joenorton8014/messingwithpefile.py

## messingwithpefile.py
import pefile


# Inspriation from here - https://malwology.com/2018/08/24/python-for-malware-analysis-getting-started/


# Dictionary of packer sections and descriptions.
# Taken from here: http://www.hexacorn.com/blog/2016/12/15/pe-section-names-re-visited/
packer_dict = {".aspack":"Aspack packer", \
".adata":"Aspack packer/Armadillo packer", \
"ASPack":"Aspack packer", \
".ASPack":"ASPAck Protector", \
".boom":"The Boomerang List Builder (config+exe xored with a single byte key 0x77)", \
".ccg":"CCG Packer (Chinese Packer)", \
".charmve":"Added by the PIN tool", \
"BitArts":"Crunch 2.0 Packer", \
"DAStub":"DAStub Dragon Armor protector", \
"!EPack":"Epack packer", \
"FSG!":"FSG packer (not a section name, but a good identifier)", \
".gentee":"Gentee installer", \
"kkrunchy":"kkrunchy Packer", \
".mackt":"ImpRec-created section", \
".MaskPE":"MaskPE Packer", \
"MEW":"MEW packer", \
".MPRESS1":"Mpress Packer", \
".MPRESS2":"Mpress Packer", \
".neolite":"Neolite Packer", \
".neolit":"Neolite Packer", \
".nsp1":"NsPack packer", \
".nsp0":"NsPack packer", \
".nsp2":"NsPack packer", \
"nsp1":"NsPack packer", \
"nsp0":"NsPack packer", \
"nsp2":"NsPack packer", \
".packed":"RLPack Packer (first section)", \
"pebundle":"PEBundle Packer", \
"PEBundle":"PEBundle Packer", \
"PEC2TO":"PECompact packer", \
"PECompact2":"PECompact packer (not a section name, but a good identifier)", \
"PEC2":"PECompact packer", \
"pec1":"PECompact packer", \
"pec2":"PECompact packer", \
"PEC2MO":"PECompact packer", \
"PELOCKnt":"PELock Protector", \
".perplex":"Perplex PE-Protector", \
"PESHiELD":"PEShield Packer", \
".petite":"Petite Packer", \
".pinclie":"Added by the PIN tool", \
"ProCrypt":"ProCrypt Packer", \
".RLPack":"RLPack Packer (second section)", \
".rmnet":"Ramnit virus marker", \
"RCryptor":"RPCrypt Packer", \
".RPCrypt":"RPCrypt Packer", \
".seau":"SeauSFX Packer", \
".sforce3":"StarForce Protection", \
".spack":"Simple Pack (by bagie)", \
".svkp":"SVKP packer", \
"Themida":"Themida Packer", \
".Themida":"Themida Packer", \
".taz":"Some version os PESpin", \
".tsuarch":"TSULoader", \
".tsustub":"TSULoader", \
".packed":"Unknown Packer", \
"PEPACK!!":"Pepack", \
".Upack":"Upack packer", \
".ByDwing":"Upack Packer", \
"UPX0":"UPX packer", \
"UPX1":"UPX packer", \
"UPX2":"UPX packer", \
"UPX!":"UPX packer", \
".UPX0":"UPX Packer", \
".UPX1":"UPX Packer", \
".UPX2":"UPX Packer", \
".vmp0":"VMProtect packer", \
".vmp1":"VMProtect packer", \
".vmp2":"VMProtect packer", \
"VProtect":"Vprotect Packer", \
".winapi":"Added by API Override tool", \
"WinLicen":"WinLicense (Themida) Protector", \
"_winzip_":"WinZip Self-Extractor", \
".WWPACK":"WWPACK Packer", \
".yP":"Y0da Protector", \
".y0da":"Y0da Protector"}


