Exetools

Exetools (https://forum.exetools.com/index.php)
-   Community Tools (https://forum.exetools.com/forumdisplay.php?f=47)
-   -   Exeinfo PE ver.0.0.3.1 (https://forum.exetools.com/showthread.php?t=14422)

mm10121991 07-25-2012 03:34

Exeinfo PE ver.0.0.3.1
 
Exeinfo PE - ver.0.0.3.1 by A.S.L

* version 2012.05.18 with 645 signatures *

PHP Code:

http://rghost.ru/39346618 


giv 07-26-2012 15:39

Well...
 
1 Attachment(s)
Let's keep'it here.

mr.exodia 07-26-2012 17:19

I gotta admit I wasn't expecting any updates... maybe it will be useful after all :)

Greetings

cjack 09-07-2012 20:28

Mmmhhh, Symantec Anti-Virus detect a trojan horse in the app dll.....maybe a false alarm.....someone can confirm?

zemo 09-08-2012 08:29

Symantac antivirus is the trojan my friend... trash on it.

Quote:

Originally Posted by cjack (Post 80377)
Mmmhhh, Symantec Anti-Virus detect a trojan horse in the app dll.....maybe a false alarm.....someone can confirm?


abincn 09-08-2012 11:27

I can't use advanced_scan.no advanced_scan.dll

user1 09-09-2012 02:32

Quote:

Originally Posted by zemo (Post 80389)
Symantac antivirus is the trojan my friend... trash on it.

No virus, false alarm.

giv 09-09-2012 20:13

Quote:

Originally Posted by zemo (Post 80389)
Symantac antivirus is the trojan my friend... trash on it.

Do you believe this alarms?
Symantec have one of the strangest range of alarms.
From here 80% will be reported as virus/trojan/malware. This is due to software packing most of the cases. So do not believe this crap anymore.

xtiaoshi 10-22-2012 17:13

1 Attachment(s)
Exeinfo Pe v.0.0.3.2 Beta 2012.07.17 with 658 signatures

giv 10-22-2012 17:38

Any update to any PE detective is more than welcomed.

cxj98 10-23-2012 03:47

I would like wait for Protection ID get upgate. bcoz this detector is much powful.

riverstore 10-23-2012 16:28

Thanks for the news and the attachment, but it still doesn't detect Themida :(

cxj98 10-23-2012 17:07

Quote:

Originally Posted by riverstore (Post 81159)
Thanks for the news and the attachment, but it still doesn't detect Themida :(

try to update peid userdb.txt yourself, here is new themida peid sign

[Themida v2.0.1.0 - v2.1.x.x * Sign.By.cxj98]
signature = 83 EC ?? 50 53 E8 ?? ?? ?? ?? CC
ep_only = true

giv 10-23-2012 19:15

Quote:

Originally Posted by riverstore (Post 81159)
Thanks for the news and the attachment, but it still doesn't detect Themida :(

Maybe not the latest versions but the oldest are detected all for sure.

riverstore 10-23-2012 19:25

Quote:

Originally Posted by cxj98 (Post 81161)
try to update peid userdb.txt yourself, here is new themida peid sign

[Themida v2.0.1.0 - v2.1.x.x * Sign.By.cxj98]
signature = 83 EC ?? 50 53 E8 ?? ?? ?? ?? CC
ep_only = true

Thanks! In a video tutorial by giv, I see that his ExeInfo can detect Themida

MarcElBichon 10-24-2012 23:13

Quote:

Originally Posted by riverstore (Post 81159)
Thanks for the news and the attachment, but it still doesn't detect Themida :(

Latest private version:
Quote:

Last sign :

659. FastPack 32 bits ver.2.x C 2012 by Jean-Marie BARONE ( packer for
Win7/8) http://fastpack.free.fr *ACM
660. CreateInstall v5.1x Gentee ( 2007 - 2012 ) - www.createinstall.com
661. Microsoft SFX CAB Archive ( WiX Installer ) - MS C++ v10 -
www.microsoft.com
662. Software key wrapper 2.0. Copyright 2007-2012 GiveawayOfTheDay.com
663. generic check - MinGW/GCC v.4.7.x - NEW with TLS
664. Themida/Winlicense v.2.1.x.x ( std ) -> Oreans Technologies -
www.oreans.com *ACM

665. Microsoft Visual C++ ver. 9.0/10.0 [ DEBUG ] - E8 System Win7/8 sign.

Gmax 10-25-2012 01:11

but where i can find the latest signs (659 to 664) please

JeRRy 10-25-2012 03:03

3 Attachment(s)
EXEInfo PE v.0.0.3.2 Beta II with 665 signatures

Quote:

Extra added :

- Ext_detector.dll - ver.0.3.8

Plugins :

- advanced_scan.dll v1.07 ( with UserDB.TXT 7076 signatures )
- Hash & Crypto Detector v1.4 ( RSA ,CRC32 , MD5 ... detect )
- PeID Signature Maker v1.2.0 ( You can add new signatures )
- user skins fo ExeinfoPe ( 25 skins )

Last sign :

659. FastPack 32 bits ver.2.x C 2012 by Jean-Marie BARONE ( packer for
Win7/8) http://fastpack.free.fr *ACM
660. CreateInstall v5.1x Gentee ( 2007 - 2012 ) - www.createinstall.com
661. Microsoft SFX CAB Archive ( WiX Installer ) - MS C++ v10 -
www.microsoft.com
662. Software key wrapper 2.0. Copyright 2007-2012 GiveawayOfTheDay.com
663. generic check - MinGW/GCC v.4.7.x - NEW with TLS
664. Themida/Winlicense v.2.1.x.x ( std ) -> Oreans Technologies -
www.oreans.com *ACM
665. Microsoft Visual C++ ver. 9.0/10.0 [ DEBUG ] - E8 System Win7/8 sign.

A.S.L
Download
http://www.datafilehost.com/download-e7ba8568.html

Have fun :)

riverstore 10-25-2012 07:37

Quote:

Originally Posted by JeRRy (Post 81188)
EXEInfo PE v.0.0.3.2 Beta II with 665 signatures
Download
http://www.datafilehost.com/download-e7ba8568.html

Have fun :)

It can detect Themida now, Thanks a lot! :)

quygia128 10-26-2012 18:03

Quote:

Originally Posted by riverstore (Post 81166)
Thanks! In a video tutorial by giv, I see that his ExeInfo can detect Themida

You can add sig for exeinfo.
or
try PEiD mod by Vic4Key.

Download:
Quote:

hxxp://www.mediafire.com/?qvwjbuk2wp4fan4

MarcElBichon 11-11-2012 07:26

New private version

Quote:

Exeinfo Pe v.0.0.3.2 - 2012.09.11 with 667 signatures

extra added :
- Ext_detector.dll - ver.0.3.8 ( non executable data detect )

Plugins :
- advanced_scan.dll v1.07 ( with UserDB.TXT 7076 signatures )
- Hash & Crypto Detector v1.4 ( RSA ,CRC32 , MD5 ... detect )
- PeID Signature Maker v1.2.0 ( You can add new signatures )

- user skins fo ExeinfoPe ( 2o skins )

JeRRy 11-11-2012 08:19

Exeinfo Pe v0.0.3.2 PowerPack with 667 signatures

http://www.mirrorcreator.com/files/0PKCO1XG/Exeinfo_Pe_v0.0.3.2_PowerPack.rar_links

cxj98 11-11-2012 17:48

almost final ready, it won't see any test version dialog.

MarcElBichon 11-14-2012 07:42

Quote:

Originally Posted by cxj98 (Post 81394)
almost final ready, it won't see any test version dialog.

Final version indeed!

Download on official webpage:
Quote:

http://www.exeinfo.antserve.com/exeinfope.zip

MistHill 03-25-2013 15:56

1 Attachment(s)
Exeinfo PE - ver 0.0.3.3 Beta 680 sign
Attachment 6722

MistHill 05-10-2013 11:47

1 Attachment(s)
Exeinfo PE - ver.0.0.3.3 - 680 sign 2012.12.25 FULL

Ext_Detector.dll updated to version 0.0.7.0

Attachment 6850

MistHill 06-17-2013 08:44

Official site www.exeinfo.xn.pl updated on 2013-06-15

Readme_ExeinfoPe.TxT

Quote:

Exeinfo Pe v.0.0.3.3 Full_2 - with 680 signatures

extra added :
- Ext_detector.dll - ver.0.8.0 ( non executable data detect )

Plugins :
advanced_scan.dll + UserDB.TXT with 7075 Signatures

Languages :
Empty sample language file .lng
Russian .lng
Chinese_CHS.lng
Chinese_Big5.lng

Hint :
Click on Config "Language:" string to configure language file.

