From Collaborative RCE Tool Library

Jump to: navigation, search

Tool Signatures


Tool name: Neil's Collection of Packer Signatures
Rating: 5.0 (1 vote)
Author: Asterix                        
Website: N/A
Current version:
Last updated: September 5, 2012
Direct D/L link: Locally archived copy
License type:
Description: Neil's Collection of Packer Signatures
Also listed in: Packer Identifier Signatures
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: RE-SIGS
Rating: 5.0 (1 vote)
Author: dihux                        
Website: N/A
Current version: v0.14
Last updated: August 8, 2011
Direct D/L link: Locally archived copy
License type: Free
Description: from readme.txt:

INFO
RE-SIGS is a signature file for IDA.

RE-SIGS does not support delphi signatures anymore.
Maybe there will be a pure delphi version in the future.

Help out with the project if you want :-)


INSTALL
Copy RESIGS*.sig into IDA\sig


ADDED SIGNATURES
MATH LIBS
- MIRACL v43 v54 v72 v85 v45 v510 v474 v542 v544
- BigLib v0.01e by roy
- ECC Bignums
- Borzoilib
- BigNumberQs
- MPI
- Freelip
- GiantInt
- Mixint v0.7
- Bignum library by drizz v1.0 RC2
- Bignum library v1.0 by _ged/TKM!
- Witeg's biglib
- Pegwit v8.7
- Pegwit modified version found in software
- Slavasoft FastCRC Library v1.51
- Slavasoft QuickCrypt Library v2.51
- Slavasoft QuickHash Library v3.02
- libtomcrypt v1.16
- libtommath v0.39
- Cryptohash by drizz all versions up to v1.0 RC4
- FGInt

+ many more


OTHER
- masm32v10lib
- fpuv10lib // from masm32 pack
- datetimev10lib // from masm32 pack
- mfmplayer v?
- minifmod v?
- pnglib v?
- many user identified procedures
- many known hashes/cipher implementations
- textscroller v? lib // requested
- rceapi // precompiled

+ many more


COUNT
6522 identified functions


OTHER INFO
Requests, incorrect named functions, fake hits, contributions
tips etc. goes to me at IRC EFNet.


HISTORY
v0.14 08.08.2011 PUBLIC
v0.13 10.01.2011 INTERNAL
v0.12 14.11.2010 INTERNAL
v0.11 05.10.2010 INTERNAL
v0.10 02.07.2010 INTERNAL
v0.09 24.06.2010 INTERNAL
v0.08 30.11.2009 INTERNAL
v0.07 24.09.2009 INTERNAL
mr. anon#3 contributed with:
- Pegwit v8.7 // compiled with VC9
- Pegwit modified version found in software
- Slavasoft FastCRC Library v1.51 // precompiled
- Slavasoft QuickCrypt Library v2.51 // precompiled
- Slavasoft QuickHash Library v3.02 // precompiled
- libtomcrypt v1.16 // compiled with vs6 and vs2008
- libtommath v0.39 // compiled with vs6 and vs2008

v0.06 19.09.2009 INTERNAL
mr. anon#2 requested:
- textscroller lib // precompiled

v0.05 06.09.2009 INTERNAL
v0.04 25.08.2009 INTERNAL
v0.03 24.08.2009 INTERNAL
mr. anon#1 requested:
- masm32v10lib // precompiled
- fpuv10lib // precompiled
- datetimev10lib // precompiled
- mfmplayer // precompiled
- minifmod // precompiled
- pnglib // precompiled

v0.02 25.07.2009 INTERNAL
v0.01 09.07.2009 INTERNAL
Also listed in: IDA FLIRT Signatures
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: AT4RE FastScanner
Rating: 4.4 (5 votes)
Author: AT4RE Team                        
Website: http://www.at4re.com
Current version: 3.0 Final
Last updated: December 18, 2009
Direct D/L link: Locally archived copy
License type: Free
Description: Yet another Win32 PE Packer/Protector Identifier.

