From Collaborative RCE Tool Library

Jump to: navigation, search

Packer Identifiers


Tool name: ExeInfo PE
Rating: 5.0 (1 vote)
Author: A.S.L.                        
Website: http://www.exeinfo.xn.pl
Current version: 0.0.4.1 with 902+35 signatures
Last updated: December 15, 2015
Direct D/L link: Locally archived copy
License type: Free
Description: Good detector for packers, compressors , compiler + unpack info + internal exe tools.
Internal Ripper for zip,rar,Flash swf,GFX-bmp/jpg/png/gif,cab,msi,bzip, ...
Colored Disassembler,Delphi Form viewer , .Zlib unpacker v1.2.8 , .NET exe info
Internal detector for non executable files.
Also listed in: .NET Tools, .NET Unpackers, Compiler Identifiers, Crypto Tools, Deobfuscation Tools, Linux Unpackers, PE EXE Signature Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Neil's Collection of Packer Signatures
Rating: 5.0 (1 vote)
Author: Asterix                        
Website: N/A
Current version:
Last updated: September 5, 2012
Direct D/L link: Locally archived copy
License type:
Description: Neil's Collection of Packer Signatures
Also listed in: Packer Identifier Signatures
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Protection ID
Rating: 5.0 (2 votes)
Author: CDKiLLER and Tippex                        
Website: http://pid.gamecopyworld.com
Current version: 6.1.3
Last updated: December 26, 2008
Direct D/L link: Locally archived copy
License type: Free
Description: The ultimate Game Protection Scanner

The current version does detect more than
250 exe-packers, PC ISO Protections, Dongles, Licenses and Installers in
such an exact and fake proof way you haven´t seen before in any scanning tool due the detailed checks.
False reports and detection where other tools fail are history.

Features

* Scanning of PC Games & Application files to detect the protection used(s)
* Detects most of the available executable compressor / crypter and it´s up to date in detecting the newest PC-Game protections
* Scanning CDs / DVDs for Tagés (only available on win2k / winxp, but no ASPI drivers required)
* Scan folders with all the included files
* Coded in 100% Win32 Assembly language, allowing it to run on every WinOS since Windows 95
* Easy scanning with the shell context menu 'Scan with Protection ID...' or drag & drop files into the (simple to use) GUI
* Ability to scan a cracked file and to get possible information which protection was originally used
* Check for the newest update and download it
* More strong scanning routines allowing it to detect multiple (!) protections in one file
* No additional files like VB Runtimes, MSVC dlls or ASPI drivers are required, you simply need one exe file !
* Constantly updated to detect the newest protections available for PC Games & Applications (hey which other tool has this feature too ? ;-)

* Detection for most of the available PC Game Protections
- 3P Lock
- CDCops
- CDLock
- Codelok
- JoWood X-Prot
- Laserlok / Laserlok Marathon
- Protect DiSC
- Ring-Protech
- Safedisc
- SecuROM
- Settec Alpha ROM
- SmartE
- SolidShield
- StarForce
- Sysiphus
- Tages
- VOB Protect CD/DVD


* PC Game Trial Protections
- ActiveMARK
- GameHouse Trial Wrapper
- INTENIUM Try & Buy detection
- KochMedia ePolice
- ReflexiveArcade Wrapper
- SVKP Online
- WildTangent Wrapper
- Zylom Wrapper


* Dongles
- DinKey
- Hardlock
- Guardant
- HASP Hardware Lock
- HASP Hardware Lock Envelope
- Key-Lok II
- SENTiNEL
- SENTiNEL SUPER PRO
- SmartKey
- WIBU


* Licenses
- CrypKey Instant
- CrypKey SDK
- eLicense
- FlexLM
- FlexNET
- HASP SL Licensing System
- InterLok
- nTitles Activator
- Protection Plus
- Release Software Corporations SalesAgent
- Safecast
- Sentinel License Manager


* .NET protectors
- {smartassembly}
- .NetZ
- dotFuscator
- DotNet Guard
- dotNet Protector v4 & v5
- dotNet Reactor v2.x / v3.x
- Sixxpack .Net Compressor
- XHEO CodeVeil


