02 May 2009

File Extension Identifier v1.2

0 comments

File Extention Identifier v1.2 (16/03/2009)

Changelog:

-Add "Total Scan".
-Add "External Scan".
-Add "Scan with PEiD Signature".
-Add "Add Signature".
-Add "Process".
-Improve "PE Info" Section.
-Improve/New Detection Algorithm, Now very fast detection.
-Improve PE Signature DataBase. (Thank to AmirGooran)
-Small bug fixed

Homepage: www.webkade.ir | http://novinrayane.blogfa.com/
Download: http://invisible32.persiangig.com/My_Program/FEI.Rar | Mirror

File Format Identifier v1.4

0 comments

Sucop virus analysis tool (File Format Identifier) v1.4

unnoo-dswlab products

It is an auxiliary tool for virus analysis, which includes various file format recognition engine code, sniffing packers, unpacking by virtual machine, editing PE file, rebuilding PE file, obtaining the import table(using virtual machine to decode the encode import table), dumping memory, processing the overlay, PE address conversion, supporting PEid plugins, computing MD5 and efficient use of third-party tools, and so on. It is also used for disposing the Trojan virus samples during virus analysis.

This software is free; you can download, install, copy and distribute it non commercially; For commercial sale, copy and distribute, you should get the warranty and permission of DSWLAB before (for example, if the anti-virus company want to use it to analysis the Trojan horse in batches, he must get mandate and permission of DSWLAB before).

v1.4 new features:
- add obtaining the import table function, for some encode import table, you can decode it by the virtual machine. (See section 9 following), welcome the contact us if you have more suggestions
- show more useful descriptions for the invalid pe file, thanks to Pedro Lopez for proposing it
- new skin to make more beautiful, you can switch skin style after hitting option button, thanks to fly (unpack.cn) for proposing it
- add the external signatures library which collected by fly (unpack.cn), thanks for the authorization
- correct several bugs

v1.3 new features:
- add a task view which supports three functions:
a. terminate the process
b. correct the image size of the module
c. dump the memory with three mode(Dump Full¡¢Dump Partial and Dump Region)

v1.2 new features:
- support PEid plugins
- add a feature for rebuilding PE

v1.1 new features:
- add VMUnpacker unpack engine for unpacking, the unpacking capacity is equal VMUnpacker v1.4
- add some external signatures from the internet
- add a feature for deleting overlay and saving overlay
- add PE Address Conversion(RAV < - > RAW)

First, Sniff Packers
Supporting file drag, directory drag, you can also install shell extensions to recognize file and directory. In order to recognize more packers, you can use the external signatures library (must named userdb.txt, the library format is as same as the PEid's external signatures library).

Note: A '*' will appear if this packers was sniffed by the external signatures.

Second, Unpack
You can unpack the packer if the "unpack" button can hit. The function based on the technology of virtual machine it could unpack various known & unknown packers. It is suitable for unpacking the protected Trojan horse in virus analysis and because all codes are run under the virtual machine so they will not take any danger to your system.

Third, PE Editor
Hit the button after "PE Section", you can edit the information of the sections.
The mainly functions are:
- Display section information
- Can modify section name, section size, section attributes and other related information
- Remove the selected section name
- Automatic fix of the section
- Load section from the disk
- Save section to disk
- Add a new section
- Delete section from PE file
- Delete section only from PE header
- Fill section with the specified char

Hit the SubSystem button can get the detailed PE information, you can editor them.

Fourth, Delete & Save Overlay
You can hit "Del Overlay" button to delete the overlay if the PE file has overlay, you also can hit "Save Overlay" button to save the overlay.

Fifth, Support PEid plugins
Hit Options button to set using PEid plugins, without restart FFI, the PEid plugins must be put the directory named plugins, and then Hit Plugin >>> to use PEid plugins.

sixth, ReBuild PE
This function is primarily used for repairing the PE file which was dumped from unpacking.

seventh, Support the third-party tools
Hit Manage Tools button after Hitting Options button, you can add / remove IDA / OllyDBG and other third-party tools to shell extensions, than you can activate the third-party tools in the FFI to open the target file directly.

