From Collaborative RCE Tool Library
Tool Signatures
| Tool name: | Neil's Collection of Packer Signatures |
| ||
|---|---|---|---|---|
| Author: | Neil The Hippie Killer | |||
| Website: | http://www.peid.info/BobSoft/ | |||
| Current version: | ||||
| Last updated: | December 5, 2007 | |||
| Direct D/L link: | http://www.peid.info/BobSoft/Downloads/UserDB.zip | |||
| License type: | ||||
| Description: | Neil's Collection of Packer Signatures | |||
| Also listed in: | Packer Identifier Signatures | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | RE-SIGS |
| ||
|---|---|---|---|---|
| Author: | dihux | |||
| Website: | N/A | |||
| Current version: | v0.14 | |||
| Last updated: | August 8, 2011 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | Free | |||
| Description: | from readme.txt: INFO RE-SIGS is a signature file for IDA. RE-SIGS does not support delphi signatures anymore. Maybe there will be a pure delphi version in the future. Help out with the project if you want :-) INSTALL Copy RESIGS*.sig into IDA\sig ADDED SIGNATURES MATH LIBS - MIRACL v43 v54 v72 v85 v45 v510 v474 v542 v544 - BigLib v0.01e by roy - ECC Bignums - Borzoilib - BigNumberQs - MPI - Freelip - GiantInt - Mixint v0.7 - Bignum library by drizz v1.0 RC2 - Bignum library v1.0 by _ged/TKM! - Witeg's biglib - Pegwit v8.7 - Pegwit modified version found in software - Slavasoft FastCRC Library v1.51 - Slavasoft QuickCrypt Library v2.51 - Slavasoft QuickHash Library v3.02 - libtomcrypt v1.16 - libtommath v0.39 - Cryptohash by drizz all versions up to v1.0 RC4 - FGInt + many more OTHER - masm32v10lib - fpuv10lib // from masm32 pack - datetimev10lib // from masm32 pack - mfmplayer v? - minifmod v? - pnglib v? - many user identified procedures - many known hashes/cipher implementations - textscroller v? lib // requested - rceapi // precompiled + many more COUNT 6522 identified functions OTHER INFO Requests, incorrect named functions, fake hits, contributions tips etc. goes to me at IRC EFNet. HISTORY v0.14 08.08.2011 PUBLIC v0.13 10.01.2011 INTERNAL v0.12 14.11.2010 INTERNAL v0.11 05.10.2010 INTERNAL v0.10 02.07.2010 INTERNAL v0.09 24.06.2010 INTERNAL v0.08 30.11.2009 INTERNAL v0.07 24.09.2009 INTERNAL mr. anon#3 contributed with: - Pegwit v8.7 // compiled with VC9 - Pegwit modified version found in software - Slavasoft FastCRC Library v1.51 // precompiled - Slavasoft QuickCrypt Library v2.51 // precompiled - Slavasoft QuickHash Library v3.02 // precompiled - libtomcrypt v1.16 // compiled with vs6 and vs2008 - libtommath v0.39 // compiled with vs6 and vs2008 v0.06 19.09.2009 INTERNAL mr. anon#2 requested: - textscroller lib // precompiled v0.05 06.09.2009 INTERNAL v0.04 25.08.2009 INTERNAL v0.03 24.08.2009 INTERNAL mr. anon#1 requested: - masm32v10lib // precompiled - fpuv10lib // precompiled - datetimev10lib // precompiled - mfmplayer // precompiled - minifmod // precompiled - pnglib // precompiled v0.02 25.07.2009 INTERNAL v0.01 09.07.2009 INTERNAL | |||
| Also listed in: | IDA FLIRT Signatures | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | AT4RE FastScanner |
| ||
|---|---|---|---|---|
| Author: | AT4RE Team | |||
| Website: | http://www.at4re.com | |||
| Current version: | 3.0 Final | |||
| Last updated: | December 18, 2009 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | Free | |||
| Description: | Yet another Win32 PE Packer/Protector Identifier. [ Description ] - FastScanner is a Detector for most packers, cryptors and compilers for PE Files Programmed in ASM and designed for fast access to most needed plugins. #################################################################### FastScanner v3.0 Final Change log: 07/01/2010 1- Update signature Database file. 2- Add Tricks Finder function in the Information dialog. [Still Beta] 3- Fixed Bug when click in the Smart-Scan button twice. 