* EXE Packers / Protectors (freeware)
- ABC Crypt v1.0
- Alex Protector v1.0 Beta 2
- ANDpakk2
- Anslym Packer
- ARM Protector v0.1, v0.2, v0.3
- ASDPack v2
- Aver Cryptor v1.00, v1.02 Beta
- BamBam v0.0.1
- BeRoEXEPacker v1.00
- Beria v0.0.7
- Berio v1.0
- BitShape PE Crypt v1.5
- BJFNT v1.1, v1.2, v1.3
- CDS SS 1.0 Beta 1
- Celsius Crypter v2.1
- cEXE 1.0a / 1.0b
- CICompress v1.0
- CodeCrypt v0.15, v0.16 - v0.161, v0.163 - v0.164, [unknown version]
- Cryptic v2.0
- CRYPToCRACks PE Protector v0.9.2, v0.9.3
- DalKrypt v1.0
- Daemon Protect v0.6.7
- DEF v1.0
- DePack
- Dot Fix Fake Signer
- DragonArmor v0.0.4.1
- Dual´s EXE Encryptor v1.0, v1.1b
- Encrypt PE v1.2003.5.18, v2.2004.8.10 / 2.2006.1.15, v2.2006.10.1, v2.2007.4.11
- EP (EXE Pack)
- EP Protector v0.3 [AHTeam]
- Excalibur v1.03
- EXE Evil v1.0
- EXE ReFactor v0.2
- fEaRz Crypter v1.0 Beta 1
- fEaRz Packer v0.3
- FishPe Shield v2.0.1
- Forgot v1.0
- Frensh Layor v1.81
- FSG v1.0, v1.2, 1.3 - v1.31, 1.3.3, 1.33, v1.33a, 2.0
- Goat´s PE Mutilator v1.6
- Hide PE (ASProtect 1.2 [New Strain] method, VBOX 4.3 MTE method)
- hmimys PE-Pack v0.1
- JD Pack v1.01, v2.00
- KByS Packer v0.28 Beta
- KaOs PE eXecutable Undetecter
- kkrunchy
- Krypton v0.2, v0.3, v0.4, v0.5
- LameCrypt
- marcrypt v0.1
- MarjinZ ScramblerSE
- Mew 5 EXE Coder 0.1
- Mew 10
- Mew 11 SE v1.1 - v1.2
- mkfPack
- Morphine v1.2 - v1.3, 1.4 - v2.7
- mPack v0.0.2 & v0.0.3
- MSLRH v0.31a, v0.32
- MuCruncher
- MZ0oPE v1.0.6b
- MZ Crypt v1.0
- NFO v1.0
- Noodlecrypt v2
- nPack v1.1.250.2006 Beta, v1.1.300.2006 Beta
- Packanoid v1.0, v1.1
- PackItBitch v1.0
- Packman v0.0.0.1, v1.0
- Pack Master v1.6
- Passlock 2000
- PE 123 v2006.4.4
- PE-Armot (Hying) v0.x
- PEQuake v0.06
- PE Crypt v1.0x
- PE Diminisher v0.1
- PE LockNT v2.01, v2.02, v2.04
- PE Mangle
- PE Nguincrypt v1.0
- PE Nightmare
- PE Ninja
- PE Pack v0.99, v1.0
- PE Shield v0.1d, v0.2, v0.25, [unknown version]
- PE Shrink
- PE Spin v0.0b, v0.3, v0.41, v0.7, v1.0, v1.1, v1.3, [unknown version]
- PE Stub OEP v1.x (Entry Point Faker)
- PE Zip v1.0
- Perplex PE Protector v1.01
- PEX v0.99
- Poisen Ivy Crypter v1
- PolyCrypt PE
- PolyEnE
- Program Protector v1.x - v2.x
- Protect v0.1.3
- Protect EXE v0.4a Beta
- Punisher v1.5 (DEMO)
- QrYPt0r v1.0
- RLPack v1.16, v1.17, v1.18, v1.19, [unknown version]
- Sexe Crypter v1.1
- Shrink Wrap v1.4
- SimplePack v1.11
- Simple PE Crypter
- SLVc0deProtector v0.61, v1.1, v1.11
- Smokes EXE Shield v0.5
- Ste@lth PE v1.x, v2.x
- Stones PE Crypter v1.13
- TELock v0.42, v0.51, v0.60, v0.70, v0.71, v0.80, v0.85f, v0.90, v0.92a, v0.95, v0.96, v0.98b1, v1.00
- The Best Cryptor [by FsK]
- Thunderbolt v0.0.2
- TPP Pack
- unkOwn Crypter v1.0
- UPack v0.10 - v0.12, v0.20, v0.21, v0.22 - v0.23, v0.24 - v0.28, v0.29 - v0.33, v0.34 - v0.35, v0.36 - v0.39
- UPX, UPX Mutator, Visual UPX v0.2, [unknown / modified UPX]
- UPX Mutanter v0.2
- UPX Protector v1.0e
- UPX Scrambler
- UPX$HiT 0.0.1
- USSR v0.31
- VCrypt v0.9b
- Virogen Crypt v0.75
- VPacker v0.02.10
- WinKrypt v1.0
- XCR v0.12, v0.13
- xxPack v0.1
- Yoda´s Crypter v1.1, v1.2, v1.3
- Yoda´s Protector v1.0b, v1.02b, v1.02d, v1.02.05, v1.03.01 BETA, v1.03.02 BETA, v1.03.3
- YZPack v1.1 & v1.2
- Z-Code v1.01


