 53 |", depth 3, offset 0; gid:4; sid:47; rev:1;)
file_id (msg:"Flash file "; file_meta:type SWF, id 53, category 'Multimedia"; file_data; content:"| 46 57 53 |", depth 3, offset 0; gid:4; sid:48; rev:1;)
file_id (msg:"Archive created with the cpio utility- standard ASCII format"; file_meta:type CPIO_ODC, id 55, category "Archive"; file_data; content:"| 30 37 30 37 30 37 |", depth 6, offset 0; gid:4; sid:49; rev:1;)
file_id (msg:"Archive created with the cpio utility- new ASCII (aka SVR4) format"; file_meta:type CPIO_NEWC, id 56, category "Archive"; file_data; content:"| 30 37 30 37 30 31 |", depth 6, offset 0; gid:4; sid:50; rev:1;)
file_id (msg:"Archive created with the cpio utility- CRC format"; file_meta:type CPIO_CRC, id 57, category "Archive"; file_data; content:"| 30 37 30 37 30 32 |", depth 6, offset 0; gid:4; sid:51; rev:1;)
file_id (msg:"MPEG video file"; file_meta:type MPEG, id 58, category "Multimedia", group "video"; file_data; content:"| 00 00 01 B3 |", depth 4, offset 0; gid:4; sid:52; rev:1;)
file_id (msg:"MPEG video file"; file_meta:type MPEG, id 59, category "Multimedia", group "video"; file_data; content:"| 00 00 01 BA |", depth 4, offset 0; gid:4; sid:53; rev:1;)
file_id (msg:"Adobe encapsulated PostScript file"; file_meta:type EPS, id 60, category "PDF files"; file_data; content:"| 25 21 50 53 2D 41 64 6F 62 65 2D |", depth 11, offset 0; gid:4; sid:54; rev:1;)
file_id (msg:"RealNetworks RealMedia streaming media file"; file_meta:type RMF, id 61, category "Multimedia"; file_data; content:"| 2E 52 4D 46 |", depth 4, offset 0; gid:4; sid:55; rev:1;)
file_id (msg:"GIF"; file_meta:type GIF, id 62, category "Graphics"; file_data; content:"| 47 49 46 38 37 61 |", depth 6, offset 0; gid:4; sid:56; rev:1;)
file_id (msg:"GIF"; file_meta:type GIF, id 63, category 'Graphics"; file_data; content:"| 47 49 46 38 39 61 |", depth 6, offset 0; gid:4; sid:57; rev:1;)
file_id (msg:"MPEG-1 Audio Layer 3 (MP3) audio file"; file_meta:type MP3, id 64, category "Multimedia"; file_data; content:"| 49 44 33 |", depth 3, offset 0; gid:4; sid:58; rev:1;)
file_id (msg:"MPEG-1 Audio Layer 3 (MP3) audio file"; file_meta:type MP3, id 65, category "Multimedia"; file_data; content:"| FF FB |", depth 2, offset 0; gid:4; sid:59; rev:1;)
file_id (msg:"Ogg Vorbis Codec compressed Multimedia file"; file_meta:type OGG, id 66, category "Multimedia"; file_data; content:"| 4F 67 67 53 |", depth 4, offset 0; gid:4; sid:60; rev:1;)
file_id (msg:"RIFX audio format"; file_meta:type RIFX, id 67, category "Multimedia", group "audio"; file_data; content:"| 52 49 46 58 |", depth 4, offset 0; gid:4; sid:61; rev:1;)
file_id (msg:"Symantec files"; file_meta:type SYMANTEC, id 68, category "System files"; file_data; content:"| 58 2D 53 79 6D 61 6E 74 65 63 2D |", depth 11, offset 0; gid:4; sid:62; rev:1;)
file_id (msg:"Portable Network Graphics file"; file_meta:type PNG, id 69, category "Graphics", group "multimedia"; file_data; content:"| 89 50 4E 47 0D 0A 1A 0A |", depth 8, offset 0; gid:4; sid:63; rev:1;)
file_id (msg:"JPEG/JFIF graphics file"; file_meta:type JPEG, id 70, category "Graphics", group "multimedia"; file_data; content:"| FF D8 FF E0 |", depth 4, offset 0; gid:4; sid:64; rev:1;)
file_id (msg:"Jar pack file"; file_meta:type JARPACK, id 72, category "Executables"; file_data; content:"| CA FE D0 0D |", depth 4, offset 0; gid:4; sid:65; rev:1;)
file_id (msg:"Java archive file"; file_meta:type JAR, id 73, category "Archive"; file_data; content:"| 50 4B 03 04 |", depth 4, offset 0; content:"| 4D 45 54 41 2D 49 4E 46 2F |", depth 9, offset 30; gid:4; sid:66; rev:1;)
file_id (msg:"Flash video file"; file_meta:type FLV, id 74, category "Multimedia", group "video"; file_data; content:"| 46 4C 56 01 |", depth 4, offset 0; gid:4; sid:67; rev:1;)
file_id (msg:"Waveform Audio File Format"; file_meta:type WAV, id 76, category "Multimedia", group "audio"; file_data; content:"| 62 65 61 74 |", depth 4, offset 0; gid:4; sid:68; rev:1;)
file_id (msg:"Waveform Audio File Format"; file_meta:type WAV, id 77, category "Multimedia", group "video"; file_data; content:"| 4D 58 43 33 |", depth 4, offset 0; gid:4; sid:69; rev:1;)
file_id (msg:"ffmpeg Multimedia framework"; file_meta:type FFMPEG, id 78, category "Multimedia"; file_data; content:"| 34 58 4D 56 |", depth 4, offset 0; gid:4; sid:70; rev:1;)
file_id (msg:"Apple Disk Image"; file_meta:type DMG, id 79, category "System files"; file_data; content:"| 45 52 02 00 |", depth 4, offset 0; gid:4; sid:71; rev:1;)
