Leaderboard

4n4lDetector 3.0.0 Download: https://github.com/4n0nym0us/4n4lDetector/releases/tag/v3.0 [+] The function search code for "Import Table" and "Call Api By Name" has been optimized. [+] A general optimization has been performed with one of the largest buffers in memory, this positively affects the stability and speed of the general analysis. [+] The size of the file to be analyzed has been increased by default to 50MB. [+] An optimization has been made in the search engine for the "Show Offsets" option and in the handling of buffers. [+] Searches for generic malware terms, different types of exploitation, APTs and terminologies that may affect the State in "4n4l.Rules" have been included. [+] A cleaning of null bytes 0x00 is performed in the variable where the report is stored to avoid bugs in the output of the text box of the main form. [+] The tool interface takes on a darker base tone. [+] A donation button via (PAYPAL) has been included since I have finally decided to continue with the project publicly for everyone. [+] A bug was fixed in which false functions could be included in the "Export Table" list by carving. [+] The Interest's Words module includes new internal words for the tool, for ansi and unicode. [+] A bug in the web view was fixed that could aesthetically affect the view of the Interest's Words module statement. [+] Optimizations were made in the Known IP/Domains module for ansi and unicode. [+] New search syntaxes were included in the "Intelligent Strings" module to increase interesting results. -> Internal cleanup syntaxes were added to show more stylized results. -> An optimization has been made with a direct impact on the variables used in this module. [+] A more selective cleaning of the extracted URLs is performed: -> URLs with extensions in the context of PKI digital certificates are reconstructed. -> Htm extensions are reconstructed. -> ".com" domain endings are cleaned. -> Possible HTML code cleaning is performed. [+] A progression system based on medals has been included. -> Brown Padawan Medal, Bronze Medal, Silver Medal, Gold Medal and Platinum Medal. -> The process can be slow, don't despair... because it's worth it. -> These medals will be earned as you use the tool over the course of days, weeks, months and consequently their functionality will also increase progressively. -> The medals will only work on the work machine on which they have been earned, if you want to make it work on another machine of yours try it yourself (You're a hacker, right?). -> The features or surprises that come with leveling up are not included in this file, although you can review them in the "Settings" section of the tool.

release 1.42 +support x86 injection(LdrLoadDll) +fix bug(load patch file) Remote Process Injector1.42.rar

0.0.8.7 Beta II ExeinfoPe_0087_Beta_II.zip

@4n0nym0us have you tried updating and attaching the latest file here? Ted.

4n4lDetector 2.9.0 Download: https://github.com/4n0nym0us/4n4lDetector/releases/tag/v2.9 [+] New logo of the application by Sandra Badia Gimeno (www.sandrabadia.com). [+] Relocated Kernel-mode functions to the Suspicious Functions section. [+] Surprises are included so you don't get bored with daily use of the tool. [+] A multitude of tests were carried out focused on providing the greatest stability, speed and effectiveness of the extracted contents. [+] Optimization during idle state. File creation checks are no longer performed for the PECarve and UPX functionalities. [+] Detection of sections that allow writing from flags was included. [+] The extraction of functions from the "Export Table" using Carving has been slightly improved. [+] The name of the file under analysis has been included in the content of the report. [+] Added a longer description about the possibilities of the Zombie_AddRef function. [+] Fixed a bug where the "Show Offsets" tool dump did not allow reading a small portion of the end of the analyzed file. [+] Now when you click on the Virustotal result in the main form, it will take us to the analysis web page. [+] Virustotal analysis has been included in the analyzes carried out from console mode. [+] Review of Shikata_ga_nai detections and update of Payload detection heuristics. [+] Increased and improved the query extraction functionality of the ASCII and UNICODE records branch. [+] Increased and improved the ASCII and UNICODE SQL query extraction functionality. [+] Increased and improved URL extraction functionality, also searches FTP and SFTP in ASCII and UNICODE. [+] Increased and improved ASCII and UNICODE file name extraction functionality. -> .EXE, .DLL, .BAT, .VBS, .VBE, .JSE, .WSF, .WSH, .PS1, .PSM1, .PSC1, .SCR, .HTA, .DLL, .PIF, .MSI , .MSP, .SYS, .CPL, .JAR, .TXT, .INI, .PDF, .WDS, .DOC [+] The word finder has been completely delimited for any search location of the text boxes. -> In web view the browser is now automatically blocked. [+] Fixed a rare error in the IPs section that could lead the execution thread to a loop without finishing analyzing the files. -> This fix also fixed the ability to end analysis with a single active option in the tool's modules panel. [+] The 4n4l.rules module now internally converts text format rules "T:" to Unicode format. -> The rules of this file have been optimized, now search more with less. [+] The bytes to be reviewed at the Entry Point by the rules file are increased from 100 to 1500. -> Revised some of the rules to eliminate false positives after the update. [+] The reading of the rule files is done only once after starting the application or after the first analysis, then it is loaded into memory for future uses. -> The charging status can be checked from the "Settings" section. [+] Added the tilde (~), the dollar ($), the single quote (') and the double quote (") as characters that can be part of the reports. -> A conversion filter is applied to these quotes for the tool's Web view. [+] Worked on the efficiency of the "Intelligent Strings" module. -> The length of strings to be analyzed was increased in all the Strings functionalities of the tool (75% longer strings). -> Specific cleanup of anomalous characters is now performed and new ones are allowed. -> Search words were extended. [+] Added a graph in charge of displaying the content of the executables and any analyzed files. -> The executable header is displayed in blue. -> The identified sections are divided between magenta for the executable sections and black for the rest. -> The excess code of the executables will have a red color as in Crypters, Binders, Joiners... -> If the analyzed section contains an RSize of zero, its content will not be painted on the graph. -> If the file is not a Windows executable, it will be scanned for printable characters and the absence of printable characters. Blue and black when there is no content. -> When you double click on the graph, it will automatically be saved in the analysis folder. -> The executions measure the console mode of the application "-TXT", "-HTML" or "-GREMOVE" include the graph as analysis output.