common_sections_dict = {".00cfg":"Control Flow Guard CFG section added by newer versions of Visual Studio", \
".apiset":"a section present inside the apisetschema.dll", \
".arch":"Alpha-architecture section", \
".autoload_text":"cygwin/gcc; the Cygwin DLL uses a section to avoid copying certain data on fork.", \
".bindat":"Binary data also used by one of the downware installers based on LUA", \
".bootdat":"section that can be found inside Visual Studio files; contains palette entries", \
".bss":"Uninitialized Data Section", \
".BSS":"Uninitialized Data Section", \
".buildid":"gcc/cygwin; Contains debug information if overlaps with debug directory", \
".CLR_UEF":".CLR Unhandled Exception Handler section; see https://github.com/dotnet/coreclr/blob/master/src/vm/excep.h", \
".code":"Code Section", \
".cormeta":".CLR Metadata Section", \
".complua":"Binary data, most likely compiled LUA also used by one of the downware installers based on LUA", \
".CRT":"Initialized Data Section  C RunTime", \
".cygwin_dll_common":"cygwin section containing flags representing Cygwin’s capabilities; refer to cygwin.sc and wincap.cc inside Cygwin run-time", \
".data":"Data Section", \
".DATA":"Data Section", \
".data1":"Data Section", \
".data2":"Data Section", \
".data3":"Data Section", \
".debug":"Debug info Section", \
".debug$F":"Debug info Section Visual C++ version <7.0", \
".debug$P":"Debug info Section Visual C++ debug information precompiled information", \
".debug$S":"Debug info Section Visual C++ debug information symbolic information", \
".debug$T":"Debug info Section Visual C++ debug information type information", \
".drectve ":"directive section temporary, linker removes it after processing it; should not appear in a final PE image", \
".didat":"Delay Import Section", \
".didata":"Delay Import Section", \
".edata":"Export Data Section", \
".eh_fram":"gcc/cygwin; Exception Handler Frame section", \
".export":"Alternative Export Data Section", \
".fasm":"FASM flat Section", \
".flat":"FASM flat Section", \
".gfids":"section added by new Visual Studio 14.0; purpose unknown", \
".giats":"section added by new Visual Studio 14.0; purpose unknown", \
".gljmp":"section added by new Visual Studio 14.0; purpose unknown", \
".glue_7t":"ARMv7 core glue functions thumb mode", \
".glue_7":"ARMv7 core glue functions 32-bit ARM mode", \
".idata":"Initialized Data Section  Borland", \
".idlsym":"IDL Attributes registered SEH", \
".impdata":"Alternative Import data section", \
".itext":"Code Section  Borland", \
".ndata":"Nullsoft Installer section", \
".orpc":"Code section inside rpcrt4.dll", \
".pdata":"Exception Handling Functions Section PDATA records", \
".rdata":"Read-only initialized Data Section  MS and Borland", \
".reloc":"Relocations Section", \
".rodata":"Read-only Data Section", \
".rsrc":"Resource section", \
".sbss":"GP-relative Uninitialized Data Section", \
".script":"Section containing script", \
".shared":"Shared section", \
".sdata":"GP-relative Initialized Data Section", \
".srdata":"GP-relative Read-only Data Section", \
".stab":"Created by Haskell compiler GHC", \
".stabstr":"Created by Haskell compiler GHC", \
".sxdata":"Registered Exception Handlers Section", \
".text":"Code Section", \
".text0":"Alternative Code Section", \
".text1":"Alternative Code Section", \
".text2":"Alternative Code Section", \
".text3":"Alternative Code Section", \
".textbss":"Section used by incremental linking", \
".tls":"Thread Local Storage Section", \
".tls$":"Thread Local Storage Section", \
".udata":"Uninitialized Data Section", \
".vsdata":"GP-relative Initialized Data", \
".xdata":"Exception Information Section", \
".wixburn":"Wix section; see https://github.com/wixtoolset/wix3/blob/develop/src/burn/stub/StubSection.cpp", \
".wpp_sf ":"section that is most likely related to WPP Windows software trace PreProcessor; not sure how it is used though; the code inside the section is just a bunch of routines that call FastWppTraceMessage that in turn calls EtwTraceMessage", \
"BSS":"Uninitialized Data Section  Borland", \
"CODE":"Code Section Borland", \
"DATA":"Data Section Borland", \
"DGROUP":"Legacy data group section", \
"edata":"Export Data Section", \
"idata":"Initialized Data Section  C RunTime", \
"INIT":"INIT section drivers", \
"minATL":"Section that can be found inside some ARM PE files; purpose unknown; .exe files on Windows 10 also include this section as well; its purpose is unknown, but it contains references to ___pobjectentryfirst,___pobjectentrymid,___pobjectentrylast pointers used by Microsoft::WRL::Details::ModuleBase::… methods described e.g. here, and also referenced by .pdb symbols; so, looks like it is being used internally by Windows Runtime C++ Template Library WRL which is a successor of Active Template Library ATL; further research needed", \
"PAGE":"PAGE section drivers", \
"rdata":"Read-only Data Section", \
"sdata":"Initialized Data Section", \
"shared":"Shared section", \
"Shared":"Shared section", \
"testdata":"section containing test data can be found inside Visual Studio files", \
"text":"Alternative Code Section"}