[ Description ]

- FastScanner is a Detector for most packers, cryptors and compilers for PE Files Programmed in ASM and designed for ‎fast access to most needed plugins.

####################################################################
FastScanner v3.0 Final Change log:
07/01/2010

1- Update signature Database file.
2- Add Tricks Finder function in the Information dialog. [Still Beta]
3- Fixed Bug when click in the Smart-Scan button twice.
4- Fixed Bug with Overlay size.
5- Many Bug Fixed in the program.

####################################################################
FastScanner v3.0 Beta 3 Change log:
18/12/2009

1- Update and optimize signature Database file.
2- Update SmartScan method.
3- Improve the information dialog.
4- Add Overlay signature detection in the Information dialog.
5- Add number of sections detection method.
6- Add JunckCode Detection.
7- AT4RE Overlay Tool v0.2 by STRELiTZIA.
8- Hash & Crypto Detector v1.4 by Mr.Paradox.
9- Signature Manager v1.1 by GamingMasteR.
10- Fixed Bug in Smart-Scan with some protectors.
11- Fixed Bug with ToolTip when using Smart-Scan.
12- Fixed Bug when scanning a Folder.
13- Fixed Bug in the scanning algorithm.

####################################################################
FastScanner v3.0 Beta 2 Change log:
26/10/2009

1- Add colors to the disassembler by GamingMasteR.
2- Add SmartScan method.
3- Add Overlay Detection method.
4- Fixed Bug in ScanDirectory.
5- Fixed Bug in Scanning an opened file.
6- Fixed Bug with RLPack protected files.
7- Fixed Bug in Detecting Overlay.
8- Fixed Bug in Detecting Fake-Signature.
9- Fixed Bug in Matches number in the Total-Scan.

####################################################################
FastScanner v3.0 Beta Change log:
25/09/2009

1- Change Signature DataBase for more accuracy.
2- Updating the scanning algorithm.
3- New and powerful Signature Manager plugin.
4- New Hash & Crypto detector plugin by Mr.Paradox.
5- New GFX for version 3 by RobenHoodArab.
6- Add new PEHeader-Viewer dialog to main window in FS.
7- Add Hex-Viewer and Resource-Viewer on the PEHeader-Viewer Dialog.
8- Add tooltips with information about the content of PEHeader-Viewer dialog.
9- Add Unpacking Information dialog (still Beta).
10- Add ScanDirectory dialog.
11- Add Compiler Detection Mechanism.
12- Add Anti-FakeSignature algorithm.
13- Update the Export and Import Viewer dialogs.
14- Fixed Bug in ImportTable Viewer with Upack.
15- PE Editor : Fixed Bug in Resource Viewer.
16- PE Editor : Fixed Bug in ImportTable Viewer.
17- PE Editor : Fixed Bug in ExportTable Viewer.
18- PE Editor : Add ReadOnly-Mode and FullAccess-Mode.
19- PE Editor : Add 16Edit HexEditor by yoda.
Also listed in: Compiler Identifiers, Packer Identifier Signatures, Packer Identifiers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: RDG Packer Detector
Rating: 3.5 (2 votes)
Author: RDGMax                        
Website: http://www.rdgsoft.8k.com
Current version: 0.6.7
Last updated: June 26, 2011
Direct D/L link: http://rdgsoft.8k.com/images/v0.6.7%20Vx%20Edition/RDG%20Packer%20Detector%20v0.6.7%202011%20Vx-Edition.rar
License type: Free
Description: RDG Packer Detector is a detector packers, Cryptors, Compilers,
Packers Scrambler,Joiners,Installers.

-Holds Fast detection system..
-Has detection system Powerful Analyzing the complete file, allowing the detection of Muli-packers in several cases.
-You can create your own Signatures detection.
-Holds Crypto-Graphic Analyzer.
-Allows you to calculate the checksum of a file.
-Allows you to calculate the Entropy, reporting if the program looked at the compressed, encrypted or not.
-OEP-Detector (Original Point of Entry) of a program.
-You can Check and download and you always signaturas.RDG Packer Detector will be updated.
-Plug-ins Loader..
-Signatures converter.
-Detector distortive Entry Point.
-De-Binder an extractor attachments.
-System Improved heuristic.