file_id (msg:"Apple Disk Image"; file_meta:type DMG, id 80, category "System files"; file_data; content:"| 32 49 4D 47 |", depth 4, offset 0; gid:4; sid:72; rev:1;)
file_id (msg:"RealPlayer video file"; file_meta:type IVR, id 81, category "Multimedia", group "video"; file_data; content:"| 2E 52 45 43 |", depth 4, offset 0; gid:4; sid:73; rev:1;)
file_id (msg:"RealPlayer video file"; file_meta:type IVR, id 82, category "Multimedia", group "video"; file_data; content:"| 2E 52 31 4D |", depth 4, offset 0; gid:4; sid:74; rev:1;)
file_id (msg:"RealAudio file"; file_meta:type RA, id 83, category "Multimedia", group "audio"; file_data; content:"| 2E 52 4D 46 00 00 00 12 00 |", depth 9, offset 0; gid:4; sid:75; rev:1;)
file_id (msg:"RealAudio file"; file_meta:type RA, id 84, category "Multimedia", group "audio"; file_data; content:"| 2E 72 61 FD 00 |", depth 5, offset 0; gid:4; sid:76; rev:1;)
file_id (msg:"Virtual Machine Disk"; file_meta:type VMDK, id 85, category "System files"; file_data; content:"| 43 4F 57 44 |", depth 4, offset 0; gid:4; sid:77; rev:1;)
file_id (msg:"Virtual Machine Disk"; file_meta:type VMDK, id 86, category "System files"; file_data; content:"|4B 44 4D |", depth 3, offset 0; gid:4; sid:78; rev:1;)
file_id (msg:"Virtual Machine Disk"; file_meta:type VMDK, id 87, category "System files"; file_data; content:"| 23 20 44 69 73 6B 20 44 65 73 63 72 69 70 74 6F |", depth 16, offset 0; gid:4; sid:79; rev:1;)
file_id (msg:"Virtual Machine Disk"; file_meta:type VMDK, id 88, category "System files"; file_data; content:"| 2E 03 00 00 01 |", depth 5, offset 0; gid:4; sid:80; rev:1;)
file_id (msg:"Free Lossless Audio Codec file"; file_meta:type FLAC, id 89, category "Multimedia", group "audio"; file_data; content:"| 66 4C 61 43 00 00 00 22 |", depth 8, offset 0; gid:4; sid:81; rev:1;)
file_id (msg:"S3M audio module format"; file_meta:type S3M, id 90 , category "Multimedia", group "audio"; file_data; content:"| 53 43 52 4d |", depth 4, offset 0; gid:4; sid:82; rev:1;)
file_id (msg:"Microsoft Windows Media Audio/Video File"; file_meta:type ASF, id 91, category "Multimedia", group "audio"; file_data;content:"| 30 26 B2 75 8E 66 CF 11 A6 D9 00 AA 00 62 CE 6C |", depth 16, offset 0; gid:4; sid:83; rev:1;)
file_id (msg:"Microsoft Word for Mac 5"; file_meta:type MSWORD_MAC5, id 93, category "Office Documents", group "office"; file_data; content:"| FE 37 00 23 |", depth 4, offset 0; gid:4; sid:84; rev:1;)
file_id (msg:"Microsoft symbolic Link"; file_meta:type SYLKc, id 94, category "System files"; file_data; content:"| 49 44 3B 50 |", depth 4, offset 0; gid:4; sid:85; rev:1;)
file_id (msg:"WordPerfect text and graphics file"; file_meta:type WP, id 95, category "Office Documents"; file_data; content:"| FF 57 50 43 |", depth 4, offset 0; gid:4; sid:86; rev:1;)
file_id (msg:"WordPerfect text and graphics file"; file_meta:type WP, id 96, category "Office Documents"; file_data; content:"| 81 CD AB |", depth 3, offset 0; gid:4; sid:87; rev:1;)
file_id (msg:"Tagged Image File Format file"; file_meta:type TIFF, id 97, category "Graphics", group "multimedia"; file_data; content:"| 49 49 2A 00 |", depth 4, offset 0; gid:4; sid:88; rev:1;)
file_id (msg:"Tagged Image File Format file"; file_meta:type TIFF, id 98, category "Graphics", group "multimedia"; file_data; content:"| 49 20 49 |", depth 3, offset 0; gid:4; sid:89; rev:1;)
file_id (msg:"Tagged Image File Format file"; file_meta:type TIFF, id 99, category "Graphics", group "multimedia"; file_data; content:"| 4D 4D 00 2A |", depth 4, offset 0; gid:4; sid:90; rev:1;)
file_id (msg:"Tagged Image File Format file"; file_meta:type TIFF, id 100, category "Graphics", group "multimedia"; file_data; content:"| 4D 4D 00 2B |", depth 4, offset 0; gid:4; sid:91; rev:1;)
file_id (msg:"Metastock technical analysis program for traders"; file_meta:type MWL, id 101, category "Office Documents"; file_data; content:"| 5b 4d 65 74 61 53 74 6f 63 6b |", depth 10, offset 0; gid:4; sid:92; rev:1;)
file_id (msg:"Microsoft Access file"; file_meta:type MDB, id 102, category "Office Documents"; file_data; content:"| 00 01 00 00 53 74 61 6E 64 61 72 64 20 4A 65 74 20 44 42 |", depth 19, offset 0; gid:4; sid:93; rev:1;)
file_id (msg:"Microsoft Access 2007 file"; file_meta:type ACCDB, id 103, category "Office Documents"; file_data; content:"| 00 01 00 00 53 74 61 6E 64 61 72 64 20 41 43 45 20 44 42 |", depth 19, offset 0; gid:4; sid:94; rev:1;)