4- Fixed Bug with Overlay size. 5- Many Bug Fixed in the program. #################################################################### FastScanner v3.0 Beta 3 Change log: 18/12/2009 1- Update and optimize signature Database file. 2- Update SmartScan method. 3- Improve the information dialog. 4- Add Overlay signature detection in the Information dialog. 5- Add number of sections detection method. 6- Add JunckCode Detection. 7- AT4RE Overlay Tool v0.2 by STRELiTZIA. 8- Hash & Crypto Detector v1.4 by Mr.Paradox. 9- Signature Manager v1.1 by GamingMasteR. 10- Fixed Bug in Smart-Scan with some protectors. 11- Fixed Bug with ToolTip when using Smart-Scan. 12- Fixed Bug when scanning a Folder. 13- Fixed Bug in the scanning algorithm. #################################################################### FastScanner v3.0 Beta 2 Change log: 26/10/2009 1- Add colors to the disassembler by GamingMasteR. 2- Add SmartScan method. 3- Add Overlay Detection method. 4- Fixed Bug in ScanDirectory. 5- Fixed Bug in Scanning an opened file. 6- Fixed Bug with RLPack protected files. 7- Fixed Bug in Detecting Overlay. 8- Fixed Bug in Detecting Fake-Signature. 9- Fixed Bug in Matches number in the Total-Scan. #################################################################### FastScanner v3.0 Beta Change log: 25/09/2009 1- Change Signature DataBase for more accuracy. 2- Updating the scanning algorithm. 3- New and powerful Signature Manager plugin. 4- New Hash & Crypto detector plugin by Mr.Paradox. 5- New GFX for version 3 by RobenHoodArab. 6- Add new PEHeader-Viewer dialog to main window in FS. 7- Add Hex-Viewer and Resource-Viewer on the PEHeader-Viewer Dialog. 8- Add tooltips with information about the content of PEHeader-Viewer dialog. 9- Add Unpacking Information dialog (still Beta). 10- Add ScanDirectory dialog. 11- Add Compiler Detection Mechanism. 12- Add Anti-FakeSignature algorithm. 13- Update the Export and Import Viewer dialogs. 14- Fixed Bug in ImportTable Viewer with Upack. 15- PE Editor : Fixed Bug in Resource Viewer. 16- PE Editor : Fixed Bug in ImportTable Viewer. 17- PE Editor : Fixed Bug in ExportTable Viewer. 18- PE Editor : Add ReadOnly-Mode and FullAccess-Mode. 19- PE Editor : Add 16Edit HexEditor by yoda. | |||
| Also listed in: | Compiler Identifiers, Packer Identifier Signatures, Packer Identifiers | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | RDG Packer Detector |
| ||
|---|---|---|---|---|
| Author: | RDGMax | |||
| Website: | http://www.rdgsoft.8k.com | |||
| Current version: | 0.6.7 | |||
| Last updated: | June 26, 2011 | |||
| Direct D/L link: | http://rdgsoft.8k.com/images/v0.6.7%20Vx%20Edition/RDG%20Packer%20Detector%20v0.6.7%202011%20Vx-Edition.rar | |||
| License type: | Free | |||
| Description: | RDG Packer Detector is a detector packers, Cryptors, Compilers, Packers Scrambler,Joiners,Installers. -Holds Fast detection system.. -Has detection system Powerful Analyzing the complete file, allowing the detection of Muli-packers in several cases. -You can create your own Signatures detection. -Holds Crypto-Graphic Analyzer. -Allows you to calculate the checksum of a file. -Allows you to calculate the Entropy, reporting if the program looked at the compressed, encrypted or not. -OEP-Detector (Original Point of Entry) of a program. -You can Check and download and you always signaturas.RDG Packer Detector will be updated. -Plug-ins Loader.. -Signatures converter. -Detector distortive Entry Point. -De-Binder an extractor attachments. -System Improved heuristic. What's New! v0.6.6 -New Interface! -Fast Mode Detection and Mode Powerful Improved! -Super base signatures Updated! -Heuristic detection of Binders -Detection and Extraction Overlay! -Check and Auto-Update of signatures! -Super Fast Detection of MD5 Hash! -Support for Multiple Plug-ins for both RDG Packer Detector and other detectors! -Detection of Multiple-MPG formats, GIF, RAR, ZIP, MP3 etc.. -Detection and removal of attachments! | |||