Note: After add the third-party tools, you can hit Pulig>>> button to get their information, click them you can use the third-party to open the target file.

eighth, Dump the memory of the process
Hit TaskView button then you can terminate the process and dump the memory with three mode(Dump Full Dump Partial and Dump Region), and you can also correct the image size of the module.

ninth, Get Import table
After hitting the Get IAT button, getting the import table after choose the process, input the right OEP information before hitting DumpFixer button.
If any undistinguished API appears, you can set virtual machine decode steps, and decode this item by hitting VM Decode menu.
If there is any information which you do not want, hit Del Thunk menu or Cut Thunk menu to delete it.
If you want to get the import table for the non-main module of the process, please use right button in Manipulation records frame, and hitting Load this module menu, that is the module's import table obtained in this way.


Supercop Kill various kinds of Trojan horse completely, protect the security of system in an all-round way.
more free tools download http://www.dswlab.com
Specialized desktop and safe products of content http://www.unnoo.com

Download Page: http://www.unnoo.com/html/soft/toolkit/2009/0126/37.html
http://www.unnoo.com/html/soft/toolkit/2009/0126/38.html

Download: ffi.zip 1.25 MB


http://ul.to/5ct7s6/Unpacker-ExeCryptor-2.x.x-v1.0-RC2.zip
removes some false positive by a few keygens

Outpost Firewall Free 2009 6.5.2724.381.0687

0 comments
Outpost Firewall Free gives you solid firewall protection with standard packet and application filtering to safeguard your data against unauthorized third parties. Plus, you get advanced protection against illegal program activity that will help stymie unknown threats. All this coupled with minimum impact on your system resources makes Outpost Firewall Free a must-have instrument for an unprotected PC.


* Bidirectional firewall
* Protection that can’t be shut down by hackers
* Application behavior monitoring
* Intuitive, resource-friendly operation
* Activity monitoring capabilities
* Windows Vista and 64-bit compatibility



Outpost Firewall Free 6.5
Filename: OutpostFreeInstall.exe
File size: 16.63MB (17,432,664 bytes)
Requirements: Windows 2000/XP/2003/Vista
License: Freeware
Homepage: free.agnitum.com
MD5 Checksum: C7A74FA74E25A4ED5865EE9774875308

32 bit: http://dl2.agnitum.com/OutpostFreeInstall.exe
64 bit: http://dl2.agnitum.com/OutpostFreeInstall64.exe

Mirrors:
32-бит:http://www.agnitum.com/download/OutpostFreeInstall.exe
64-бит: http://www.agnitum.com/download/OutpostFreeInstall64.exe

01 May 2009

CCleaner 2.19.900 without Toolbar

0 comments

Version History

v2.19.900
--------------------------------------------
- Added support for Firefox 3.5 beta.
- Fixed IE8 cookies deletion after reboot.

v2.19.889
--------------------------------------------
- Improved support for Google Chrome v2.
- Fixed bug with IE8 cookies.
- Added support for Flash Cookies.
- Added Tool to manage System Restore Files (XP and Vista only).
- Added support to remove Opera Recently Typed URLs.
- Fixed bug which was displaying wrong Total Bytes removed.
- Improved exception handling.
- Fixed virtual function bug.
- Minor performance improvements.
http://www.ccleaner.com/download/version-history


CCleaner v2.19.900 - Slim
- No Toolbar
959KB
http://www.ccleaner.com/download/builds/downloadbinslim
Direct Link (no visit)
http://download.ccleaner.de/ccsetup219_slim.exe

- No install (portable)
http://www.ccleaner.com/download/builds/downloadbinportable

Ratio Faker v0.9.10

0 comments


Homepage: http://ratiofaker.blogspot.com/
BBS: http://forum.lowyat.net/index.php?showtopic=942603

Changelog

Download: RatioFaker.zip | Mirror | Mirror

older Version 0.9.8: RatioFaker.0980.zip | Mirror | Mirror

Exeinfo PE ver. 0.0.2.3 Beta by A.S.L. 490 sign 2009.04.26

0 comments

Beta test version

Best PE identify Tool with unpacking hints!

Homepage: http://www.exeinfo.xwp.pl/
Download: ExeEinfo_0.0.2.3Beta.rar 547.11 KB | Mirror | Mirror

Archive