View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000595 | file | General | public | 2024-12-19 16:41 | 2024-12-26 19:02 |
| Reporter | Ange | Assigned To | christos | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | 5.46 | ||||
| Fixed in Version | HEAD | ||||
| Summary | 0000595: Detect Microsoft Store Database files (store.db SQLite3) | ||||
| Description | Microsoft Store DBs are common SQLite files in the wild. They don't use an AppID so they can't be easily detected. | ||||
| Steps To Reproduce | - scan the attached file. - it reports standard SQLite information, nothing specific to this common type of SQLite DB. 'SQLite 3.x database, user version 3, last written using SQLite version 3045003...' The attached file is a cleaned-up genuine 'store.db' files, so it makes sense to detect only these strings as wide-ascii. | ||||
| Additional Information | The following "CREATE TABLE ACTIONRECORDS (" wide-string was found to be working on a samples set of 8K files. >0x200 search/0xFFFF C\0R\0E\0A\0T\0E\0\ \0T\0A\0B\0L\0E\0\ \0A\0C\0T\0I\0O\0N\0R\0E\0C\0O\0R\0D\0S\0\ \0( Microsoft Store Database | ||||
| Tags | No tags attached. | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-12-19 16:41 | Ange | New Issue | |
| 2024-12-19 16:41 | Ange | File Added: store.db | |
| 2024-12-26 19:02 | christos | Assigned To | => christos |
| 2024-12-26 19:02 | christos | Status | new => assigned |
| 2024-12-26 19:02 | christos | Status | assigned => resolved |
| 2024-12-26 19:02 | christos | Resolution | open => fixed |
| 2024-12-26 19:02 | christos | Fixed in Version | => HEAD |
| 2024-12-26 19:02 | christos | Note Added: 0004143 |