file = pefile.PE("/root/Documents/Malware/day4/brbbot.exe")

print('######################################################################')
print('EXE or DLL?')
print('######################################################################')

# Check if file is exe or dll:
data_is_file_exe = file.is_exe()
print("Is file exe?: " + str(data_is_file_exe))
data_is_file_dll = file.is_dll()
print("Is file dll? : " + str(data_is_file_dll))

print('\n\n\n')
print('######################################################################')
print('DLLs Called')
print('######################################################################')

# Print DLLs called:
for item in file.DIRECTORY_ENTRY_IMPORT:
    print(item.dll)


print('\n\n\n')
print('######################################################################')
print('Import Address Table')
print('######################################################################')

print('=========================================================')
print('ImpHash: ' + str(file.get_imphash()))
print('=========================================================')


for item in file.DIRECTORY_ENTRY_IMPORT:
    print('=========================================================')
    print('DLL Name: ' + str(item.dll))
    print('=========================================================')
    print('===================')
    print('APIs Called: ')
    print('===================')
    for i in item.imports:
        print(str(i.name))
print('=========================================================')

# Create dictionary of file attributes:
file_dump_dict = file.dump_dict()
for sections in file_dump_dict['PE Sections']:
    section_name = sections['Name']['Value'].split("\\")[0]
    print(section_name)

print('\n\n\n')
print('######################################################################')
print('Section Overview')
print('######################################################################')


# Get file sections:
print('===================')
print('File Section Information')
print('===================')
print('------------------------------------')
print('Name\t\tDescription\t\tSection Type')
print('------------------------------------')
for sections in file_dump_dict['PE Sections']:
    section_name = sections['Name']['Value'].split("\\")[0]
    if section_name in common_sections_dict.keys():
        section_type = "Common"
        section_description = common_sections_dict[section_name]
    elif section_name in packer_dict.keys():
        section_type = "Packed Section"
        section_description = packer_dict[section_name]
    else:
        section_type = "Unknown"
        section_description = "Not found"
    print(section_name + "\t\t" + section_description + "\t\t" + section_type)


# Print section name and fileoffset
print('------------------------------------')
print('Name\t\tOffset\t\tSHA256')
print('------------------------------------')
for stuff in file_dump_dict['PE Sections']:
    print( stuff['Name']['Value'].split("\\")[0] + "\t\t" + str(stuff['Name']['FileOffset']) + "\t\t" + str(stuff['SHA256']))

# Parsing Warnings:
print('===================')
print('Parsing Warnings')
print('===================')
if 'Parsing Warnings' in file_dump_dict.keys():
    for warnings in file_dump_dict['Parsing Warnings']:
        print("Warning: " + warnings)
else:
    print('No parsing warnings')


print('\n\n\n')
print('######################################################################')
print('Detailed Section Info')
print('######################################################################')


