View Single Post
  #1  
Old 10-25-2005, 17:59
redbull redbull is offline
Friend
 
Join Date: Mar 2004
Posts: 160
Rept. Given: 17
Rept. Rcvd 5 Times in 4 Posts
Thanks Given: 3
Thanks Rcvd at 6 Times in 6 Posts
redbull Reputation: 5
Collection of external Sigs for PEID

Hi Guys,

I went onto PEID's web site and compiled a bit of a list of PEID external signatures.

Now I just checked the file and it seems to contain a few duplicates (my bad) but this does not affect the operation of PEID.

Also I was not choosy about which Sigs I added (I just milked all the ones since Jan-2005). Some of the sigs might give false positives. What I did do though was to try to order the sigs to perform version specific checks before generic checks.

Perhaps we can share more external sigs.

As usual replace or append this file onto userdb.txt in the PEID folder

Problem Sigs with UPolyX:

I think the sigs for UPolyX are not cool.

I tested by scanning Delphi 2005 install folder.

This is the biggest culprit:

[UPolyX v0.5]
signature = ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00
ep_only = false

But there are other problem sigs for UPolyX

WinRAR SFX is badly detected too!
Attached Files
File Type: txt PEID external sigs.txt (75.0 KB, 75 views)
Reply With Quote