file_id (msg:"Microsoft Money file"; file_meta:type MNY, id 104, category "Office Documents"; file_data; content:"| 00 01 00 00 4D 53 49 53 41 4D 20 44 61 74 61 62 61 73 65 |", depth 19, offset 0; gid:4; sid:95; rev:1;)
file_id (msg:"RealNetworks Realplayer REC"; file_meta:type REC, id 105, category "Multimedia"; file_data; content:"| 2e 72 65 63 00 |", depth 5, offset 0; gid:4; sid:96; rev:1;)
file_id (msg:"RealNetworks Realplayer R1M"; file_meta:type R1M, id 106, category "Multimedia"; file_data; content:"| 2e 72 31 6d |", depth 4, offset 0; gid:4; sid:97; rev:1;)
file_id (msg:"Outlook address file"; file_meta:type WAB, id 107, category "Office Documents", group "office"; file_data; content:"| 9C CB CB 8D 13 75 D2 11 91 58 00 C0 4F 79 56 A4 |", depth 16, offset 0; gid:4; sid:98; rev:1;)
file_id (msg:"Outlook address file"; file_meta:type WAB, id 108, category "Office Documents", group "office"; file_data; content:"| 81 32 84 C1 85 05 D0 11 B2 90 00 AA 00 3C F6 76 |", depth 16, offset 0; gid:4; sid:99; rev:1;)
file_id (msg:"Multimedia playlists"; file_meta:type M3U, id 109, category "Multimedia"; file_data; content:"| 23 45 58 54 4d 33 55 |", depth 7, offset 0; gid:4; sid:100; rev:1;)
file_id (msg:"Matroska stream file"; file_meta:type MKV, id 110, category "Multimedia"; file_data; content:"| 1A 45 DF A3 93 42 82 88 6D 61 74 72 6F 73 6B 61 |", depth 16, offset 0; gid:4; sid:101; rev:1;)
file_id (msg:"ChromaGraph Graphics Card Bitmap Graphic file"; file_meta:type IMG_PICT, id 111, category "Graphics", group "multimedia"; file_data; content:"| 50 49 43 54 00 08 |", depth 6, offset 0; gid:4; sid:102; rev:1;)
file_id (msg:"Advanced Module Format for digital music"; file_meta:type AMF, id 112, category "Multimedia", group "audio"; file_data; content:"| 41 4d 46 |", depth 3, offset 0; gid:4; sid:103; rev:1;)
file_id (msg:"WebM audio-video format"; file_meta:type WEBM, id 113, category "Multimedia", group "audio,video"; file_data; content:"| 1A 45 DF A3 |", depth 4, offset 0; gid:4; sid:104; rev:1;)
file_id (msg:"Autodesk Maya"; file_meta:type MAYA, id 114, category "Graphics"; file_data; content:"| 2f 2f 4d 61 79 61 |", depth 6, offset 0; gid:4; sid:105; rev:1;)
file_id (msg:"Musical Instrument Digital Interface (MIDI) sound file"; file_meta:type MIDI, id 115, category "Multimedia", group "audio"; file_data; content:"| 4D 54 68 64 |", depth 4, offset 0; gid:4; sid:106; rev:1;)
file_id (msg:"multimedia playlists"; file_meta:type PLS, id 116, category "Multimedia"; file_data; content:"| 5b 70 6c 61 79 6c 69 73 74 5d |", depth 10, offset 0; gid:4; sid:107; rev:1;)
file_id (msg:"Synchronized Multimedia Integration Language"; file_meta:type SMIL, id 117, category "Multimedia"; file_data; content:"| 3c 73 6d 69 6c 3e |", depth 6, offset 0; gid:4; sid:108; rev:1;)
file_id (msg:"Synchronized Accessible Media Interchange"; file_meta:type SAMI, id 119, category "Multimedia"; file_data; content:"| 3c 53 41 4d 49 |", depth 5, offset 0; gid:4; sid:109; rev:1;)
file_id (msg:"Autodesk AutoCAD file (dwg) "; file_meta:type DWG, id 130, category "Graphics"; file_data; content:"| 41 43 31 30 |", depth 4, offset 0; gid:4; sid:111; rev:1;)
file_id (msg:"Microsoft Document Imaging file (mdi)"; file_meta:type MDI, id 132, category "Office Documents"; file_data; content:"| 45 50 |", depth 2, offset 0; gid:4; sid:112; rev:1;)
file_id (msg:"PGP disk image(PGD)"; file_meta:type PGD, id 133, category "System files"; file_data; content:"| 50 47 50 64 4D 41 49 4E |", depth 8, offset 0; gid:4; sid:113; rev:1;)
file_id (msg:"Photoshop image file (PSD)"; file_meta:type PSD, id 134, category "Graphics"; file_data; content:"| 38 42 50 53 |", depth 4, offset 0; gid:4; sid:114; rev:1;)
file_id (msg:"Windows 9x registry hive (REG)"; file_meta:type 9XHIVE, id 135, category "System files"; file_data; content:"| 43 52 45 47 |", depth 4, offset 0; gid:4; sid:115; rev:1;)
file_id (msg:"Windows Registry and Registry Undo files (REG)"; file_meta:type REG, id 136, category "System files"; file_data; content:"| 52 45 47 45 44 49 54 |", depth 7, offset 0; gid:4; sid:116; rev:1;)
file_id (msg:"Windows graphics metafile "; file_meta:type WMF, id 137, category "Graphics"; file_data; content:"| 01 00 09 00 00 03 |", depth 6, offset 0; gid:4; sid:117; rev:1;)
file_id (msg:"Windows Write document file (wri) "; file_meta:type WRI, id 138, category "Office Documents"; file_data; content:"| BE 00 00 00 AB 00 00 00 00 00 00 00 00 |", depth 13, offset 0; gid:4; sid:118; rev:1;)