Excellent work. baby malibu

This thing helped me to play Joker's exe (packaged swf) https://github.com/Aira-Sakuranomiya/CleanFlashInstaller/releases

Yes, you need to install trillix swf decompiler. https://cdn.eltima.com/download/flash_decompiler.exe Regards. sean.

Since flash is killed and lena151 tuts are in flash here is quick help to open the files https://drive.google.com/drive/folders/1lmqCzf2vNoddp70wrWBKS_GS7iPLD-RN?usp=sharing

1.43 +fix pass command line in Manual Map option. +check old byte before patch (1337 file) +detect x86 or x64 file image if not same exe will crash. Remote Process Injector1.43.zip

pass word please

I released new version to 1.4 +dlll manual map +random tittle name .Remote Process Injector1.4.zip

This prog allow code to execute at main exe entry point. I suspect others load dll that dll not get execute first. Also others maybe free x86 not x64 .

Dll contain your own written for anything such as hooking ,access memory that this prog load and pause at EP(entry point) allow code in dll exec first. 1337 file path(x64dbg patch file) get call at patch accordingly after code inside get call.

https://superjacksoftware.com/f/viewtopic.php?p=11#p11 1.2 +hide dll from target process version 1.32 +load x64dbg patch file

0.0.8.8 (25.01.2025) 1209 + 181 signatures x64 Ext_detector - v7.4.7 ( 747 non exe signatures ) external signatures : userdb.txt : 4462 Whats new: added .NET GUI auto click on .NET 4 / 6 detector added .PYD x86 v2.x 3.x / x64 v3.x version detector fixed cpu version detector added added [ generic - CPU : 0x01C4 ARMv7 ] for : GO Programming Language Compiler added x86 only : [ plugin : Photoshop plugin ] fix 5005. x64 Microsoft Visual C++ v14.20 - 2008 [ RT_CODE ] - DLL added to .pdb - NOT EXE - .IDB Microsoft Developer intermediate added .zlib ripper fixed - Zlib - false Alarm - skipped ( now ripp more files ) - fixed for Android backup : fullbackup.ab added .zlib added ripper for zlib v2 - if Fast scan off option in Config (example : installer LLC SysDev Laboratories ) added detector NOT EXE - .zlib v2 files added dll detector - XerinVM.Runtime v1.0 2024 small fixed XerinFuscator v1.0 - 3.0 , XFUSCATOR 1.0.0.4 added x64 [ NSTD section packed data/vmp ] - stub : x64 Microsoft Visual C++ v14.28 fixed added h265 - NOT EXE - .mp4/m4v ( MPEG-4 ) Buffor for exe set to : 380 MB overlay - scan deeper for 7zip , zip , ect... fixed x64 VMProtect fixed MS C++ detector for VMProtect SDK used x86/x64 Header GUI - added DBG string text label added runtime detector for x86/x64 - [ dotNet Protector Runtime PvLog ] added [ VMProtect SDK used ] Borland Delphi 2009-2010 - borland.com added .NET GUI BSJB button https://github.com/ExeinfoASL/ASL/releases/download/v0.0.8.8/exeinfope.zip

I did I dont even get as far as to try to exctract it.

Try using the PW include in the archive name.

x64 bit .

Downloading the files I cant open them, it always returns checksum error.

New Skin

Any one success unpack example notepad.exe Sentinel Hardware Key 7.5.0.rar

top right corner, blue button:

Where is download link?

Thank you for good

dont really always comment but THANK YOU SOOOOOOOOOO MUCH

Exeinfo PE 0.0.8.6 Exeinfo PE 0.0.8.6.zip

Alice thanks the author - an excellent collection♥️ nice

thx

this is not a video ARTeam.esfv can be opened in the ARTeamESFVChecker to verify all files have been released by ARTeam and are unaltered.

But there is not unpacker solution only packed exe sample file, how to unpack it please help me.

thanks

Great. Thank you for sharing this tutorial.

Thank you very for this big sharing

I have uploaded the new version to the web.

This is absolute gold. Much better than the official docs.. This is now on the Microsoft website here: Part 1 Part 2

Thank you so much.

yeah, smth is not good maybe it works only on Win XP? its 20 years old... this is all I see - does not start to play

EDIT: Hello @jackyjask, now when you click on download you can select both v8.3 and v8.4. Enjoy!

Download from here: https://down.52pojie.cn/Tools/Patchers/

@Teddy Rogers Many thanks for sharing it. Regards. sean.

Thanks any unpacker list available?

awesome share

thank you very much for this post this exellent

thank you very much for this post this exellent

Thank you! I get it.

these are packer not unpackers

Thanks!

Thank you !