What's New! v0.6.6

-New Interface!

-Fast Mode Detection and Mode Powerful Improved!
-Super base signatures Updated!
-Heuristic detection of Binders
-Detection and Extraction Overlay!
-Check and Auto-Update of signatures!
-Super Fast Detection of MD5 Hash!
-Support for Multiple Plug-ins for both RDG Packer Detector and other detectors!
-Detection of Multiple-MPG formats, GIF, RAR, ZIP, MP3 etc..
-Detection and removal of attachments!
Also listed in: Compiler Identifiers, Entropy Analyzers, PE EXE Signature Tools, Packer Identifier Signatures, Packer Identifiers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: AsProtect Signatures for IDA
Rating: 0.0 (0 votes)
Author: hnedka                        
Website: N/A
Current version: 0.1
Last updated: November 12, 2009
Direct D/L link: http://rapidshare.com/files/301642596/AsProtect.sig
License type: freeware
Description: Signature pack for IDA, that contains many AsProtect functions (~500). Run it on dumped AsProtect.dll.
Also listed in: IDA FLIRT Signatures
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Delphi 6 Full IDA Signatures
Rating: 0.0 (0 votes)
Author: TQN                        
Website: N/A
Current version: 1.0
Last updated: September 14, 2004
Direct D/L link: Locally archived copy
License type: Free
Description: I am very glad to say with you: Wow, at the end, I have finished creating the full IDA signatures for Delphi 6 (RTL/VCL/BDE/CLX...).
Also listed in: IDA FLIRT Signatures
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Delphi 7 Full IDA Signatures
Rating: 0.0 (0 votes)
Author: TQN                        
Website: N/A
Current version: 1.0
Last updated: September 14, 2004
Direct D/L link: Locally archived copy
License type: Free
Description: I am very glad to say with you: Wow, at the end, I have finished creating the full IDA signatures for Delphi 7 (RTL/VCL/BDE/CLX...).
Also listed in: IDA FLIRT Signatures
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Detect It Easy
Rating: 0.0 (0 votes)
Author: Hors                        
Website: http://ntinfo.biz
Current version: 1.01
Last updated: March 23, 2016
Direct D/L link: https://www.dropbox.com/s/h3sjlmhgcx7qfx2/DIE_1.01_win.zip?dl=1
License type: Free (both for commercial and non-commercial usage) and open source
Description: Detect it Easy

Detect It Easy, or abbreviated “DIE” is a program for determining types of files.

“DIE” is a cross-platform application, apart from Windows version there are also available versions for Linux and Mac OS.

Many programs of the kind (PEID, PE tools) allow to use third-party signatures. Unfortunately, those signatures scan only bytes by the pre-set mask, and it is not possible to specify additional parameters. As the result, false triggering often occur. More complicated algorithms are usually strictly set in the program itself. Hence, to add a new complex detect one needs to recompile the entire project. No one, except the authors themselves, can change the algorithm of a detect. As time passes, such programs lose relevance without the constant support.

Detect It Easy has totally open architecture of signatures. You can easily add your own algorithms of detects or modify those that already exist. This is achieved by using scripts. The script language is very similar to JavaScript and any person, who understands the basics of programming, will understand easily how it works. Possibly, someone may decide the scripts are working very slow. Indeed, scripts run slower than compiled code, but, thanks to the good optimization of Script Engine, this doesn\'t cause any special inconvenience. The possibilities of open architecture compensate these limitations.