file_id (msg:"RedHat Package Manager file"; file_meta:type RPM, id 139, category "Executables"; file_data; content:"| ED AB EE DB |", depth 4, offset 0; gid:4; sid:119; rev:1;)
file_id (msg:"Microsoft OneNote note"; file_meta:type ONE, id 140, category "Office Documents", group "office"; file_data; content:"| E4 52 5C 7B 8C D8 A7 4D AE B1 53 78 D0 29 96 D3 |", depth 16, offset 0; gid:4; sid:120; rev:1;)
file_id (msg:"MPEG-4 video files"; file_meta:type MP4, id 141, category "Multimedia", group "video"; file_data; content:"| 00 00 00 18 66 74 79 70 33 67 70 35 |", depth 12, offset 0; gid:4; sid:121; rev:1;)
file_id (msg:"MPEG-4 video files"; file_meta:type MP4, id 142, category "Multimedia", group "video"; file_data; content:"| 66 74 79 70 69 73 6F 6D |", depth 8, offset 4; gid:4; sid:122; rev:1;)
file_id (msg:"Packet capture file"; file_meta:type PCAP, id 143, category "System files"; file_data; content:"| D4 C3 B2 A1 |", depth 4, offset 0; gid:4; sid:123; rev:1;)
file_id (msg:"Packet capture file"; file_meta:type PCAP, id 144, category "System files"; file_data; content:"| 34 CD B2 A1 |", depth 4, offset 0; gid:4; sid:124; rev:1;)
file_id (msg:"Packet capture file"; file_meta:type PCAP, id 145, category "System files"; file_data; content:"| A1 B2 C3 D4 |", depth 4, offset 0; gid:4; sid:125; rev:1;)
file_id (msg:"Packet capture file"; file_meta:type PCAP, id 146, category "System files"; file_data; content:"| A1 B2 CD 34 |", depth 4, offset 0; gid:4; sid:126; rev:1;)
file_id (msg:"Packet capture file"; file_meta:type PCAP, id 147, category "System files"; file_data; content:"| 52 54 53 53 |", depth 4, offset 0; gid:4; sid:127; rev:1;)
file_id (msg:"Bitmap image file"; file_meta:type BMP, id 148, category "Graphics", group "multimedia"; file_data; content:"| 42 4D |", depth 2, offset 0; gid:4; sid:128; rev:1;)
file_id (msg:"Windows icon file"; file_meta:type ICO, id 149, category "Graphics"; file_data; content:"| 00 00 01 00 |", depth 4, offset 0; gid:4; sid:129; rev:1;)
file_id (msg:"BitTorrent File"; file_meta:type TORRENT, id 150, category "Executables"; file_data; content:"| 64 38 3A 61 6E 6E 6F 75 6E 63 65 |", depth 11, offset 0; gid:4; sid:130; rev:1;)
file_id (msg:"Adaptive Multi-Rate Codec File"; file_meta:type AMR, id 151, category "Multimedia"; file_data; content:"| 23 21 41 4D 52 |", depth 5, offset 0; gid:4; sid:131; rev:1;)
file_id (msg:"StuffIt compressed archive"; file_meta:type SIT, id 152, category "Archive"; file_data; content:"| 53 49 54 21 00 |", depth 5, offset 0; gid:4; sid:132; rev:1;)
file_id (msg:"Microsoft Outlook Personal Folder File"; file_meta:type PST, id 153, category "Office Documents", group "office"; file_data; content:"| 21 42 44 4E |", depth 4, offset 0; gid:4; sid:133; rev:1;)
file_id (msg:"Windows Help file"; file_meta:type HLP, id 154, category "Office Documents"; file_data; content:"| 4C 4E 02 00 |", depth 4, offset 0; gid:4; sid:134; rev:1;)
file_id (msg:"Windows Help file"; file_meta:type HLP, id 155, category "Office Documents"; file_data; content:"| 3F 5F 03 00 |", depth 4, offset 0; gid:4; sid:135; rev:1;)
file_id (msg:"Windows Autorun setup file"; file_meta:type AUTORUN, id 156, category "Executables"; file_data; content:"| 5B 61 75 74 6F 72 75 6E 5D 0D 0A |", depth 11, offset 0; gid:4; sid:136; rev:1;)
file_id (msg:"JPEG/JFIF graphics file"; file_meta:type JPEG, id 157, category "Graphics", group "multimedia"; file_data; content:"| FF D8 FF E1 |", depth 4, offset 0; gid:4; sid:137; rev:1;)
file_id (msg:"Compressed archive file"; file_meta:type ARJ, id 158, category "Archive"; file_data; content:"| 60 EA |", depth 2, offset 0; gid:4; sid:138; rev:1;)
file_id (msg:"MPEG-1 Audio Layer 3 (MP3) audio file"; file_meta:type MP3, id 159, category "Multimedia", group "audio"; file_data; content:"| FF FA |", depth 2, offset 0; gid:4; sid:139; rev:1;)
file_id (msg:"StuffIt compressed archive"; file_meta:type SIT, id 160, category "Archive"; file_data; content:"| 53 74 75 66 66 49 74 20 |", depth 8, offset 0; gid:4; sid:140; rev:1;)
file_id (msg:"Windows graphics metafile "; file_meta:type WMF, id 162, category "Graphics"; file_data; content:"| D7 CD C6 9A |", depth 4, offset 0; gid:4; sid:141; rev:1;)
file_id (msg:"Software Installation Script, an archive for Symbian OS"; file_meta:type SIS, id 163, category "Archive"; file_data; content:"| 7A 1A 20 10 |", depth 4, offset 0; gid:4; sid:142; rev:1;)
