rukov Posted June 7, 2015 Report Posted June 7, 2015 It is a new tool for analysis of Windows executable files, in order to quickly identify if this is or is not a malware. Most analyzes are based on the extraction of strings "ANSI" and "UNICODE" in disk, but also works with "Memory Dumps". Obviously, the latter option might compromise the security of your computer when you run the samples, so it's recommended make this in laboratory systems.Download https://docs.google.com/uc?id=0B74kMAGqImI9R1o4Q2Z1X054cjA 1 Quote
rukov Posted July 18, 2015 Author Report Posted July 18, 2015 4n4lDetector v1.1[+] Added a command line, which writes the report in the root.Use -> (4n4lDetector.exe c: \malware.exe)[+] Added new words to the module "Interest Words".[+] Added the removal of the Subsystem field, associated with the application type and size of image.[+] Fixed a bug in the representation of the possible builds hidden behind UPX.[+] Including new executables to remove command lines.[+] Including the removal of new registry paths.[+] Added the removal of new APIS, detections of calls to functions using Call API By Name, Call API by Hash and mZombieInvoke.[+] Added a new binary to run x86 libraries in memory, within the run mode.[+] Anti detection methods of Deep Freeze.[+] Enhanced the removal of URLs Unicode.[+] Reorganization of searching for information on non-executable binary.[+] Detection of lack of permission to access the binary to analyze.[+] Routine detection of executables called Dnet.Dropper, Crypters, joiners and binders.[+] Extraction routine of routes with executable binaries improved.Download https://docs.google.com/uc?id=0B74kMAGqImI9a0NrYjdiNnMyc00 Quote
