Jump to content
Tuts 4 You

4n4lDetector 2.7.0

4n0nym0us

By 4n0nym0us

 Share

3 Screenshots

About This File

This is a scan tool for Microsoft Windows executables, libraries, drivers and mdumps. Its main objective is to collect the necessary information to facilitate the identification of malicious code within the analyzed files. This tool analyzes, among other things, the PE header and its structure, the content of the sections, the different types of strings, among many other things. It also incorporates a multitude of its own ideas to recognize anomalies in the construction of files and the detection of mechanisms used by current malware.

Using the tool is simple, just configure the options in the drop-down panel on the right and drag the samples into 4n4lDetector.

Full support:
  - 32 bits (8086, x86, ARMv7)
  - 64 bits (AMD64, x86-64, x64, ARMv8)

Buttons code:
  - Buttons colored green are action buttons that open files and folders or are used to interact with the tool's utilities.
  - The buttons colored in red perform reconfigurations, deletion of data or reset of functional files.
  - Purple buttons announce the activation of online interactions.
  - The pink buttons are shortcut buttons that the tool uses as tabs to navigate between different types of utilities.

Shortcuts:
  - [A] Main analysis tab
  - [W] Analysis tab in modifiable HTML format for report (WebView)
  - [S] Viewer of strings extracted from the parsed file
  - [V] Module with the Virustotal report using its API
  
Detections:
  - PE Information
  - Unusual Entry Point Position or Code (Algorithms, Anomalous Instructions... )
  - Packers
  - Compilations
  - Binders/Joiners/Crypters
  - Architectures
  - Possible malicious functions
  - Registry Keys
  - Files Access
  - Juicy Words
  - Anti-VM/Sandbox/Debug
  - URLs Extractor
  - Payloads
  - AV Services
  - Duplicate Sections
  - IP/Domains List
  - Config RAT (Only In Memory Dumps)
  - Call API By Name
  - Unusual Chars In Description File (Polymorphic Patterns)
  - Rich Signature Analyzer
  - CheckSum Integrity Problem
  - PE Integrity Check
  - SQL Queries
  - Emails
  - Malicious resources
  - PE Carve
  - Exploits
  - File Rules for Entry Points and more... 😃

Console Options (Analysis to file):
  - 4n4lDetector.exe Path\App.exe -GUI (Start the graphical interface parsing a file from the console)
  - 4n4lDetector.exe Path\App.exe -TXT (Parse a file from the console and the output is written to a TXT file)
  - 4n4lDetector.exe Path\App.exe -GREMOVE (Remove binary after scan)
  - 4n4lDetector.exe Path\App.exe -HTML (Parse a file from the console and the output is written to HTML file)

  • Like 1
  • Thanks 2
 Share
Previous File Exeinfo PE
Next File RozDll (Advanced Dynamic Proxy DLL Generator)

User Feedback

Recommended Comments

There are no comments to display.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...