file_id (msg:"Windows Write document file (wri) "; file_meta:type WRI, id 164, category "Office Documents"; file_data; content:"| 31 BE |", depth 2, offset 0; gid:4; sid:143; rev:1;)
file_id (msg:"Windows Write document file (wri) "; file_meta:type WRI, id 165, category "Office Documents"; file_data; content:"| 32 BE |", depth 2, offset 0; gid:4; sid:144; rev:1;)
file_id (msg:"Waveform Audio File Format"; file_meta:type WAV, id 166, category "Multimedia", group "audio"; file_data; content:"| 52 49 46 46 |", depth 4, offset 0; content:"| 57 41 56 45 66 6D 74 20 |", depth 8, offset 8; gid:4; sid:145; rev:1;)
file_id (msg:"MPEG-4 video files"; file_meta:type MP4, id 167, category "Multimedia", group "video"; file_data; content:"| 66 74 79 70 6D 70 34 32 |", depth 8, offset 4; gid:4; sid:146; rev:1;)
file_id (msg:"MPEG-4 video files"; file_meta:type MP4, id 168, category "Multimedia", group "video"; file_data; content:"| 66 74 79 70 33 67 70 |", depth 7, offset 4; gid:4; sid:147; rev:1;)
file_id (msg:"MPEG-4 video files"; file_meta:type MP4, id 169, category "Multimedia", group "video"; file_data; content:"| 66 74 79 70 4D 53 4E 56 |", depth 8, offset 4; gid:4; sid:148; rev:1;)
file_id (msg:"Digital Imaging and Communications in Medicine"; file_meta:type DICM, id 170, category "Multimedia"; file_data; content:"| 44 49 43 4D |", depth 4, offset 128; gid:4; sid:149; rev:1;)
file_id (msg:"PKZIP encrypted archive file"; file_meta:type ZIP_ENC, id 171, category "Archive"; file_data; content:"| 50 4B 03 04 |", depth 4, offset 0; content:"| 01 |", depth 1, offset 6; gid:4; sid:150; rev:1;)
file_id (msg:"Standard Anti-Virus Test File"; file_meta:type EICAR, id 273, category "Executables"; file_data; content:"| 58 35 4F 21 50 25 |", depth 6, offset 0; gid:4; sid:151; rev:1;)
file_id (msg:"Microsoft XML Paper Specification Document"; file_meta:type XPS, id 275, category "Office Documents"; file_data; content:"| 50 4B 03 04 |", depth 4, offset 0; content:"| 46 69 78 65 64 44 6F 63 75 6D |", depth 10, offset 30; gid:4; sid:152; rev:1;)
file_id (msg:"Microsoft XML Paper Specification Document"; file_meta:type XPS, id 277, category "Office Documents"; file_data; content:"| 50 4B 03 04 |", depth 4, offset 0; content:"| 44 6F 63 75 6D 65 6E 74 73 2F |", depth 10, offset 30; gid:4; sid:153; rev:1;)
file_id (msg:"Microsoft XML Paper Specification Document"; file_meta:type XPS, id 278, category "Office Documents"; file_data; content:"| 50 4B 03 04 |", depth 4, offset 0; content:"| 4D 65 74 61 64 61 74 61 2F |", depth 9, offset 30; gid:4; sid:154; rev:1;)
file_id (msg:"Windows crash dump file"; file_meta:type DMP, id 279, category "System files"; file_data; content:"| 4D 44 4D 50 93 A7 |", depth 6, offset 0; gid:4; sid:155; rev:1;)
file_id (msg:"Windows crash dump file"; file_meta:type DMP, id 280, category "System files"; file_data; content:"| 50 41 47 45 44 55 36 34 |", depth 8, offset 0; gid:4; sid:156; rev:1;)
file_id (msg:"Windows crash dump file"; file_meta:type DMP, id 281, category "System files"; file_data; content:"| 50 41 47 45 44 55 4D 50 |", depth 8, offset 0; gid:4; sid:157; rev:1;)
file_id (msg:"PDF file "; file_meta:type PDF, id 282, category "PDF files,Dynamic Analysis Capable,Local Malware Analysis Capable", version "1.0"; file_data; content:"| 25 50 44 46 2D 31 2E 30 |", depth 8, offset 0; gid:4; sid:158; rev:1;)
file_id (msg:"PDF file "; file_meta:type PDF, id 283, category "PDF files,Dynamic Analysis Capable,Local Malware Analysis Capable", version "1.1"; file_data; content:"| 25 50 44 46 2D 31 2E 31 |", depth 8, offset 0; gid:4; sid:159; rev:1;)
file_id (msg:"PDF file "; file_meta:type PDF, id 284, category "PDF files,Dynamic Analysis Capable,Local Malware Analysis Capable", version "1.2"; file_data; content:"| 25 50 44 46 2D 31 2E 32 |", depth 8, offset 0; gid:4; sid:160; rev:1;)
file_id (msg:"PDF file "; file_meta:type PDF, id 285, category "PDF files,Dynamic Analysis Capable,Local Malware Analysis Capable", version "1.3"; file_data; content:"| 25 50 44 46 2D 31 2E 33 |", depth 8, offset 0; gid:4; sid:161; rev:1;)
file_id (msg:"PDF file "; file_meta:type PDF, id 286, category "PDF files,Dynamic Analysis Capable,Local Malware Analysis Capable", version "1.4"; file_data; content:"| 25 50 44 46 2D 31 2E 34 |", depth 8, offset 0; gid:4; sid:162; rev:1;)
file_id (msg:"PDF file "; file_meta:type PDF, id 287, category "PDF files,Dynamic Analysis Capable,Local Malware Analysis Capable", version "1.5"; file_data; content:"| 25 50 44 46 2D 31 2E 35 |", depth 8, offset 0; gid:4; sid:163; rev:1;)