# Terse parse through PE Sections in dump_dict:
interesting_keys = ['Name' , 'Structure' , 'Flags' , 'Entropy', 'MD5' , 'SHA1' , 'SHA256' , 'SHA256' , 'SHA512']
for stuff in file_dump_dict['PE Sections']:
    print('=========================================================')
    print(stuff['Name']['Value'].split("\\")[0])
    print('=========================================================')
    for data_i_want in interesting_keys:
        if data_i_want in stuff.keys():
            print(data_i_want)
            data_im_parsing = stuff[data_i_want]
            if type(data_im_parsing) == list:
                for item in data_im_parsing:
                    print(item)
                print("\n")
            elif type(data_im_parsing) == dict:
                for k2 in data_im_parsing:
                    print(k2 + ": " + str(data_im_parsing[k2]))
                print("\n")
            else:
                print(str(stuff[data_i_want]) + "\n")


"""
# Parse through dump_dict:
for k in file_dump_dict:
    print('===================')
    print(k)
    print('===================')
    for things in file_dump_dict[k]:
        print(things)
    print('===================')


# Parse through PE Sections in dump_dict:
for stuff in file_dump_dict['PE Sections']:
    print('=========================================================')
    print(stuff['Name']['Value'].split("\\")[0])
    print('=========================================================')
    for k in stuff:
        print(k + ":")
        data_im_parsing = stuff[k]
        if type(data_im_parsing) == list:
            for item in data_im_parsing:
                print(item)
            print("\n")
        elif type(data_im_parsing) == dict:
            for k2 in data_im_parsing:
                print(k2 + ": " + str(data_im_parsing[k2]))
            print("\n")
        else:
            print(str(stuff[k]) + "\n")
"""
	import pefile


	# Inspriation from here - https://malwology.com/2018/08/24/python-for-malware-analysis-getting-started/



	# Dictionary of packer sections and descriptions.
	# Taken from here: http://www.hexacorn.com/blog/2016/12/15/pe-section-names-re-visited/
	packer_dict = {".aspack":"Aspack packer", \
	".adata":"Aspack packer/Armadillo packer", \
	"ASPack":"Aspack packer", \
	".ASPack":"ASPAck Protector", \