A.S.L

kjms 06-27-2013 03:02

version : 0.0.3.3 Full - ( 680 sign )
http://www.exeinfo.antserve.com/exeinfope.zip

Code:

extra added :
Ext_detector.dll - ver.0.8.0 ( non executable data detect )
Plugins : advanced_scan.dll + UserDB.TXT with 7075 Signatures
Languages :
Empty sample language file .lng
Russian .lng
Chinese_CHS.lng
Chinese_Big5.lng


MistHill 08-21-2013 10:13

2 Attachment(s)
ExeinfoPE v.0.0.3.4 Beta2 696 sign/Ext_Detector v.1.0.0

ReadMe.txt for ExeinfoPE
Code:

ExeinfoPE v.0.0.3.4 Beta2 696 sign - for Beta Tester only not for usage ( with NAG )

Total not tested version , possible nonSense diagnose !!! , many signatures modified

fixed :

- file scaner changed ( ex. VMProtect ) Faster scan
- compiler detector - add Cygwin - detect console app
- fixed detection for 2 section dll    *generic check - Microsoft Visual C# / Basic.NET / MS Visual Basic
- Fixed - inteli check : MINGW - Bloodshed Software ( www.bloodshed.net )
- StatWin GUI - MD5 copy to clip fixed
- Copy As .bak - close removed and .ext fixed / path
- Rename file - fixed path and txt
- added detection for : Private exe Protector v.4.1.2
- rar ripper file names changed to Hex "XX-rip.rar"
- rar added pass info : NOT EXE - its archive - .RAR >  Used : [ Password needed - HEADER Crypted ]
- Export view fixed
- added : LE - Linear Executable ( VxD driver Win 3.x / Dos Ext. /  OS/2 ) - mixed 16/32 bit

and more

new sign :

681. InstallIQ - 2012-2013 InstallX, LLC  [ MS C++ v.xx ] - www.installiqlearnmore.com
682. ToolBelt Installer - www.?????.com - Microsoft Visual C++ 9.0 - Visual Studio 2008
683. ( UPX 3.x modified ) Softonic Downloader - PUA / Adware / Downware - www.softonic.com*
684. Google Installer  www.google.com -  Microsoft Visual C++ ver. 8.0 / Visual Studio 2005
685. Squeez Sqx Archive Selfextractor v.5.63 SQ5SFX overlay - www.speedproject.de/enu/support/updates.html ( Upx / not Upx )
686. Adobe Flash Player v11.x - www.adobe.com - Microsoft Visual C++ 9.0 - Visual Studio 2008 (E8)
687. FreeArc 0.5x -0.67 SFX stub - ovl .Arc Archive [ v0.xx ] - Dev-C++ / UPX stub
688. Tampared : Inno Setup -> [ '????' Setup v.5.1.13 ]
689. Logic Protect EXE Ceator 2.0.4 - www.logicprotect.com ( stub : Microsoft Visual C++ ver. 8.0 )
690. CodeWall 2010 v4.1.1.0 ( *trial .NET Protector ) - www.codewall.net - Microsoft Visual C# / Basic.NET
691. Private exe Protector v.4.1.2 (30.01.2013)  - www.setisoft.com
692. Private exe Protector v.4.1.2 *Trial- DLL - (30.01.2013)  - www.setisoft.com
693. Kaspersky AV Pack  ( exe/dll ) - www.kaspersky.com    *ACM
694. InstallAware DRM ( Trialware Creator )  Copyright 1998-2009 Softwrap Ltd.
695. [.NET source exe ] - InstallAware DRM ( Trialware Creator )  Copyright 1998-2009 Softwrap Ltd.
696. Themida/Winlicense v.2.1.0.0 ( std mode ) -> Oreans Technologies - www.oreans.com  *ACM

A.S.L.

Improved File Scaner. For example, VMProtect 2.09 & apps protected by Themida/Winlicense v.2.1.0.0 can be identified now.

ReadMe.txt for Ext_Detector
Code:

  ********************************************************
  *                                                      *
  *                Ext_Detector.dll                      *
  *                                                      *
  *      Non executable detector for Exeinfo Pe          *
  *                                                      *
  *      ver.1.0.0 - required Exeinfo v.0.0.3.1          *
  *                                                      *
  *              www.exeinfo.xwp.pl                    *
  *                                                      *
  *              2013.07.06 by A.S.L                    *
  *                                                      *
  *                freeware version                      *
  *                                                      *
  ********************************************************
...