file_id (msg:"PDF file "; file_meta:type PDF, id 288, category "PDF files,Dynamic Analysis Capable,Local Malware Analysis Capable", version "1.6"; file_data; content:"| 25 50 44 46 2D 31 2E 36 |", depth 8, offset 0; gid:4; sid:164; rev:1;)
file_id (msg:"PDF file "; file_meta:type PDF, id 289, category "PDF files,Dynamic Analysis Capable,Local Malware Analysis Capable", version "1.7"; file_data; content:"| 25 50 44 46 2D 31 2E 37 |", depth 8, offset 0;gid:4; sid:165; rev:1;)
file_id (msg:"Binary files for Microcontroller/Other Chip based applications"; file_meta:type IntelHEX, id 290, category "System files"; file_data; content:"| 3A 31 |", depth 2, offset 0; content:"| 30 30 |", depth 2, offset 7; gid:4; sid:166; rev:1;)
file_id (msg:"Binary files for Microcontroller/Other Chip based applications"; file_meta:type IntelHEX, id 291, category "System files"; file_data; content:"| 3A 31 |", depth 2, offset 0; content:"| 30 31 |", depth 2, offset 7; gid:4; sid:167; rev:1;)
file_id (msg:"Binary files for Microcontroller/Other Chip based applications"; file_meta:type IntelHEX, id 292, category "System files"; file_data; content:"| 3A 31 |", depth 2, offset 0; content:"| 30 32 |", depth 2, offset 7; gid:4; sid:168; rev:1;)
file_id (msg:"Binary files for Microcontroller/Other Chip based applications"; file_meta:type IntelHEX, id 293, category "System files"; file_data; content:"| 3A 31 |", depth 2, offset 0; content:"| 30 33 |", depth 2, offset 7; gid:4; sid:169; rev:1;)
file_id (msg:"Binary files for Microcontroller/Other Chip based applications"; file_meta:type IntelHEX, id 294, category "System files"; file_data; content:"| 3A 31 |", depth 2, offset 0; content:"| 30 34 |", depth 2, offset 7; gid:4; sid:170; rev:1;)
file_id (msg:"Binary files for Microcontroller/Other Chip based applications"; file_meta:type IntelHEX, id 295, category "System files"; file_data; content:"| 3A 31 |", depth 2, offset 0; content:"| 30 35 |", depth 2, offset 7; gid:4; sid:171; rev:1;)
file_id (msg:"Binary files for Microcontroller/Other Chip based applications"; file_meta:type IntelHEX, id 296, category "System files"; file_data; content:"| 3A 31 |", depth 2, offset 0; content:"| 32 30 |", depth 2, offset 7; gid:4; sid:172; rev:1;)
file_id (msg:"Binary files for Microcontroller/Other Chip based applications"; file_meta:type IntelHEX, id 297, category "System files"; file_data; content:"| 3A 31 |", depth 2, offset 0; content:"| 32 32 |", depth 2, offset 7; gid:4; sid:173; rev:1;)
file_id (msg:"Binary files for Microcontroller/Other Chip based applications"; file_meta:type IntelHEX, id 298, category "System files"; file_data; content:"| 3A 32 |", depth 2, offset 0; content:"| 30 30 |", depth 2, offset 7; gid:4; sid:174; rev:1;)
file_id (msg:"Binary files for Microcontroller/Other Chip based applications"; file_meta:type IntelHEX, id 300, category "System files"; file_data; content:"| 3A 32 |", depth 2, offset 0; content:"| 30 31 |", depth 2, offset 7; gid:4; sid:175; rev:1;)
file_id (msg:"Binary files for Microcontroller/Other Chip based applications"; file_meta:type IntelHEX, id 301, category "System files"; file_data; content:"| 3A 32 |", depth 2, offset 0; content:"| 30 32 |", depth 2, offset 7; gid:4; sid:176; rev:1;)
file_id (msg:"Binary files for Microcontroller/Other Chip based applications"; file_meta:type IntelHEX, id 302, category "System files"; file_data; content:"| 3A 32 |", depth 2, offset 0; content:"| 30 33 |", depth 2, offset 7; gid:4; sid:177; rev:1;)
file_id (msg:"Binary files for Microcontroller/Other Chip based applications"; file_meta:type IntelHEX, id 303, category "System files"; file_data; content:"| 3A 32 |", depth 2, offset 0; content:"| 30 34 |", depth 2, offset 7; gid:4; sid:178; rev:1;)
file_id (msg:"Binary files for Microcontroller/Other Chip based applications"; file_meta:type IntelHEX, id 304, category "System files"; file_data; content:"| 3A 32 |", depth 2, offset 0; content:"| 30 35 |", depth 2, offset 7; gid:4; sid:179; rev:1;)
file_id (msg:"Binary files for Microcontroller/Other Chip based applications"; file_meta:type IntelHEX, id 306, category "System files"; file_data; content:"| 3A 32 |", depth 2, offset 0; content:"| 32 32 |", depth 2, offset 7; gid:4; sid:180; rev:1;)
file_id (msg:"Windows Registry and Registry Undo files (REG)"; file_meta:type REG, id 307, category "System files"; file_data; content:"| FF FE |", depth 2, offset 0; gid:4; sid:181; rev:1;)
