test and bugfix

huettenhain · huettenhain · commit 1921407520f6 · 2026-02-08T13:22:35.000+01:00
diff --git a/refinery/lib/id.py b/refinery/lib/id.py
@@ -428,7 +428,7 @@ def get_pe_type(data: buf):
         )
     else:
         return None
-    if data[nt + 0x16] & 0x20:
+    if data[nt + 0x17] & 0x20:
         return dll
     subsystem = data[nt + 0x5C] - 1
     if not 0 <= subsystem <= 2:
diff --git a/test/units/test_grabbag.py b/test/units/test_grabbag.py
@@ -136,3 +136,8 @@ def test_malicious_pdf_with_javascript(self):
             'http'U':/'R'/addvertseense'U'.co'R'.uk/bfgnqs2.exe',
             'http'U':/'R'/addvertseense'U'.co'R'.uk/click.php',
         })
+
+    def test_0x09_extension(self):
+        data = self.download_sample('bb41df67b503fef9bfd8f74757adcc50137365fbc25b92933573a64c7d419c1b')
+        test, = data | self.load_pipeline('alu B@S -P2 -s64 -e=R(E*0x81F6+0xF3C7,8) | rev')
+        self.assertEqual(test.meta['ext'], 'dll')