DIE exists in three versions. Basic version (“DIE”), Lite version (“DIEL”) and console version (“DIEC”). All the three use the same signatures, which are located in the folder “db”. If you open this folder, nested sub-folders will be found (“Binary”, “PE” and others). The names of sub-folders correspond to the types of files. First, DIE determines the type of file, and then sequentially loads all the signatures, which lie in the corresponding folder. Currently the program defines the following types:

• MSDOS executable files MS-DOS

• PE executable files Windows

• ELF executable files Linux

• MACH executable files Mac OS

• Text files

• Binary all other files
Also listed in: .NET Packers, Compiler Identifiers, Entropy Analyzers, Exe Analyzers, Linux Tools, Mac OS Tools, PE EXE Signature Tools, PE Executable Editors, Packer Identifiers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: HASP SRM 5.0 build 24 Sep 2010 IDA signatures
Rating: 0.0 (0 votes)
Author: souz                        
Website: N/A
Current version: 1.0
Last updated: September 24, 2010
Direct D/L link: Locally archived copy
License type: Free
Description: Safenet HASP SRM 5.0 build 24-Sep-2010 IDA signature finder
Also listed in: Dongle IDA Signatures, Dongle Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: IDA Signature: Sentinel SuperPro VC++ library 64bit
Rating: 0.0 (0 votes)
Author: prt                        
Website: N/A
Current version: rev1
Last updated: September 2, 2013
Direct D/L link: Locally archived copy
License type: free
Description: IDA Signature: Sentinel SuperPro VC++ library 64bit
version: rev1

2013.09.02 rev1:
Add Sentinel SuperPro v7.1
Add Sentinel SuperPro v7.0
Add Sentinel SuperPro v6.6.0
Add Sentinel SuperPro v6.5.0
Also listed in: Dongle IDA Signatures
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Jim Clausing's Malware Packer Signatures
Rating: 0.0 (0 votes)
Author: Jim Clausing                        
Website: http://isc.sans.org/diary.html?storyid=3432
Current version:
Last updated:
Direct D/L link: http://handlers.sans.org/jclausing/userdb.txt
License type:
Description: Custom malware packer signatures by Jim Clausing.
Also listed in: Packer Identifier Signatures
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Key-lok II C++ library IDA Signatures
Rating: 0.0 (0 votes)
Author: prt                        
Website: N/A
Current version: rev1
Last updated: July 5, 2007
Direct D/L link: Locally archived copy
License type: Free
Description: IDA Signature: Key-lok II C++ library
version: rev1
Also listed in: Dongle IDA Signatures, KEYLOK Dongle Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Matrix Dongle 2.6.0 IDA Signatures
Rating: 0.0 (0 votes)
Author: Sope                        
Website: N/A
Current version:
Last updated: September 13, 2008
Direct D/L link: Locally archived copy
License type:
Description: Recently, while RE an target I had to create IDA signature file for Matrix Dongle ver 2.6.0 hence uploaded here. It will help you to identify many fucntions.
Also listed in: Dongle IDA Signatures, Matrix Dongle Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Matrix Dongle C++ library IDA Signatures
Rating: 0.0 (0 votes)
Author: prt                        
Website: N/A
Current version: rev1
Last updated: August 5, 2007
Direct D/L link: Locally archived copy
License type: Free
Description: IDA Signature: Matrix Dongle C++ library
version: rev1

2007.08.05 rev1:
Matrix SDK v2.60
Also listed in: Dongle IDA Signatures, Matrix Dongle Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Panda Security Packer Signatures
Rating: 0.0 (0 votes)
Author: Panda Security                        
Website: N/A
Current version:
Last updated:
Direct D/L link: http://research.pandasecurity.com/blogs/images/userdb.txt
License type:
Description: Panda Security Packer Signatures
Also listed in: Packer Identifier Signatures
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Rockey4 2.x Dongle C++ library IDA Signatures
Rating: 0.0 (0 votes)
Author: prt                        
Website: N/A
Current version: rev1
Last updated: July 5, 2007
Direct D/L link: Locally archived copy
License type: Free
Description: IDA Signature: Rockey4 v2.x C++ library
version: rev1