* EXE Packers / Protectors (commercial)
- ACProtect v1.09, v1.10, v1.20, v1.21, v1.22, v1.23, v1.3c, v1.32, v1.35 - v1.40, v2.0
- Air EXE Lock
- Akala EXE Lock
- Armadillo (lots of specific versions and version ranges)
- ASPack v1.00b, v1.01b, v1.02b, v1.03b, v1.05b, v1.06b / v1.061b, v1.07b, v1.08.00, v1.08.01, v1.08.02, v1.08.03, v1.08.04, v2.000, v2.001, v2.1, v2.11, v2.11c / v2.11d, v2.12, v2.12b
- ASProtect v1.0, v1.1, v1.11, v1.2, v1.22 - v1.23, 1.23 RC4 - v1.3.08.24, v1.23 RC4 (Registered), v1.31 Build 2004.04.27, v1.32, v2.0, v2.1 SKE, v2.2, v2.3, 2.1 - v2.3, 2.x [unknown version]
- Bit-Arts Crunch v5.0
- CopyMinder
- Cryptolock
- DBPE v2.33
- Enigma Protector v1.02 Build 3.10, v1.02 Build 4.00, v1.11, v1.12, v1.14, v1.16
- EXE32Pack v1.37, v1.38, v1.42
- EXE Cryptor v1.5.x
- EXE Cryptor 2.0.0 - 2.1.0, 2.2.0 - v2.2.6, 2.3.0 - v2.3.9, 2.2.0 - 2.4.0, 2.4.0 (or newer), 2.xx [unknown version]
- EXE Guard v1.3
- EXE Password 2004 v1.111, 1.112, v1.114, [unknown version]
- EXE Password Lock v1.01
- EXE Prot v1.x
- EXE Protector v2.x
- EXE Safe v2.0
- EXE Shield 2.7, v2.7b, v2.8a, v2.9, v3.6, v3.7
- EXEStealth v2.70, v2.73, v2.74, v2.75, v2.75a
- ExPressor v1.0, v1.1, v1.2, v1.3, v1.4, v1.5
- E-Zip v1.0
- Ion Ice EXE Lock v1.0
- KasperSky Pack
- MazePath EXELockout v3.0
- MoleBox 2.0.0 - v2.3.0, 2.2.3, 2.2.4, 2.2.5, v2.2.6, v2.2.8, v2.3.0, v2.3.3 v2.4.0, v2.5.0, v2.5.5, v2.5.12 - v2.6.3, 2.3.3 - v2.6.4
- Neolite v1.x - v2.x
- NSPack 2.3 - v2.7, v2.9, v3.0, v3.1, v3.3, v3.4, v3.5, v3.6, v3.7, [unknown version]
- nTitles Verifier for .NET
- NTkernelPacker v0.1 (exe + dlls)
- Obsidium v1.0.0.61, v1.1.1.0, v1.1.1.4, v1.2.0.0, v1.2.5.0, v1.3.0.0, v1.3.0.4, v1.3.3.4, v1.3.3.7, v1.3.3.9, v1.3.4.1, [unknown version]
- ORiEN v2.12
- PC Guard v4.06, v5.00, v5.01
- PEBundle v3.xx
- PE Compact v1.00 - v1.3x, v1.40 - v1.50, v1.55, v1.56 - v1.65, v1.66 - v1.84 v2.0 Beta Build 52, v2.00 - v2.10, v2.20 - v2.79, 2.xx [unknown version]
- PE Lock v1.0x
- Petite v1.2, v1.3, v1.4, v2.2, v2.3, [unknown version]
- PKLite32 v1.1
- Private EXE v2.x
- SD Protector v1.12, v1.16
- Special EXE Password Protector
- Shegerd EXE Protector & Anti-Debugger
- Shrinker v3.4, v3.5, [unknown version]
- Softdefender v1.0 - v1.1
- Soft Sentry v3
- Software Compress v1.2, v1.4
- SoftWrap
- SVKP v1.051, v1.11, v1.3x - v1.4x, [unknown version]
- Themida v1.0.0.0 - v1.8.1.0, v1.8.2.0 (or newer)
- Trial Master v2.x
- VBO Watch 3
- Visual Protect
- Vcasm-Protector v1.0
- VM Protect 1.00 - v1.10, 1.20 - v1.50
- WinLicense v1.0.0.0 - v1.8.1.0, v1.8.2.0 (or newer)
- WWPack32 v1.xx
- X-treme Protector v1.00 - v1.06, 1.07 - v1.08, 1.07 BUiLD 12-12-03, 1.08 BUiLD 15-12-03, 1.08 FiNAL