	".boom":"The Boomerang List Builder (config+exe xored with a single byte key 0x77)", \
	".ccg":"CCG Packer (Chinese Packer)", \
	".charmve":"Added by the PIN tool", \
	"BitArts":"Crunch 2.0 Packer", \
	"DAStub":"DAStub Dragon Armor protector", \
	"!EPack":"Epack packer", \
	"FSG!":"FSG packer (not a section name, but a good identifier)", \
	".gentee":"Gentee installer", \
	"kkrunchy":"kkrunchy Packer", \
	".mackt":"ImpRec-created section", \
	".MaskPE":"MaskPE Packer", \
	"MEW":"MEW packer", \
	".MPRESS1":"Mpress Packer", \
	".MPRESS2":"Mpress Packer", \
	".neolite":"Neolite Packer", \
	".neolit":"Neolite Packer", \
	".nsp1":"NsPack packer", \
	".nsp0":"NsPack packer", \
	".nsp2":"NsPack packer", \
	"nsp1":"NsPack packer", \
	"nsp0":"NsPack packer", \
	"nsp2":"NsPack packer", \
	".packed":"RLPack Packer (first section)", \
	"pebundle":"PEBundle Packer", \
	"PEBundle":"PEBundle Packer", \
	"PEC2TO":"PECompact packer", \
	"PECompact2":"PECompact packer (not a section name, but a good identifier)", \
	"PEC2":"PECompact packer", \
	"pec1":"PECompact packer", \
	"pec2":"PECompact packer", \
	"PEC2MO":"PECompact packer", \
	"PELOCKnt":"PELock Protector", \
	".perplex":"Perplex PE-Protector", \
	"PESHiELD":"PEShield Packer", \
	".petite":"Petite Packer", \
	".pinclie":"Added by the PIN tool", \
	"ProCrypt":"ProCrypt Packer", \
	".RLPack":"RLPack Packer (second section)", \
	".rmnet":"Ramnit virus marker", \
	"RCryptor":"RPCrypt Packer", \
	".RPCrypt":"RPCrypt Packer", \
	".seau":"SeauSFX Packer", \
	".sforce3":"StarForce Protection", \
	".spack":"Simple Pack (by bagie)", \
	".svkp":"SVKP packer", \
	"Themida":"Themida Packer", \
	".Themida":"Themida Packer", \
	".taz":"Some version os PESpin", \
	".tsuarch":"TSULoader", \
	".tsustub":"TSULoader", \
	".packed":"Unknown Packer", \
	"PEPACK!!":"Pepack", \
	".Upack":"Upack packer", \
	".ByDwing":"Upack Packer", \
	"UPX0":"UPX packer", \
	"UPX1":"UPX packer", \
	"UPX2":"UPX packer", \
	"UPX!":"UPX packer", \
	".UPX0":"UPX Packer", \
	".UPX1":"UPX Packer", \
	".UPX2":"UPX Packer", \
	".vmp0":"VMProtect packer", \
	".vmp1":"VMProtect packer", \
	".vmp2":"VMProtect packer", \
	"VProtect":"Vprotect Packer", \
	".winapi":"Added by API Override tool", \
	"WinLicen":"WinLicense (Themida) Protector", \
	"_winzip_":"WinZip Self-Extractor", \
	".WWPACK":"WWPACK Packer", \
	".yP":"Y0da Protector", \
	".y0da":"Y0da Protector"}


	common_sections_dict = {".00cfg":"Control Flow Guard CFG section added by newer versions of Visual Studio", \
	".apiset":"a section present inside the apisetschema.dll", \
	".arch":"Alpha-architecture section", \
	".autoload_text":"cygwin/gcc; the Cygwin DLL uses a section to avoid copying certain data on fork.", \
	".bindat":"Binary data also used by one of the downware installers based on LUA", \
	".bootdat":"section that can be found inside Visual Studio files; contains palette entries", \
	".bss":"Uninitialized Data Section", \
	".BSS":"Uninitialized Data Section", \
	".buildid":"gcc/cygwin; Contains debug information if overlaps with debug directory", \
	".CLR_UEF":".CLR Unhandled Exception Handler section; see https://github.com/dotnet/coreclr/blob/master/src/vm/excep.h", \
	".code":"Code Section", \
	".cormeta":".CLR Metadata Section", \
	".complua":"Binary data, most likely compiled LUA also used by one of the downware installers based on LUA", \
	".CRT":"Initialized Data Section C RunTime", \
	".cygwin_dll_common":"cygwin section containing flags representing Cygwin’s capabilities; refer to cygwin.sc and wincap.cc inside Cygwin run-time", \
	".data":"Data Section", \
	".DATA":"Data Section", \
	".data1":"Data Section", \
	".data2":"Data Section", \
	".data3":"Data Section", \
	".debug":"Debug info Section", \
	".debug$F":"Debug info Section Visual C++ version <7.0", \
	".debug$P":"Debug info Section Visual C++ debug information precompiled information", \
	".debug$S":"Debug info Section Visual C++ debug information symbolic information", \
	".debug$T":"Debug info Section Visual C++ debug information type information", \
	".drectve ":"directive section temporary, linker removes it after processing it; should not appear in a final PE image", \
	".didat":"Delay Import Section", \
	".didata":"Delay Import Section", \
	".edata":"Export Data Section", \
	".eh_fram":"gcc/cygwin; Exception Handler Frame section", \
	".export":"Alternative Export Data Section", \
	".fasm":"FASM flat Section", \
	".flat":"FASM flat Section", \
	".gfids":"section added by new Visual Studio 14.0; purpose unknown", \
	".giats":"section added by new Visual Studio 14.0; purpose unknown", \
	".gljmp":"section added by new Visual Studio 14.0; purpose unknown", \
	".glue_7t":"ARMv7 core glue functions thumb mode", \
	".glue_7":"ARMv7 core glue functions 32-bit ARM mode", \
	".idata":"Initialized Data Section Borland", \
	".idlsym":"IDL Attributes registered SEH", \
	".impdata":"Alternative Import data section", \
	".itext":"Code Section Borland", \
	".ndata":"Nullsoft Installer section", \
	".orpc":"Code section inside rpcrt4.dll", \
	".pdata":"Exception Handling Functions Section PDATA records", \
	".rdata":"Read-only initialized Data Section MS and Borland", \
	".reloc":"Relocations Section", \
	".rodata":"Read-only Data Section", \
	".rsrc":"Resource section", \
	".sbss":"GP-relative Uninitialized Data Section", \
	".script":"Section containing script", \
	".shared":"Shared section", \
	".sdata":"GP-relative Initialized Data Section", \
	".srdata":"GP-relative Read-only Data Section", \
	".stab":"Created by Haskell compiler GHC", \
	".stabstr":"Created by Haskell compiler GHC", \
	".sxdata":"Registered Exception Handlers Section", \
	".text":"Code Section", \
	".text0":"Alternative Code Section", \
	".text1":"Alternative Code Section", \
	".text2":"Alternative Code Section", \
	".text3":"Alternative Code Section", \
	".textbss":"Section used by incremental linking", \
	".tls":"Thread Local Storage Section", \
	".tls$":"Thread Local Storage Section", \
	".udata":"Uninitialized Data Section", \
	".vsdata":"GP-relative Initialized Data", \
	".xdata":"Exception Information Section", \
	".wixburn":"Wix section; see https://github.com/wixtoolset/wix3/blob/develop/src/burn/stub/StubSection.cpp", \
	".wpp_sf ":"section that is most likely related to WPP Windows software trace PreProcessor; not sure how it is used though; the code inside the section is just a bunch of routines that call FastWppTraceMessage that in turn calls EtwTraceMessage", \
	"BSS":"Uninitialized Data Section Borland", \
	"CODE":"Code Section Borland", \
	"DATA":"Data Section Borland", \
	"DGROUP":"Legacy data group section", \
	"edata":"Export Data Section", \
	"idata":"Initialized Data Section C RunTime", \
	"INIT":"INIT section drivers", \
	"minATL":"Section that can be found inside some ARM PE files; purpose unknown; .exe files on Windows 10 also include this section as well; its purpose is unknown, but it contains references to ___pobjectentryfirst,___pobjectentrymid,___pobjectentrylast pointers used by Microsoft::WRL::Details::ModuleBase::… methods described e.g. here, and also referenced by .pdb symbols; so, looks like it is being used internally by Windows Runtime C++ Template Library WRL which is a successor of Active Template Library ATL; further research needed", \
	"PAGE":"PAGE section drivers", \
	"rdata":"Read-only Data Section", \
	"sdata":"Initialized Data Section", \
	"shared":"Shared section", \
	"Shared":"Shared section", \
	"testdata":"section containing test data can be found inside Visual Studio files", \
	"text":"Alternative Code Section"}

	file = pefile.PE("/root/Documents/Malware/day4/brbbot.exe")

	print('######################################################################')
	print('EXE or DLL?')
	print('######################################################################')

	# Check if file is exe or dll:
	data_is_file_exe = file.is_exe()
	print("Is file exe?: " + str(data_is_file_exe))
	data_is_file_dll = file.is_dll()
	print("Is file dll? : " + str(data_is_file_dll))

	print('\n\n\n')
	print('######################################################################')
	print('DLLs Called')
	print('######################################################################')

	# Print DLLs called:
	for item in file.DIRECTORY_ENTRY_IMPORT:
	print(item.dll)


	print('\n\n\n')
	print('######################################################################')
	print('Import Address Table')
	print('######################################################################')

	print('=========================================================')
	print('ImpHash: ' + str(file.get_imphash()))
	print('=========================================================')


	for item in file.DIRECTORY_ENTRY_IMPORT:
	print('=========================================================')
	print('DLL Name: ' + str(item.dll))
	print('=========================================================')
	print('===================')
	print('APIs Called: ')
	print('===================')
	for i in item.imports:
	print(str(i.name))
	print('=========================================================')

	# Create dictionary of file attributes:
	file_dump_dict = file.dump_dict()
	for sections in file_dump_dict['PE Sections']:
	section_name = sections['Name']['Value'].split("\\")[0]
	print(section_name)

	print('\n\n\n')
	print('######################################################################')
	print('Section Overview')
	print('######################################################################')


	# Get file sections:
	print('===================')
	print('File Section Information')
	print('===================')
	print('------------------------------------')
	print('Name\t\tDescription\t\tSection Type')
	print('------------------------------------')
	for sections in file_dump_dict['PE Sections']:
	section_name = sections['Name']['Value'].split("\\")[0]
	if section_name in common_sections_dict.keys():
	section_type = "Common"
	section_description = common_sections_dict[section_name]
	elif section_name in packer_dict.keys():
	section_type = "Packed Section"
	section_description = packer_dict[section_name]
	else:
	section_type = "Unknown"
	section_description = "Not found"
	print(section_name + "\t\t" + section_description + "\t\t" + section_type)


	# Print section name and fileoffset
	print('------------------------------------')
	print('Name\t\tOffset\t\tSHA256')
	print('------------------------------------')
	for stuff in file_dump_dict['PE Sections']:
	print( stuff['Name']['Value'].split("\\")[0] + "\t\t" + str(stuff['Name']['FileOffset']) + "\t\t" + str(stuff['SHA256']))

	# Parsing Warnings:
	print('===================')
	print('Parsing Warnings')
	print('===================')
	if 'Parsing Warnings' in file_dump_dict.keys():
	for warnings in file_dump_dict['Parsing Warnings']:
	print("Warning: " + warnings)
	else:
	print('No parsing warnings')





	print('\n\n\n')
	print('######################################################################')
	print('Detailed Section Info')
	print('######################################################################')



	# Terse parse through PE Sections in dump_dict:
	interesting_keys = ['Name' , 'Structure' , 'Flags' , 'Entropy', 'MD5' , 'SHA1' , 'SHA256' , 'SHA256' , 'SHA512']
	for stuff in file_dump_dict['PE Sections']:
	print('=========================================================')
	print(stuff['Name']['Value'].split("\\")[0])
	print('=========================================================')
	for data_i_want in interesting_keys:
	if data_i_want in stuff.keys():
	print(data_i_want)
	data_im_parsing = stuff[data_i_want]
	if type(data_im_parsing) == list:
	for item in data_im_parsing:
	print(item)
	print("\n")
	elif type(data_im_parsing) == dict:
	for k2 in data_im_parsing:
	print(k2 + ": " + str(data_im_parsing[k2]))
	print("\n")
	else:
	print(str(stuff[data_i_want]) + "\n")





	"""
	# Parse through dump_dict:
	for k in file_dump_dict:
	print('===================')
	print(k)
	print('===================')
	for things in file_dump_dict[k]:
	print(things)
	print('===================')


	# Parse through PE Sections in dump_dict:
	for stuff in file_dump_dict['PE Sections']:
	print('=========================================================')
	print(stuff['Name']['Value'].split("\\")[0])
	print('=========================================================')
	for k in stuff:
	print(k + ":")
	data_im_parsing = stuff[k]
	if type(data_im_parsing) == list:
	for item in data_im_parsing:
	print(item)
	print("\n")
	elif type(data_im_parsing) == dict:
	for k2 in data_im_parsing:
	print(k2 + ": " + str(data_im_parsing[k2]))
	print("\n")
	else:
	print(str(stuff[k]) + "\n")
	"""