Collection of external Sigs for PEID
Hi Guys,
I went onto PEID's web site and compiled a bit of a list of PEID external signatures.
Now I just checked the file and it seems to contain a few duplicates (my bad) but this does not affect the operation of PEID.
Also I was not choosy about which Sigs I added (I just milked all the ones since Jan-2005). Some of the sigs might give false positives. What I did do though was to try to order the sigs to perform version specific checks before generic checks.
Perhaps we can share more external sigs.
As usual replace or append this file onto userdb.txt in the PEID folder
Problem Sigs with UPolyX:
I think the sigs for UPolyX are not cool.
I tested by scanning Delphi 2005 install folder.
This is the biggest culprit:
[UPolyX v0.5]
signature = ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00
ep_only = false
But there are other problem sigs for UPolyX
WinRAR SFX is badly detected too!
|