file_id (msg:"Proprietary layout engine for Microsoft Internet Explorer"; file_meta:type MSHTML, id 308, category "Office Documents"; file_data; content:"| 3D 22 2D 2D 2D 2D 3D 5F |", depth 8, offset 60; gid:4; sid:182; rev:1;)
file_id (msg:"Microsoft Visual Basic files, including .cs, .vb, and .vbp"; file_meta:type VB, id 310, category "System files"; file_data; content:"| EF BB BF |", depth 3, offset 0; gid:4; sid:183; rev:1;)
file_id (msg:"Microsoft Visual Basic files, including .cs, .vb, and .vbp"; file_meta:type VB, id 311, category "System files"; file_data; content:"| 54 79 70 65 3D 45 78 65 |", depth 8, offset 0; gid:4; sid:184; rev:1;)
file_id (msg:"MPEG-4 video files"; file_meta:type MP4, id 313, category "Multimedia"; file_data; content:"| 66 74 79 70 64 61 73 68 |", depth 8, offset 4; gid:4; sid:185; rev:1;)
file_id (msg:"Microsoft Windows Shortcut Files"; file_meta:type LNK, id 314, category "Executables"; file_data; content:"| 4C 00 00 00 01 14 02 00 |", depth 8, offset 0; gid:4; sid:186; rev:1;)
file_id (msg:"Microsoft Windows Shortcut Files"; file_meta:type SCR, id 315, category "Executables"; file_data; content:"| 44 43 4E 01 |", depth 4, offset 0; gid:4; sid:187; rev:1;)
file_id (msg:"Microsoft Windows Shortcut Files"; file_meta:type SCR, id 316, category "Executables"; file_data; content:"| 44 43 44 01 |", depth 4, offset 0; gid:4; sid:188; rev:1;)
file_id (msg:"Matroska stream file"; file_meta:type MKV, id 317, category "Multimedia"; file_data; content:"| 1A 45 DF A3 01 00 00 00 00 00 00 23 42 86 81 01 |", depth 16, offset 0; gid:4; sid:189; rev:1;)
file_id (msg:"FLIC Animation file"; file_meta:type FLIC, id 16, category "Multimedia"; file_data; content:"| 44 AF |", depth 2, offset 4; content:"| 40 01 |", depth 2, offset 8 ; content:"| c8 00 |", depth 2, offset 10 ; file_data; content:"| 00 00 |", depth 2, offset 20 ; file_data; content:"| 00 00 00 00 00 00 00 00 |", depth 8, offset 42; gid:4; sid:190; rev:1;)
file_id (msg:"FLIC Animation file"; file_meta:type FLIC, id 17, category "Multimedia"; file_data; content:"| 30 AF |", depth 2, offset 4; content:"| 40 01 |", depth 2, offset 8 ; content:"| c8 00 |", depth 2, offset 10 ; file_data; content:"| 00 00 |", depth 2, offset 20 ; file_data; content:"| 00 00 00 00 00 00 00 00 |", depth 8, offset 42; gid:4; sid:191; rev:1;)
file_id (msg:"FLIC Animation file"; file_meta:type FLIC, id 18, category "Multimedia"; file_data; content:"| 31 AF |", depth 2, offset 4; content:"| 40 01 |", depth 2, offset 8 ; content:"| c8 00 |", depth 2, offset 10 ; file_data; content:"| 00 00 |", depth 2, offset 20 ; file_data; content:"| 00 00 00 00 00 00 00 00 |", depth 8, offset 42; gid:4; sid:192; rev:1;)
file_id (msg:"Windows NT registry hive (REG)"; file_meta:type NTHIVE, id 161, category "System files"; file_data; content:"| 72 65 67 66 |", depth 4, offset 0; gid:4; sid:193; rev:1;)
file_id (msg:"Binary files for Microcontroller/Other Chip based applications"; file_meta:type IntelHEX, id 305, category "System files"; file_data; content:"| 3A 32 |", depth 2, offset 0; content:"| 32 30 |", depth 2, offset 7; gid:4; sid:194; rev:1;)
file_id (msg:"Java archive file"; file_meta:type JAR, id 318, category "Archive"; file_data; content:"| 50 4B 03 04 |", depth 4, offset 0; content:"| 63 6F 6E 74 65 6E 74 2F |", depth 8, offset 30; gid:4; sid:195; rev:1;)
file_id (msg:"Java archive file"; file_meta:type JAR, id 319, category "Archive"; file_data; content:"| 50 4B 03 04 |", depth 4, offset 0; content:"| 6F 70 74 69 6F 6E 73 2F |", depth 8, offset 30; gid:4; sid:196; rev:1;)
file_id (msg:"WinRAR compressed archive file"; file_meta:type RAR, id 320, category "Archive", version "1.1"; file_data; content:"| 52 61 72 21 1A 07 01 00 |", depth 8, offset 0; gid:4; sid:197; rev:1;)
file_id (msg:"Archive file for Microsoft created using software ALZip"; file_meta:type ALZ, id 321, category "Archive"; file_data; content:"| 41 4C 5A 01 |", depth 4, offset 0; gid:4; sid:198; rev:1;)
file_id (msg:"Archive File for Microsoft created using software ALZip"; file_meta:type EGG, id 322, category "Archive"; file_data; content:"| 45 47 47 41 |", depth 4, offset 0; gid:4; sid:199; rev:1;)
file_id (msg:"Hangul word processor file"; file_meta:type HWP, id 323, category "Office Documents", version "3.0"; file_data; content:"| 48 57 50 20 44 6F 63 75 6D 65 6E 74 20 46 69 6C 65 |", depth 17, offset 0; gid:4; sid:200; rev:1;)