* Installers
- 7 - Zip SFX Setup Module
- AKInstaller Module
- Aquarius Soft Self-Extractor Archive
- Astrum Install Wizard
- AW Install Engine
- BinPatch
- Bitarts Install Wrap
- Blizzard PrePatch Module
- Clickteam Install Maker
- Clickteam Patch Maker
- Create Install 2003
- Gentee Installer
- Ghost Installer
- GKWare SFX Setup
- Inno Setup
- InstallAware Setup Module
- Installer 2 Go
- InstallShield v5.53.168.0, v6.31.100.1221, v7.1.100.1242, v7.7.0.262, v8.x, v9.1.0.429, v10, v10.5, v11, v12
- Install Zip Setup
- IZarc Self Extractor
- Microsoft SFX CAB Module
- Nullsoft SFX Setup
- Paquet Builder - Enhanced Self-Extracting Zip Module
- Patch Wise
- PKSFX Module
- Power Archiver 2003 v8.x SFX Module
- QSetup SFX Kernel
- Red Shift Installation System
- RTPatch Module
- Setup Factory
- SFX Factory!
- Silicon Realms Install Module
- Sony Self-Extracting Packager Archive
- Spoon Installer
- Tarma Installer Module
- VISE Mindvision Wizard
- WinAce Self-Extractor Module
- WinRAR SFX Archive
- WinZip SFX
- Wise Installation Wizard
- Zip Central SFX Module
- Zip SFX Archive
- Z-Up Maker SFX Archive
- Zylom Games Setup Module
Also listed in: Protection Identifiers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: AT4RE FastScanner
Rating: 4.4 (5 votes)
Author: AT4RE Team                        
Website: http://www.at4re.com
Current version: 3.0 Final
Last updated: December 18, 2009
Direct D/L link: Locally archived copy
License type: Free
Description: Yet another Win32 PE Packer/Protector Identifier.

[ Description ]

- FastScanner is a Detector for most packers, cryptors and compilers for PE Files Programmed in ASM and designed for ‎fast access to most needed plugins.

####################################################################
FastScanner v3.0 Final Change log:
07/01/2010

1- Update signature Database file.
2- Add Tricks Finder function in the Information dialog. [Still Beta]
3- Fixed Bug when click in the Smart-Scan button twice.
4- Fixed Bug with Overlay size.
5- Many Bug Fixed in the program.

