Sucop virus analysis tool(File Format Identifier) v1.4
unnoo-dswlab products
It is an auxiliary tool for virus analysis, which includes various file format recognition engine code, sniffing packers, unpacking by virtual machine, editing PE file, rebuilding PE file, obtaining the import table(using virtual machine to decode the encode import table), dumpping memory, processesing the overlay, PE address conversion, supporting PEid plugins, computing MD5 and efficient use of third-party tools, and so on. It is also used for disposing the Trojan virus samples during virus analysis.
This software is free; you can download, install, copy and distribute it noncommercially; For commercial sale, copy and distribute, you should get the warranty and permission of DSWLAB before(for example, if the anti-virus company want to use it to analyses the Trojan horse in batches, he must get mandate and permission of DSWLAB before).
v1.4 new features£º
¡ïadd obtaining the import table function, for some encode import table, you can decode it by the virutal machine. (See section 9 following), welcome the contact us if you have more suggestions
¡ïshow more useful descriptions for the invalid pe file, thanks to Pedro Lopez for proposing it
¡ïnew skin to make more beautiful, you can switch skin style after hitting option button, thanks to fly(unpack.cn) for proposing it
¡ïadd the external signatures library which collected by fly(unpack.cn), thanks for the authorization
¡ïcorrect several bugs
v1.3 new features£º
¡ïadd a task view which supports three functions:
a.terminate the process
b.corrent the image size of the module
c.dump the memory with three mode(Dump Full¡¢Dump Partial and Dump Region)
v1.2 new features£º
¡ïsupport PEid plugins
¡ïadd a feature for rebuilding PE
v1.1 new features£º
¡ïadd VMUnpacker unpack engine for unpacking, the unpacking capacity is equal VMUnpacker v1.4
¡ïadd some external signatures from the internet
¡ïadd a feature for deleting overlay and saving overlay
¡ïadd PE Address Conversion(RAV<->RAW)
First, Sniff Packers
Supporting file drag, directory drag, you can also install shell extensions to recognize file and directory. In order to recognize more packers, you can use the external signatures library (must named userdb.txt, the library format is as same as the PEid's external signatures library).
Note: A '*' will appear if this packers was sniffed by the external signatures.
Second, Unpack
You can unpack the packer if the "unpack" button can hit. The fucntion based on the technology of virtual machine, it could unpack various known & unknown packers. It is suitable for unpacking the protected Trojan horse in virus analyses, and because all codes are run under the virtual machine, so they will not take any danger to your system.
Third, PE Editor
Hit the button after "PE Section", you can edit the information of the sections.
The mainly functions are:
¡ïDisplay section information
¡ïCan modify section name, section size, section attributes and other related information
¡ïRemove the selected section name
¡ïAutomatic fix of the section
¡ïLoad section from the disk
¡ïSave section to disk
¡ïAdd a new section
¡ïDelete section from PE file
¡ïDelete section only from PE header
¡ïFill section with the specified char
Hit the SubSystem button can get the detailed PE information, you can editor them.
Fourth, Delete & Save Overlay
You can hit "Del Overlay" button to delete the overlay if the PE file has overlay, you also can hit "Save Overlay" button to save the overlay.
Fifth, Support PEid plugins
Hit Options button to set using PEid plugins, without restart FFI, the PEid plugins must be put the directory named plugins, and then Hit Plugin>>> to use PEid plugins.
sixth, ReBuild PE
This function is primarily used for repairing the PE file which was dumped from unpacking.
seventh, Support the third-party tools
Hit Manage Tools button after Hitting Options button, you can add / remove IDA / OllyDBG and other third-party tools to shell extensions, than you can activate the third-party tools in the FFI to open the target file directly.
Note: After add the third-party tools, you can hit Pulig>>> button to get their information, click them you can use the third-party to open the target file.
eighth, Dump the memory of the process
Hit TaskView button£¬then you can terminate the process and dump the memory with three mode(Dump Full¡¢Dump Partial and Dump Region), and you can also corrent the image size of the module.
ninth, Get Import table
After hitting the Get IAT button, getting the import table after choose the process, input the right OEP information before hitting DumpFixer button.
If any undistinguished API appears, you can set virtual machine decode steps, and decode this item by hitting VM Decode menu.
If there is any information which you do not want, hit Del Thunk menu or Cut Thunk menu to delete it.
If you want to get the import table for the non-main module of the process, please use right button in Manipulation records frame, and hitting Load this module menu, that is the module's import table obtained in this way.
Contact Us:
If you have any problems/suggestions in using or necessary us to add new functions in it, send us email and we will try to help, if you think the current file is good at that we modify the bug of FFI, you can send to us too.
Supercop£ºKill various kinds of Trojan horse completely, protect the security of system in an all-round way.
more free tools download£ºhttp://www.dswlab.com
Specialized desktop and safe products of content £ºhttp://www.unnoo.com
没有合适的资源?快使用搜索试试~ 我知道了~
超级巡警病毒分析工具之File Format Identifier
共9个文件
txt:3个
dll:2个
cjstyles:2个
需积分: 5 4 下载量 75 浏览量
2023-07-20
15:03:12
上传
评论
收藏 1.24MB ZIP 举报
温馨提示
File Format Identifier最新版是一款界面简洁、功能全面的病毒分析工具,File Format Identifier最新版有着各种文件格式识别功能,File Format Identifier正式版用超级巡警的格式识别引擎,集查壳、虚拟机脱壳、PE文件编辑、附加数据处理、文件地址转换以及快捷的第三方工具利用等功能,适合病毒分析和对一些病毒木马样本进行系统处理。
资源推荐
资源详情
资源评论
收起资源包目录
万能脱壳工具.zip (9个子文件)
万能脱壳工具
plugins
软件说明.txt 5KB
userdb.txt 115KB
FFI.exe 1.06MB
Office.cjstyles 301KB
unarc.dll 330KB
VUnpackSDK.dll 136KB
Vista.cjstyles 554KB
unpack.avd 30KB
readme.txt 6KB
共 9 条
- 1
资源评论
CreepZJF
- 粉丝: 1
- 资源: 14
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功