| Also listed in: | Compiler Identifiers, Entropy Analyzers, PE EXE Signature Tools, Packer Identifier Signatures, Packer Identifiers | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | AsProtect Signatures for IDA |
| ||
|---|---|---|---|---|
| Author: | hnedka | |||
| Website: | N/A | |||
| Current version: | 0.1 | |||
| Last updated: | November 12, 2009 | |||
| Direct D/L link: | http://rapidshare.com/files/301642596/AsProtect.sig | |||
| License type: | freeware | |||
| Description: | Signature pack for IDA, that contains many AsProtect functions (~500). Run it on dumped AsProtect.dll. | |||
| Also listed in: | IDA FLIRT Signatures | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | Delphi 6 Full IDA Signatures |
| ||
|---|---|---|---|---|
| Author: | TQN | |||
| Website: | N/A | |||
| Current version: | 1.0 | |||
| Last updated: | September 14, 2004 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | Free | |||
| Description: | I am very glad to say with you: Wow, at the end, I have finished creating the full IDA signatures for Delphi 6 (RTL/VCL/BDE/CLX...). | |||
| Also listed in: | IDA FLIRT Signatures | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | Delphi 7 Full IDA Signatures |
| ||
|---|---|---|---|---|
| Author: | TQN | |||
| Website: | N/A | |||
| Current version: | 1.0 | |||
| Last updated: | September 14, 2004 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | Free | |||
| Description: | I am very glad to say with you: Wow, at the end, I have finished creating the full IDA signatures for Delphi 7 (RTL/VCL/BDE/CLX...). | |||
| Also listed in: | IDA FLIRT Signatures | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | Jim Clausing's Malware Packer Signatures |
| ||
|---|---|---|---|---|
| Author: | Jim Clausing | |||
| Website: | http://isc.sans.org/diary.html?storyid=3432 | |||
| Current version: | ||||
| Last updated: | ||||
| Direct D/L link: | http://handlers.sans.org/jclausing/userdb.txt | |||
| License type: | ||||
| Description: | Custom malware packer signatures by Jim Clausing. | |||
| Also listed in: | Packer Identifier Signatures | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | Key-lok II C++ library IDA Signatures |
| ||
|---|---|---|---|---|
| Author: | prt | |||
| Website: | N/A | |||
| Current version: | rev1 | |||
| Last updated: | July 5, 2007 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | Free | |||
| Description: | IDA Signature: Key-lok II C++ library version: rev1 | |||
| Also listed in: | Dongle IDA Signatures, KEYLOK Dongle Tools | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | Matrix Dongle 2.6.0 IDA Signatures |
| ||
|---|---|---|---|---|
| Author: | Sope | |||
| Website: | N/A | |||
| Current version: | ||||
| Last updated: | September 13, 2008 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | ||||
| Description: | Recently, while RE an target I had to create IDA signature file for Matrix Dongle ver 2.6.0 hence uploaded here. It will help you to identify many fucntions. | |||
| Also listed in: | Dongle IDA Signatures, Matrix Dongle Tools | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | Matrix Dongle C++ library IDA Signatures |
| ||
|---|---|---|---|---|
| Author: | prt | |||
| Website: | N/A | |||
| Current version: | rev1 | |||
| Last updated: | August 5, 2007 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | Free | |||
| Description: | IDA Signature: Matrix Dongle C++ library version: rev1 2007.08.05 rev1: Matrix SDK v2.60 | |||
| Also listed in: | Dongle IDA Signatures, Matrix Dongle Tools | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | Panda Security Packer Signatures |
| ||
|---|---|---|---|---|
| Author: | Panda Security | |||
| Website: | N/A | |||
| Current version: | ||||
| Last updated: | ||||
| Direct D/L link: | http://research.pandasecurity.com/blogs/images/userdb.txt | |||
| License type: | ||||
| Description: | Panda Security Packer Signatures | |||
| Also listed in: | Packer Identifier Signatures | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | Rockey4 2.x Dongle C++ library IDA Signatures |
| ||
|---|---|---|---|---|
| Author: | prt | |||
| Website: | N/A | |||
| Current version: | rev1 | |||
| Last updated: | July 5, 2007 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | Free | |||
| Description: | IDA Signature: Rockey4 v2.x C++ library version: rev1 2007.07.05 rev1: Add Rockey4 v2.05 Add Rockey4 v2.06 | |||
| Also listed in: | Dongle IDA Signatures, Rockey Dongle Tools | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | Rockey4ND 1.x Dongle C++ library IDA Signatures |
| ||
|---|---|---|---|---|
| Author: | prt | |||
| Website: | N/A | |||
| Current version: | rev2 | |||
| Last updated: | October 11, 2007 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | Free | |||
| Description: | IDA Signatures: Rockey4ND v1.x C++ library 2007.07.05 rev1: Add Rockey4ND v1.20 2007.10.11 rev2: Add Rockey4ND v1.15 Add Rockey4ND v1.16 | |||
| Also listed in: | Dongle IDA Signatures, Rockey Dongle Tools | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | Safenet Sentinel Hardware Keys 1.x C++ library IDA Signatures |
| ||
|---|---|---|---|---|
| Author: | prt | |||
| Website: | N/A | |||
| Current version: | rev1 | |||
| Last updated: | November 15, 2006 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | Free | |||
| Description: | New sentinel dongle: http://www.safenet-inc.com/products/sentinel/hardware_keys.asp IDA Signature: Safenet Sentinel Hardware Keys v1.x C++ library version: rev1 2006.11.15 rev1: Sentinel Hardware Keys v1.0.2 | |||
| Also listed in: | Dongle IDA Signatures, Sentinel Dongle Tools | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | Sentinel SuperPro 6.x Dongle C/C++ library IDA Signatures |
| ||
|---|---|---|---|---|
| Author: | prt | |||
| Website: | N/A | |||
| Current version: | rev7 | |||
| Last updated: | April 17, 2007 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | Free | |||
| Description: | IDA Signature: Sentinel SuperPro v6.x C/C++ library version: rev7 2007.04.11 rev7: Fixed some Sentinel obfuscated functions. (Thanks to Meteo) 2007.03.01 rev6: Fixed Sentinel obfuscated functions. (Thanks to Meteo) 2006.10.27 rev5: Add Sentinel SuperPro v6.4.4 Add Sentinel SuperPro v6.4.3 2006.03.11 rev4: Add Sentinel SuperPro v6.4.2 Add Sentinel SuperPro v6.4.1 2005.05.07 rev3: Add Sentinel SuperPro v6.4 2004.12.31 rev2: Add Sentinel SuperPro v6.3.1.9 Add Sentinel SuperPro v6.3.1.8 Add Sentinel SuperPro v6.3.1.2 Add Sentinel SuperPro v6.3.1.1 2004.12.09 rev1: Add Sentinel SuperPro v6.3.1.10 Add Sentinel SuperPro v6.3.1.4 Add Sentinel SuperPro v6.3.1 Add Sentinel SuperPro v6.3 Add Sentinel SuperPro v6.2.1 Add Sentinel SuperPro v6.2 Add Sentinel SuperPro v6.1 Add Sentinel SuperPro v6.0 | |||
| Also listed in: | Dongle IDA Signatures, Sentinel Dongle Tools | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | SentinelLM Dongle C/C++ library IDA Signatures |
| ||
|---|---|---|---|---|
| Author: | prt | |||
| Website: | N/A | |||
| Current version: | rev2 | |||
| Last updated: | June 14, 2007 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | Free | |||
| Description: | IDA Signature: SentinelLM C/C++ library version: rev2 2007.06.14 Add SentinelLM v8.0 Add SentinelLM v8.0.2 Fixed some obfuscated functions. 2004.12.30 rev1: inculde: SentinelLM v7.0 SentinelLM v7.0 SP2 SentinelLM v7.1 SentinelLM v7.1.1 SentinelLM v7.1.2 SentinelLM v7.2 SentinelLM v7.2.0.1 SentinelLM v7.2.0.3 SentinelLM v7.2.0.4 SentinelLM v7.2.0.5 SentinelLM v7.2.0.6 SentinelLM v7.2.0.8 SentinelLM v7.2.0.9 SentinelLM v7.2.0.12 SentinelLM v7.2.0.18 SentinelLM v7.3.0 | |||
| Also listed in: | Dongle IDA Signatures, Sentinel Dongle Tools | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
Feed containing all updates and additions for this category.
Feed containing all updates and additions for this category, including sub-categories.
Subcategories
There are 2 subcategories to this category.