####################################################################
FastScanner v3.0 Beta 3 Change log:
18/12/2009

1- Update and optimize signature Database file.
2- Update SmartScan method.
3- Improve the information dialog.
4- Add Overlay signature detection in the Information dialog.
5- Add number of sections detection method.
6- Add JunckCode Detection.
7- AT4RE Overlay Tool v0.2 by STRELiTZIA.
8- Hash & Crypto Detector v1.4 by Mr.Paradox.
9- Signature Manager v1.1 by GamingMasteR.
10- Fixed Bug in Smart-Scan with some protectors.
11- Fixed Bug with ToolTip when using Smart-Scan.
12- Fixed Bug when scanning a Folder.
13- Fixed Bug in the scanning algorithm.

####################################################################
FastScanner v3.0 Beta 2 Change log:
26/10/2009

1- Add colors to the disassembler by GamingMasteR.
2- Add SmartScan method.
3- Add Overlay Detection method.
4- Fixed Bug in ScanDirectory.
5- Fixed Bug in Scanning an opened file.
6- Fixed Bug with RLPack protected files.
7- Fixed Bug in Detecting Overlay.
8- Fixed Bug in Detecting Fake-Signature.
9- Fixed Bug in Matches number in the Total-Scan.

####################################################################
FastScanner v3.0 Beta Change log:
25/09/2009

1- Change Signature DataBase for more accuracy.
2- Updating the scanning algorithm.
3- New and powerful Signature Manager plugin.
4- New Hash & Crypto detector plugin by Mr.Paradox.
5- New GFX for version 3 by RobenHoodArab.
6- Add new PEHeader-Viewer dialog to main window in FS.
7- Add Hex-Viewer and Resource-Viewer on the PEHeader-Viewer Dialog.
8- Add tooltips with information about the content of PEHeader-Viewer dialog.
9- Add Unpacking Information dialog (still Beta).
10- Add ScanDirectory dialog.
11- Add Compiler Detection Mechanism.
12- Add Anti-FakeSignature algorithm.
13- Update the Export and Import Viewer dialogs.
14- Fixed Bug in ImportTable Viewer with Upack.
15- PE Editor : Fixed Bug in Resource Viewer.
16- PE Editor : Fixed Bug in ImportTable Viewer.
17- PE Editor : Fixed Bug in ExportTable Viewer.
18- PE Editor : Add ReadOnly-Mode and FullAccess-Mode.
19- PE Editor : Add 16Edit HexEditor by yoda.
Also listed in: Compiler Identifiers, Packer Identifier Signatures
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: PEiD
  • Currently4.3333333333333/5
  • 1
  • 2
  • 3
  • 4
  • 5
Rating: 4.3 (3 votes)
Author: BoB                        
Website: http://www.woodmann.com/BobSoft/
Current version: 0.95
Last updated: March 31, 2008
Direct D/L link: http://www.woodmann.com/BobSoft/Files/Other/PEiD-0.95-20081103.zip
License type: Free
Description: PEiD detects most common packers, cryptors and compilers for PE files. It can currently detect more than 600 different signatures in PE files.

PEiD is special in some aspects when compared to other identifiers already out there!

1. It has a superb GUI and the interface is really intuitive and simple.
2. Detection rates are amongst the best given by any other identifier.
3. Special scanning modes for *advanced* detections of modified and unknown files.
4. Shell integration, Command line support, Always on top and Drag'n'Drop capabilities.
5. Multiple file and directory scanning with recursion.
6. Task viewer and controller.
7. Plugin Interface with plugins like Generic OEP Finder and Krypto ANALyzer.
8. Extra scanning techniques used for even better detections.
9. Heuristic Scanning options.
10. New PE details, Imports, Exports and TLS viewers
11. New built in quick disassembler.
12. New built in hex viewer.
13. External signature interface which can be updated by the user.
Also listed in: Compiler Identifiers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: DiE (Detect it Easy)
Rating: 4.0 (1 vote)
Author: Hellsp@wn                        
Website: http://hellspawn.nm.ru
Current version: 0.64
Last updated: May 6, 2007
Direct D/L link: Locally archived copy
License type: Free
Description: Packer identifier that is supposed to be good.
Also listed in: Compiler Identifiers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: RDG Packer Detector
Rating: 3.5 (2 votes)
Author: RDGMax                        
Website: http://www.rdgsoft.8k.com
Current version: 0.6.7
Last updated: June 26, 2011
Direct D/L link: http://rdgsoft.8k.com/images/v0.6.7%20Vx%20Edition/RDG%20Packer%20Detector%20v0.6.7%202011%20Vx-Edition.rar
License type: Free
Description: RDG Packer Detector is a detector packers, Cryptors, Compilers,
Packers Scrambler,Joiners,Installers.

-Holds Fast detection system..
-Has detection system Powerful Analyzing the complete file, allowing the detection of Muli-packers in several cases.
-You can create your own Signatures detection.
-Holds Crypto-Graphic Analyzer.
-Allows you to calculate the checksum of a file.
-Allows you to calculate the Entropy, reporting if the program looked at the compressed, encrypted or not.
-OEP-Detector (Original Point of Entry) of a program.
-You can Check and download and you always signaturas.RDG Packer Detector will be updated.
-Plug-ins Loader..
-Signatures converter.
-Detector distortive Entry Point.
-De-Binder an extractor attachments.
-System Improved heuristic.

What's New! v0.6.6

-New Interface!

-Fast Mode Detection and Mode Powerful Improved!
-Super base signatures Updated!
-Heuristic detection of Binders
-Detection and Extraction Overlay!
-Check and Auto-Update of signatures!
-Super Fast Detection of MD5 Hash!
-Support for Multiple Plug-ins for both RDG Packer Detector and other detectors!
-Detection of Multiple-MPG formats, GIF, RAR, ZIP, MP3 etc..
-Detection and removal of attachments!
Also listed in: Compiler Identifiers, Entropy Analyzers, PE EXE Signature Tools, Packer Identifier Signatures
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: ActiveMARK Version Viewer
Rating: 0.0 (0 votes)
Author: Nacho_Dj                        
Website: http://arteam.accessroot.com/releases.html
Current version: 1.2
Last updated: February 24, 2009
Direct D/L link: Locally archived copy
License type: Free
Description: ActiveMARK Version Viewer 1.2 - 2009/01/14 - Bilingual edition (English/Spanish)

Updated for the new version AM6.50.767.


History
-------

*** version 1.1 - 2008/08/14 - Bilingual edition (English/Spanish)

When checking an ActiveMARK license file, it shows the Activation Code.


*** version 1.0 - 2008/04/13 - Bilingual edition (English/Spanish)

Tool for detecting if a target is protected with ActiveMARK protection.

Available for any kind of file.

Running on an executable will launch it with the proper arguments to show the version by using the ActiveMARK internal engine.

It permits a static analysis (not executing anything), by checking 'Do not launch executables' checkbox. This option will prevent your system from getting neither new hidden registry entries that the protection adds to your system, nor hidden files, too, both of them being used by the protection for memorize the trial uses of the target.

For getting the possibility of use from a contextual menu, check 'Add to contextual menu' checkbox.

It detects if your system language is english or spanish before showing you all strings.


I hope you enjoy it :)

Nacho_dj / ARTeam


Coded & Developed by Nacho_dj / ARTeam
Also listed in: Protection Identifiers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Detect It Easy
Rating: 0.0 (0 votes)
Author: Hors                        
Website: http://ntinfo.biz
Current version: 1.01
Last updated: March 23, 2016
Direct D/L link: https://www.dropbox.com/s/h3sjlmhgcx7qfx2/DIE_1.01_win.zip?dl=1
License type: Free (both for commercial and non-commercial usage) and open source
Description: Detect it Easy

Detect It Easy, or abbreviated “DIE” is a program for determining types of files.

“DIE” is a cross-platform application, apart from Windows version there are also available versions for Linux and Mac OS.

Many programs of the kind (PEID, PE tools) allow to use third-party signatures. Unfortunately, those signatures scan only bytes by the pre-set mask, and it is not possible to specify additional parameters. As the result, false triggering often occur. More complicated algorithms are usually strictly set in the program itself. Hence, to add a new complex detect one needs to recompile the entire project. No one, except the authors themselves, can change the algorithm of a detect. As time passes, such programs lose relevance without the constant support.