2007.07.05 rev1:
Add Rockey4 v2.05
Add Rockey4 v2.06
Also listed in: Dongle IDA Signatures, Rockey Dongle Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Rockey4ND 1.x Dongle C++ library IDA Signatures
Rating: 0.0 (0 votes)
Author: prt                        
Website: N/A
Current version: rev2
Last updated: October 11, 2007
Direct D/L link: Locally archived copy
License type: Free
Description: IDA Signatures: Rockey4ND v1.x C++ library

2007.07.05 rev1:
Add Rockey4ND v1.20

2007.10.11 rev2:
Add Rockey4ND v1.15
Add Rockey4ND v1.16
Also listed in: Dongle IDA Signatures, Rockey Dongle Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Safenet Sentinel Hardware Keys 1.x C++ library IDA Signatures
Rating: 0.0 (0 votes)
Author: prt                        
Website: N/A
Current version: rev1
Last updated: November 15, 2006
Direct D/L link: Locally archived copy
License type: Free
Description: New sentinel dongle:
http://www.safenet-inc.com/products/sentinel/hardware_keys.asp

IDA Signature: Safenet Sentinel Hardware Keys v1.x C++ library
version: rev1

2006.11.15 rev1:
Sentinel Hardware Keys v1.0.2
Also listed in: Dongle IDA Signatures, Sentinel Dongle Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Sentinel SuperPro 6.x Dongle C/C++ library IDA Signatures
Rating: 0.0 (0 votes)
Author: prt                        
Website: N/A
Current version: rev7
Last updated: April 17, 2007
Direct D/L link: Locally archived copy
License type: Free
Description: IDA Signature: Sentinel SuperPro v6.x C/C++ library
version: rev7

2007.04.11 rev7:
Fixed some Sentinel obfuscated functions. (Thanks to Meteo)

2007.03.01 rev6:
Fixed Sentinel obfuscated functions. (Thanks to Meteo)

2006.10.27 rev5:
Add Sentinel SuperPro v6.4.4
Add Sentinel SuperPro v6.4.3

2006.03.11 rev4:
Add Sentinel SuperPro v6.4.2
Add Sentinel SuperPro v6.4.1

2005.05.07 rev3:
Add Sentinel SuperPro v6.4

2004.12.31 rev2:
Add Sentinel SuperPro v6.3.1.9
Add Sentinel SuperPro v6.3.1.8
Add Sentinel SuperPro v6.3.1.2
Add Sentinel SuperPro v6.3.1.1

2004.12.09 rev1:
Add Sentinel SuperPro v6.3.1.10
Add Sentinel SuperPro v6.3.1.4
Add Sentinel SuperPro v6.3.1
Add Sentinel SuperPro v6.3
Add Sentinel SuperPro v6.2.1
Add Sentinel SuperPro v6.2
Add Sentinel SuperPro v6.1
Add Sentinel SuperPro v6.0
Also listed in: Dongle IDA Signatures, Sentinel Dongle Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: SentinelLM Dongle C/C++ library IDA Signatures
Rating: 0.0 (0 votes)
Author: prt                        
Website: N/A
Current version: rev2
Last updated: June 14, 2007
Direct D/L link: Locally archived copy
License type: Free
Description: IDA Signature: SentinelLM C/C++ library
version: rev2

2007.06.14
Add SentinelLM v8.0
Add SentinelLM v8.0.2
Fixed some obfuscated functions.

2004.12.30 rev1:
inculde:
SentinelLM v7.0
SentinelLM v7.0 SP2
SentinelLM v7.1
SentinelLM v7.1.1
SentinelLM v7.1.2
SentinelLM v7.2
SentinelLM v7.2.0.1
SentinelLM v7.2.0.3
SentinelLM v7.2.0.4
SentinelLM v7.2.0.5
SentinelLM v7.2.0.6
SentinelLM v7.2.0.8
SentinelLM v7.2.0.9
SentinelLM v7.2.0.12
SentinelLM v7.2.0.18
SentinelLM v7.3.0
Also listed in: Dongle IDA Signatures, Sentinel Dongle Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)


RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.


Subcategories

There are 2 subcategories to this category.





Views
Category Navigation Tree
   Needs New Category  (3)