Sunday, April 5, 2009

VirusTotal for Online File Analysis

VirusTotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines.

  • Free, independent service
  • Use of multiple antivirus engines
  • Real-time automatic updates of virus signatures
  • Detailed results from each antivirus engine
  • Real time global statistics

VirusTotal is a service developed by Hispasec Sistemas, an independent IT Security laboratory, that uses several command line versions of antivirus engines, updated regularly with official signature files published by their respective developers.

This is a list of the companies that participate in VirusTotal with their antivirus engines.

Tools
at 9:39 AM 0 comments

Sunday, March 29, 2009

Debugging with OllyDbg v2.0 Beta 2

Created by Oleh Yuschuk (also known as Olly), OllyDbg is a 32-bit assembler level analysing debugger for Microsoft® Windows®. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable. OllyDbg is a shareware, but you can download and use it for free. Special highlights are:
  • Intuitive user interface, no cryptical commands
  • Code analysis - traces registers, recognizes procedures, loops, API calls, switches, tables, constants and strings
  • Directly loads and debugs DLLs
  • Object file scanning - locates routines from object files and libraries
  • Allows for user-defined labels, comments and function descriptions
  • Understands debugging information in Borland® format
  • Saves patches between sessions, writes them back to executable file and updates fixups
  • Open architecture - many third-party plugins are available
  • No installation - no trash in registry or system directories
  • Debugs multithread applications
  • Attaches to running programs
  • Configurable disassembler, supports both MASM and IDEAL formats
  • MMX, 3DNow! and SSE data types and instructions, including Athlon extensions
  • Full UNICODE support
  • Dynamically recognizes ASCII and UNICODE strings - also in Delphi format!
  • Recognizes complex code constructs, like call to jump to procedure
  • Decodes calls to more than 1900 standard API and 400 C functions
  • Gives context-sensitive help on API functions from external help file
  • Sets conditional, logging, memory and hardware breakpoints
  • Traces program execution, logs arguments of known functions
  • Shows fixups
  • Dynamically traces stack frames
  • Searches for imprecise commands and masked binary sequences
  • Searches whole allocated memory
  • Finds references to constant or address range
  • Examines and modifies memory, sets breakpoints and pauses program on-the-fly
  • Assembles commands into the shortest binary form
  • Starts from the floppy disk
and much, much more! Visit OllyDBG website now!
at 9:26 AM 0 comments

Friday, March 27, 2009

Explorer Suite VII


Released in March 9, 2009, Explorer Suites VII created by Daniel Pistelli, a freeware suite of tools including a PE editor called CFF Explorer and a process viewer. The PE editor has full support for PE32/64. Special fields description and modification (.NET supported), utilities, rebuilder, hex editor, import adder, signature scanner, signature manager, extension support, scripting, disassembler, dependency walker etc. First PE editor with support for .NET internal structures. Resource Editor (Windows Vista icons supported) capable of handling .NET manifest resources. The suite is available for x86, x64 and Itanium. 

- Explorer Suite (Multi-Platform Version, Recommended) 
- Explorer Suite (x86 Version) 
- CFF Explorer (x86 Version, stand-alone, Zip Archive) 
- CFF Explorer Extensions Repository 

The CFF Explorer was designed to make PE editing as easy as possible, but without losing sight on the portable executable's internal structure. This application includes a series of tools which might help not only reverse engineers but also programmers. It offers a multi-file environment and a switchable interface.

at 5:31 AM 0 comments

Thursday, March 26, 2009

Latest Windows Genuine Advantage v1.9.0040.0 Released

Brief Description
Windows Genuine Advantage Notifications is a tool to help reduce software piracy. This tool will confirm that the copy of Windows installed on the PC is genuine and properly licensed. If it is not genuine, the tool will provide periodic reminders to help you take the appropriate action.

Quick Details
File Name: WindowsXP-KB905474-ENU-x86.exe
Version: 1.9.0040.0
Date Published: March 24, 2009
Language: English
Download Size: 1.5 MB
at 8:46 PM 0 comments

Wednesday, March 25, 2009

WinLicense Latest Release 2.0.7.0

Released in March 25, 2009, WinLicense is a powerful protection system designed for software developers who wish to protect their applications against advanced reverse-engineering and software cracking. Developers do not need any source code changes or programming experience to protect their applications with WinLicense.

WinLicense uses SecureEngine® protection technology, which is able to run its code at the highest priority level to implement never before seen protection techniques; this protects any application with the highest level of security.

Here are just a few of WinLicense protection features:

  • Multilevel encryption to protect code and data in an application.
  • Advanced detection of cracking tools.
  • Execution of code the highest level of priority to implement never before seen protection techniques.
  • Scrambles executable code, data, and APIs in the application to avoid any possible reconstruction of the original application.
  • Protection against all disassemblers and debuggers.
  • SDK offers two-way communication with SecureEngine® and the protected application.
  • Advanced technology which prevents dumping from memory to disk.
  • Fully customizable protection options and dialogs.
at 11:19 PM 0 comments
Subscribe to: Posts (Atom)