I have uploaded the new version to the web.

Edited June 3, 20241 yr by 4n0nym0us

Excellent work. baby malibu

4n4lDetector 2.9.0

Download:

https://github.com/4n0nym0us/4n4lDetector/releases/tag/v2.9

[+] New logo of the application by Sandra Badia Gimeno (www.sandrabadia.com).
[+] Relocated Kernel-mode functions to the Suspicious Functions section.
[+] Surprises are included so you don't get bored with daily use of the tool.
[+] A multitude of tests were carried out focused on providing the greatest stability, speed and effectiveness of the extracted contents.
[+] Optimization during idle state. File creation checks are no longer performed for the PECarve and UPX functionalities.
[+] Detection of sections that allow writing from flags was included.
[+] The extraction of functions from the "Export Table" using Carving has been slightly improved.
[+] The name of the file under analysis has been included in the content of the report.
[+] Added a longer description about the possibilities of the Zombie_AddRef function.
[+] Fixed a bug where the "Show Offsets" tool dump did not allow reading a small portion of the end of the analyzed file.
[+] Now when you click on the Virustotal result in the main form, it will take us to the analysis web page.
[+] Virustotal analysis has been included in the analyzes carried out from console mode.
[+] Review of Shikata_ga_nai detections and update of Payload detection heuristics.
[+] Increased and improved the query extraction functionality of the ASCII and UNICODE records branch.
[+] Increased and improved the ASCII and UNICODE SQL query extraction functionality.
[+] Increased and improved URL extraction functionality, also searches FTP and SFTP in ASCII and UNICODE.
[+] Increased and improved ASCII and UNICODE file name extraction functionality.
   -> .EXE, .DLL, .BAT, .VBS, .VBE, .JSE, .WSF, .WSH, .PS1, .PSM1, .PSC1, .SCR, .HTA, .DLL, .PIF, .MSI , .MSP, .SYS, .CPL, .JAR, .TXT, .INI, .PDF, .WDS, .DOC
[+] The word finder has been completely delimited for any search location of the text boxes.
   -> In web view the browser is now automatically blocked.
[+] Fixed a rare error in the IPs section that could lead the execution thread to a loop without finishing analyzing the files.
   -> This fix also fixed the ability to end analysis with a single active option in the tool's modules panel.
[+] The 4n4l.rules module now internally converts text format rules "T:" to Unicode format.
   -> The rules of this file have been optimized, now search more with less.
[+] The bytes to be reviewed at the Entry Point by the rules file are increased from 100 to 1500.
   -> Revised some of the rules to eliminate false positives after the update.
[+] The reading of the rule files is done only once after starting the application or after the first analysis, then it is loaded into memory for future uses.
   -> The charging status can be checked from the "Settings" section.
[+] Added the tilde (~), the dollar ($), the single quote (') and the double quote (") as characters that can be part of the reports.
   -> A conversion filter is applied to these quotes for the tool's Web view.
[+] Worked on the efficiency of the "Intelligent Strings" module.
   -> The length of strings to be analyzed was increased in all the Strings functionalities of the tool (75% longer strings).
   -> Specific cleanup of anomalous characters is now performed and new ones are allowed.
   -> Search words were extended.
[+] Added a graph in charge of displaying the content of the executables and any analyzed files.
   -> The executable header is displayed in blue.
   -> The identified sections are divided between magenta for the executable sections and black for the rest.
   -> The excess code of the executables will have a red color as in Crypters, Binders, Joiners...
   -> If the analyzed section contains an RSize of zero, its content will not be painted on the graph.
   -> If the file is not a Windows executable, it will be scanned for printable characters and the absence of printable characters. Blue and black when there is no content.
   -> When you double click on the graph, it will automatically be saved in the analysis folder.
   -> The executions measure the console mode of the application "-TXT", "-HTML" or "-GREMOVE" include the graph as analysis output.

4n4lDetector 3.0.0

Download:

https://github.com/4n0nym0us/4n4lDetector/releases/tag/v3.0

[+] The function search code for "Import Table" and "Call Api By Name" has been optimized.
[+] A general optimization has been performed with one of the largest buffers in memory, this positively affects the stability and speed of the general analysis.
[+] The size of the file to be analyzed has been increased by default to 50MB.
[+] An optimization has been made in the search engine for the "Show Offsets" option and in the handling of buffers.
[+] Searches for generic malware terms, different types of exploitation, APTs and terminologies that may affect the State in "4n4l.Rules" have been included.
[+] A cleaning of null bytes 0x00 is performed in the variable where the report is stored to avoid bugs in the output of the text box of the main form.
[+] The tool interface takes on a darker base tone.
[+] A donation button via (PAYPAL) has been included since I have finally decided to continue with the project publicly for everyone.
[+] A bug was fixed in which false functions could be included in the "Export Table" list by carving.
[+] The Interest's Words module includes new internal words for the tool, for ansi and unicode.
[+] A bug in the web view was fixed that could aesthetically affect the view of the Interest's Words module statement.
[+] Optimizations were made in the Known IP/Domains module for ansi and unicode.
[+] New search syntaxes were included in the "Intelligent Strings" module to increase interesting results.
   -> Internal cleanup syntaxes were added to show more stylized results.
   -> An optimization has been made with a direct impact on the variables used in this module.
[+] A more selective cleaning of the extracted URLs is performed:
   -> URLs with extensions in the context of PKI digital certificates are reconstructed.
   -> Htm extensions are reconstructed.
   -> ".com" domain endings are cleaned.
   -> Possible HTML code cleaning is performed.
[+] A progression system based on medals has been included.
   -> Brown Padawan Medal, Bronze Medal, Silver Medal, Gold Medal and Platinum Medal.
   -> The process can be slow, don't despair... because it's worth it.
   -> These medals will be earned as you use the tool over the course of days, weeks, months and consequently their functionality will also increase progressively.
   -> The medals will only work on the work machine on which they have been earned, if you want to make it work on another machine of yours try it yourself (You're a hacker, right?).
   -> The features or surprises that come with leveling up are not included in this file, although you can review them in the "Settings" section of the tool.

@4n0nym0us have you tried updating and attaching the latest file here?

Ted.