Detect It Easy has totally open architecture of signatures. You can easily add your own algorithms of detects or modify those that already exist. This is achieved by using scripts. The script language is very similar to JavaScript and any person, who understands the basics of programming, will understand easily how it works. Possibly, someone may decide the scripts are working very slow. Indeed, scripts run slower than compiled code, but, thanks to the good optimization of Script Engine, this doesn\'t cause any special inconvenience. The possibilities of open architecture compensate these limitations.

DIE exists in three versions. Basic version (“DIE”), Lite version (“DIEL”) and console version (“DIEC”). All the three use the same signatures, which are located in the folder “db”. If you open this folder, nested sub-folders will be found (“Binary”, “PE” and others). The names of sub-folders correspond to the types of files. First, DIE determines the type of file, and then sequentially loads all the signatures, which lie in the corresponding folder. Currently the program defines the following types:

• MSDOS executable files MS-DOS

• PE executable files Windows

• ELF executable files Linux

• MACH executable files Mac OS

• Text files

• Binary all other files
Also listed in: .NET Packers, Compiler Identifiers, Entropy Analyzers, Exe Analyzers, Linux Tools, Mac OS Tools, PE EXE Signature Tools, PE Executable Editors, Tool Signatures
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Jim Clausing's Malware Packer Signatures
Rating: 0.0 (0 votes)
Author: Jim Clausing                        
Website: http://isc.sans.org/diary.html?storyid=3432
Current version:
Last updated:
Direct D/L link: http://handlers.sans.org/jclausing/userdb.txt
License type:
Description: Custom malware packer signatures by Jim Clausing.
Also listed in: Packer Identifier Signatures
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: packerid.py
Rating: 0.0 (0 votes)
Author: Jim Clausing                        
Website: http://handlers.sans.org/jclausing
Current version:
Last updated:
Direct D/L link: http://handlers.sans.org/jclausing/packerid.py
License type:
Description:
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Panda Security Packer Signatures
Rating: 0.0 (0 votes)
Author: Panda Security                        
Website: N/A
Current version:
Last updated:
Direct D/L link: http://research.pandasecurity.com/blogs/images/userdb.txt
License type:
Description: Panda Security Packer Signatures
Also listed in: Packer Identifier Signatures
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: pev
Rating: 0.0 (0 votes)
Author: Fernando Mercês, Jardel Weyrich                        
Website: http://pev.sf.net
Current version: 0.70
Last updated: December 27, 2013
Direct D/L link: http://sourceforge.net/projects/pev/files/pev-0.70/pev-0.70-win32.zip/download
License type: Open Source (GPLv3)
Description: pev is a free and open source multi-platform PE file analysis toolkit,
that provide the following tools:

* pehash - calculate PE file hashes
* pedis - PE disassembler
* pepack - packer detector
* peres - view and extract PE file resources
* pescan - search for suspicious things in PE files, including TLS callbacks
* pesec - check security features and certificates in PE files
* pestr - search for unicode and ascii strings in PE files
* readpe - show PE file headers, sections and more
* rva2ofs - convert RVA to raw file offsets
* ofs2rva - convert raw file offsets to RVA

Features include:

* Based on own PE library, called libpe
* Support for PE32 and PE32+ (64-bit) files
* Formatted output in text and CSV (other formats in development)
* pesec: check security features in PE files, extract certificates and more
* readpe: parse PE headers, sections, imports and exports
* pescan: detect TLS callback functions, DOS stub modification,
suspicious sections and more
* pedis: disassembly a PE file section or function with support for
Intel and AT&T syntax
* Include tools to convert RVA from file offset and vice-versa
* pehash: calculate PE file hashes
* pepack: detect if an executable is packed or not
* pestr: search for hardcoded Unicode and ASCII strings simultaneously
in PE files
* peres: show and extract PE file resources
Also listed in: Disassemblers, Entropy Analyzers, Exe Analyzers, Malware Analysis Tools, String Finders
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)


RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.


Subcategories

There is one subcategory to this category.





Views
Category Navigation Tree
   Code Coverage Tools  (13)
   Code Ripping Tools  (2)
   Helper Tools  (3)
   Hex Editors  (13)
   Memory Patchers  (7)
   Packers  (19)
   Profiler Tools  (11)
   String Finders  (10)
   Tool Hiding Tools  (7)
   Tracers  (20)
   Needs New Category  (3)