file_id (msg:"Flash file"; file_meta:type SWF, id 324, category "Multimedia"; file_data; content:"| 5A 57 53 |", depth 3, offset 0; gid:4; sid:201; rev:1;)
file_id (msg:"Packet capture file"; file_meta:type PCAP, id 325, category "System files"; file_data; content:"| 0A 0D 0D 0A |", depth 4, offset 0; gid:4; sid:202; rev:1;)
file_id (msg:"Flash file "; file_meta:type SWF, id 54, category "Multimedia"; file_data; content:"| 58 46 49 52 |", depth 4, offset 0; gid:4; sid:203; rev:1;)
file_id (msg:"Microsoft Office Open XML Format (OOXML) Document (PPTX)"; file_meta:type PPTX, id 326, category "Office Documents,Dynamic Analysis Capable,Local Malware Analysis Capable", group "office"; file_data; content:"| 50 4B 03 04 |", depth 4, offset 0; content:"| 70 70 74 2f |", depth 4, offset 30; gid:4; sid:204; rev:1;)
file_id (msg:"Microsoft Office Open XML Format (OOXML) Document (DOCX)"; file_meta:type DOCX, id 327, category "Office Documents,Dynamic Analysis Capable,Local Malware Analysis Capable", group "office"; file_data; content:"| 50 4B 03 04 |", depth 4, offset 0; content:"| 77 6f 72 64 2f |", depth 5, offset 30; gid:4; sid:205; rev:1;)
file_id (msg:"Microsoft Office Open XML Format (OOXML) Document (XLSX)"; file_meta:type XLSX, id 328, category "Office Documents,Dynamic Analysis Capable,Local Malware Analysis Capable", group "office"; file_data; content:"| 50 4B 03 04 |", depth 4, offset 0; content:"| 78 6c 2f |", depth 3, offset 30; gid:4; sid:206; rev:1;)
file_id (msg:"Microsoft Office Open XML Format (OOXML) Document (DOCX, PPTX, XLSX)"; file_meta:type NEW_OFFICE, id 329, category "Office Documents,Dynamic Analysis Capable,Local Malware Analysis Capable", group "office"; file_data; content:"| 50 4B 03 04 |", depth 4, offset 0; content:"| 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e |", depth 16, offset 30; gid:4; sid:207; rev:1;)
file_id (msg:"Microsoft Office Open XML Format (OOXML) Document (DOCX, PPTX, XLSX)"; file_meta:type NEW_OFFICE, id 330, category "Office Documents,Dynamic Analysis Capable,Local Malware Analysis Capable", group "office"; file_data; content:"| 50 4B 03 04 |", depth 4, offset 0; content:"| 5f 72 65 6c 73 2f |", depth 6, offset 30; gid:4; sid:208; rev:1;)
file_id (msg:"Microsoft Office Open XML Format (OOXML) Document (DOCX, PPTX, XLSX)"; file_meta:type NEW_OFFICE, id 331, category "Office Documents,Dynamic Analysis Capable,Local Malware Analysis Capable", group "office"; file_data; content:"| 50 4B 03 04 |", depth 4, offset 0; content:"| 64 6f 63 50 72 6f 70 73 2f |", depth 9, offset 30; gid:4; sid:209; rev:1;)
file_id (msg:"Audio Interchange File Format"; file_meta:type AIF, id 345, category "Multimedia"; file_data; content:"| 46 4F 52 40 |", depth 4, offset 0; gid:4; sid:210; rev:1;)
file_id (msg:"Audio Interchange File Format"; file_meta:type AIF, id 346, category "Multimedia"; file_data; content:"| 41 49 46 46 |", depth 4, offset 8; gid:4; sid:211; rev:1;)
file_id (msg:"Debian package file"; file_meta:type DEB, id 333, category "System files"; file_data; content:"| 21 3C 61 72 |", depth 4, offset 0; gid:4; sid:212; rev:1;)
file_id (msg:"Windows Cursor file"; file_meta:type CUR, id 337, category "System files"; file_data; content:"| 00 00 02 00 02 00 30 30 00 00 01 |", depth 11, offset 0; gid:4; sid:216; rev:1;)
file_id (msg:"Audio Video Interleave"; file_meta:type AVI, id 339, category "Multimedia"; file_data; content:"| 41 56 49 |", depth 3, offset 8; gid:4; sid:218; rev:1;)
file_id (msg:"Sound file"; file_meta:type SND, id 340, category "Multimedia"; file_data; content:"| 73 6E 64 |", depth 3, offset 1; gid:4; sid:219; rev:1;)
file_id (msg:"MPEG-4 Audio"; file_meta:type M4A, id 341, category "Multimedia"; file_data; content:"| 4D 34 41 |", depth 3, offset 8; gid:4; sid:220; rev:1;)
file_id (msg:"Video Object file, audio container in DVD media"; file_meta:type VOB, id 342, category "Multimedia"; file_data; content:"| 00 00 01 BA 44 |", depth 5, offset 0; gid:4; sid:221; rev:1;)
file_id (msg:"Windows Media Video"; file_meta:type WMV, id 343, category "Multimedia"; file_data; content:"| 30 26 B2 75 |", depth 4, offset 0; gid:4; sid:222; rev:1;)
file_id (msg:"iTunes video file"; file_meta:type M5V, id 344, category "Multimedia"; file_data; content:"| 4D 34 56 |", depth 3, offset 8; gid:4; sid:223; rev:1;)
file_id (msg:"Executable script"; file_meta:type UNIX_SCRIPT, id 347, category "Executables"; file_data; content:"| 23 21 2F |", depth 3, offset 0; gid:4; sid:224; rev:1;)
Reference in New Issue View Git Blame Copy Permalink