Attachment 7140
Attachment 7141

Dreamer 10-13-2013 04:41

0.0.3.4 Beta 700 sign

update : 2013-10-10
10.10.2013 - ver.0.0.3.4 Beta 700
15.06.2013 - ver.0.0.3.3 Full - fixed version (2)
30.03.2013 - ver.0.0.3.3 Beta - new user language files added , Hex2Dec converter , ovl click detector
11.02.2012 - updated : Ext_detector.dll - 62 signatures - non executable data file detector
10.11.2012 - added new Rippers , new signatures , .NET exe info , many fixes
22.07.2012 - doc/xls/msi ripper added , bug fixed , new sign added , config text color for user Skin
30.08.2011 - small GUI changes , new signature added , plugin detector added , ver.0.0.3.0
03.01.2011 - added xml ripper, compiler detector, process killer,... ver.0.0.2.9
05.12.2010 - new option , new signatures bug fixes

Code:

http://exeinfo.atwebpages.com

Corsten 12-22-2013 22:09

ExeInfoPE v0.0.3.4
22-12-2013

718 signatures / Ext_detector.dll v.1.2.0 , major update

Code:

https://app.box.com/s/s5qt4sq326h8ska8k1a5

Max 12-24-2013 01:55

ExeInfoPE v0.0.3.4

Direct links
Code:

http://download1us.softpedia.com/dl/190f08098d171b8e5aca586453e5fa55/52b87802/100038188/software/programming/exeinfope.zip


http://download1uk.softpedia.com/dl/6b3f6d26c4873f6eecbd01da53dfe7f5/52b87815/100038188/software/programming/exeinfope.zip


kjms 06-14-2014 14:00

Version : 0.0.3.5 Beta - (748 sign)
 
0.0.3.5 Beta - (748 sign)
Code:

NEW:
08.04.2014 - ver.0.0.3.5 Beta with 748 signatures / Ext_detector.dll v.1.3.0 , major update , Disassembler
http://www.asl-soft.hostoi.com/exeinfope.zip


BAHEK 06-29-2014 21:26

0.0.3.5 Beta (765+4 signatures)

many detection bugs fixes

NEWS :
added Script Engine ( sample script attached )
added compiler detector - Digital Mars D
*this version detect Delphi 2014 , new Cygwin files
include user languages : neutral , Chinese Big5
*plugins you can download from www.exeinfo.xn.pl
Ext_detector v1.5.0 - data files detector

Download:
rghost

SRN 07-26-2014 13:35

0.0.3.5 Beta - ( 748 sign )
 
xeinfo Pe ver.0.0.3.5 Beta - with 748+4 signatures

last changed :

- internal skin changed : 1,2,3 : II-Lions , Beige-White-Sun , Blue Gray cell , Mars oxygen , + new mouse cursor
- "Fast Scan OFF" procedure changed : ( work faster )
- added for user skin testing - UP key = first skin , Down Arrow = next skin file load
- Section GUI - added Cave finder ( check last 2 kb )
- added new Disassembler GUI ( color code ) - TEST VERSION not final !!! ( max BACK memory jmps 20 )
- added Copy part of file - TOOL for Big files
- added in Config - Language from file [Button]
- few non exe detection added : Apple/HP files
- updated exeinfope_Neutral_v0035.lng file
- detect Hiew , Quick Time plugins
- updated : Microsoft Visual C++ v.12 - 2013
- and other ...

Exeinfo don't support 64 bit exe but I added :

5000. UPX v.3.91w - 64 bit EXE signature - at 2013 - http://upx.sf.net
5001. UPX v.3.91w - 64 bit DLL signature - at 2013 - http://upx.sf.net
5002. MPRESS x64 ( exe/dll ) - v2.12^ -> [ v.2.xx ] - MATCODE comPRESSor 2012, MATCODE Software - www.matcode.com
5003. UPX v.3.91w - 64 bit ( RESOURCES DLL ! no CODE ) file with 0000 Entry Point - at 2013 - http://upx.sf.net



wilson bibe 07-26-2014 18:07

Hi SRN
There is a double post, here and in "Interesting Reverse Software"

EHS4N 08-08-2014 14:23

Exeinfo Pe v0.0.3.5 Beta - 765 II signatures

Code:

http://www.asl-soft.hostoi.com/ExeinfoPE_765II.zip
BR

Corsten 09-01-2014 23:49

ExeInfoPE v0.0.3.6 Beta - 770 Signs
28-08-2014

Code:

http://www.asl-soft.hostoi.com/exeinfope.zip

TheDutchJewel 11-08-2014 13:23

Ext_detector.dll v2.1 for Exeinfo PE
2014-11-07

Extension detector.dll for non-exe data file detection

Download
Code:

https://app.box.com/s/wtr61llussxk1nhunidd

XorRanger 11-12-2014 03:09

Exeinfo PE ver.0.0.3.6 Final with 784 + 4 signatures
Ext_detector.dll v.2.2.0
2014.11.03

Download
Quote:

http://www.asl-soft.hostoi.com/exeinfope.zip


All times are GMT +8. The time now is 07:58.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX