<!--
This file is part of the pestudio solution (www.winitor.com).
Any usage of this file outside of the context of pestudio (e.g. in third-party application, tools chain, etc...) must be explicitely authorized.
Please note that this file will be modified when running pestudio.
-->
<xml version="1.0" encoding="utf-8" flag="1">
<sigs>
<sig id="100" flag="1">
<text>!EP (ExE Pack) V1.0 -> Elite Coding Group</text>
<pattern>60 68 xx xx xx xx B8 xx xx xx xx FF 10</pattern>
</sig>
<sig id="101" flag="1">
<text>!EP(ExE Pack) V1.0 -> 6aHguT g-l-u-k</text>
<pattern>
60 68 xx xx xx xx B8 xx xx xx xx FF 10 68 xx xx xx xx 50 B8 xx xx xx xx FF 10 68 xx xx xx xx
6A 40 FF D0 89 05 xx xx xx xx 89 C7 BE xx xx xx xx 60 FC B2 80 31 DB A4 B3 02 E8 6D 00 00 00
73 F6 31 C9 E8 64 00 00 00 73 1C 31 C0 E8 5B 00 00 00 73 23 B3 02 41
</pattern>
</sig>
<sig id="102" flag="1">
<text>!EP(ExE Pack) V1.4 lite b2 -> 6aHguT g-l-u-k</text>
<pattern>
00 00 00 00 00 00 00 00 xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 00 00 00 00 00 xx xx xx
xx xx xx xx xx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xx xx xx xx 00 00
00 00 xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 00 4B 45 52 4E 45
</pattern>
</sig>
<sig id="103" flag="1">
<text>!EP(ExE Pack) V1.4 lite final -> 6aHguT g-l-u-k</text>
<pattern>
90 90 90 90 61 B8 xx xx xx xx FF E0 55 8B EC 60 55 8B 75 08 8B 7D 0C E8 02 00 00 00 EB 04 8B
1C 24 C3 81 C3 00 02 00 00 53 57 8B 07 89 03 83 C7 04 83 C3 04 4E 75 F3 5F 5E FC B2 80 8A 06
46 88 07 47 02 D2 75 05 8A 16 46 12 D2 73 EF 02 D2 75 05 8A 16 46 12
</pattern>
</sig>
<sig id="104" flag="1">
<text>!EPack 1.4 lite (final) - by 6aHguT</text>
<pattern>
33 C0 8B C0 68 xx xx xx xx 68 xx xx xx xx E8
</pattern>
</sig>
<sig id="105" flag="1">
<text>!EPack V1.4 lite final -> 6aHguT</text>
<pattern>
33 C0 8B C0 68 xx xx xx xx 68 xx xx xx xx E8 xx 00 00 00 68 xx xx xx xx 68 xx xx xx xx E8 xx 00 00 00
</pattern>
</sig>
<sig id="106" flag="1">
<text>$pirit v1.5</text>
<pattern>
xx xx xx 5B 24 55 50 44 FB 32 2E 31 5D
</pattern>
</sig>
<sig id="107" flag="1">
<text>
PseudoSigner 0.2 Yoda's Protector 1.02 --> Anorganix
</text>
<pattern>
E8 03 00 00 00 EB 01 90 90
</pattern>
</sig>
<sig id="108" flag="1">
<text>.BJFnt v1.1b</text>
<pattern>
EB 01 EA 9C EB 01 EA 53 EB 01 EA 51 EB 01 EA 52 EB 01 EA 56
</pattern>
</sig>
<sig id="109" flag="1">
<text>.BJFnt v1.2 RC</text>
<pattern>
EB 02 69 B1 83 EC 04 EB 03 CD 20 EB EB 01 EB 9C EB 01 EB EB
</pattern>
</sig>
<sig id="110" flag="1">
<text>.BJFnt v1.3</text>
<pattern>
EB 03 3A 4D 3A 1E EB 02 CD 20 9C EB 02 CD 20 EB 02 CD 20 60
</pattern>
</sig>
<sig id="111" flag="1">
<text>.BJFnt v1.3</text>
<pattern>
EB xx 3A xx xx 1E EB xx CD 20 9C EB xx CD 20 EB xx CD 20 60 EB
</pattern>
</sig>
<sig id="112" flag="0">
<text>.NET DLL -> Microsoft</text>
<pattern>
00 00 00 00 00 00 00 00 5F 43 6F 72 44 6C 6C 4D 61 69 6E 00 6D 73 63 6F 72 65 65 2E 64 6C 6C
00 00 xx 00 00 FF 25
</pattern>
</sig>
<sig id="113" flag="0">
<text>.NET executable -> Microsoft</text>
<pattern>
00 00 00 00 00 00 00 00 5F 43 6F 72 45 78 65 4D 61 69 6E 00 6D 73 63 6F 72 65 65 2E 64 6C 6C
00 00 00 00 00 FF 25
</pattern>
</sig>
<sig id="114" flag="0">
<text>Microsoft .NET</text>
<pattern>
FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
</pattern>
</sig>
<sig id="115" flag="1">
<text>32Lite v0.03a</text>
<pattern>
60 06 FC 1E 07 BE xx xx xx xx 6A 04 68 xx 10 xx xx 68
</pattern>
</sig>
<sig id="116" flag="1">
<text>3DMark Database file</text>
<pattern>
33 44 4D 61 72 6B 20 44 61 74 61 62 61 73 65 20 46 69 6C 65
</pattern>
</sig>
<sig id="117" flag="1">
<text>624 (Six to Four) v1.0</text>
<pattern>
50 55 4C 50 83 xx xx FC BF xx xx BE xx xx B5 xx 57 F3 A5 C3 33 ED
</pattern>
</sig>
<sig id="118" flag="1">
<text>MSLRH v32a -> emadicius</text>
<pattern>
EB 05 E8 EB 04 40 00 EB FA E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4
08 74 04 75 02 EB 02 EB 01 81 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83
C4 08 74 04 75 02 EB 02 EB 01 81 50 E8 02 00 00 00 29 5A 58 6B C0 03 E8 02 00 00 00 29 5A 83
C4 04 58 74 04 75 02 EB 02 EB 01 81 0F 31 50 0F 31 E8 0A 00 00 00 E8 EB 0C 00 00 E8 F6 FF FF
FF E8 F2 FF FF FF 83 C4 08 2B 04 24 74 04 75 02 EB 02 EB 01 81 83 C4 04 E8 0A 00 00 00 E8 EB
0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 3D FF 0F 00 00 EB 01 68 EB 02 CD 20 EB 01 E8
76 1B EB 01 68 EB 02 CD 20 EB 01 E8 CC 66 B8 FE 00 74 04 75 02 EB 02 EB 01 81 66 E7 64 E8 0A
00 00 00 E8 EB 0C 00 00 E8 F6 FF FF FF E8 F2 FF FF FF 83 C4 08 74 04 75 02 EB 02 EB 01 81 0F
31 50 0F 31
</pattern>
</sig>
<sig id="119" flag="1">
<text>A program by Jupiter ..</text>
<pattern>
2B C0 74 05 68 xx xx xx xx 50
</pattern>
</sig>
<sig id="120" flag="1">
<text>A3E (TXT2COM)</text>
<pattern>
1E 33 C0 50 BE xx xx 81 C6 xx xx B8 xx xx 8E C0 BF xx xx B9 xx xx F3 A5 CB
</pattern>
</sig>
<sig id="121" flag="1">
<text>Aase Crypter - by santasdad</text>
<pattern>
55 8B EC 83 C4 F0 53 B8 A0 3E 00 10 E8 93 DE FF FF 68 F8 42 00 10 E8 79 DF FF FF 68 00 43 00 10 68 0C 43 00 10 E8 42 DF FF FF 50 E8 44 DF FF FF A3 98 66 00 10 83 3D 98 66 00 10 00 75 13 6A 00 68 18 43 00 10 68 1C 43 00 10 6A 00 E8 4B DF FF FF 68 2C 43 00
</pattern>
</sig>
<sig id="122" flag="1">
<text>Aase Crypter - by santasdad</text>
<pattern>
55 8B EC 83 C4 F0 53 B8 A0 3E 00 10 E8 93 DE FF FF 68 F8 42 00 10 E8 79 DF FF FF 68 00 43 00 10 68 0C 43 00 10 E8 42 DF FF FF 50 E8 44 DF FF FF A3 98 66 00 10 83 3D 98 66 00 10 00 75 13 6A 00 68 18 43 00 10 68 1C 43 00 10 6A 00 E8 4B DF FF FF 68 2C 43 00 10 68 0C 43 xx xx xx xx DF FF FF 50 E8 0E DF FF FF A3 94 66 00 10 83 3D 94 66 00 10 00 75 13 6A 00 68 18 43 00 10 68 38 43 00 10 6A 00 E8 15 DF FF FF 68 48 43 00 10 68 0C 43 00 10 E8 D6 DE FF FF 50 E8 D8 DE FF FF A3 A0 66 00 10 83 3D A0 66 00 10 00 75 13 6A 00 68 18 43 00 10 68 58 43 00 10 6A 00 E8 DF DE FF FF 68 6C 43 00 10 68 0C 43 00 10 E8 A0 DE FF FF 50 E8 A2 DE FF FF
</pattern>
</sig>
<sig id="123" flag="1">
<text>ABC Cryptor 1.0 - by ZloY</text>
<pattern>
68 FF 64 24 F0 68 58 58 58 58 90 FF D4 50 8B 40 F2 05 B0 95 F6 95 0F 85 01 81 BB FF 68 xx xx xx xx BF 00 xx xx xx B9 00 xx xx xx 80 37 xx 47 39 CF 75 F8
</pattern>
</sig>
<sig id="124" flag="1">
<text>ACE Archive</text>
<pattern>
xx xx xx xx xx xx xx 2A 2A 41 43 45 2A 2A
</pattern>
</sig>
<sig id="125" flag="1">
<text>AcidCrypt</text>
<pattern>
60 B9 xx xx xx 00 BA xx xx xx 00 BE xx xx xx 00 02 38 40 4E 75 FA 8B C2 8A 18 32 DF C0 CB
</pattern>
</sig>
<sig id="126" flag="1">
<text>AcidCrypt</text>
<pattern>
BE xx xx xx xx 02 38 40 4E 75 FA 8B C2 8A 18 32 DF C0 CB
</pattern>
</sig>
<sig id="127" flag="1">
<text>ACProtect
没有合适的资源?快使用搜索试试~ 我知道了~
PeStudio Pro 9.58
共18个文件
xml:11个
exe:2个
reg:2个
需积分: 5 0 下载量 185 浏览量
2024-05-26
19:31:43
上传
评论
收藏 1.18MB ZIP 举报
温馨提示
本帖最后由 ceciliaaii 于 2024-4-27 16:01 编辑 PEStudio简介 PEstudio 是一款功能强大的可执行文件分析工具,可用于逆向工程和恶意软件分析。它被世界各地的计算机响应小组和实验室使用来执行恶意软件的初步评估。PEstudio基于基础的解析器和一组XML配置文件构建,这些配置文件用于检测各种指标和分类项。由于正在分析的文件永远无法启动,因此您可以直接检查可执行文件(例如安全特洛伊)木马、勒索软件和RAT),而无需担心感染您的计算机。PEstudio 的一些功能包括: 查看和编辑PE文件头 查看和编辑PE文件任选头部 查看和编辑PE文件节 查看和编辑PE文件节内容 反编译PE文件代码 识别已知的 API 调用和数据结构 搜索字符串和字节模式 将PE文件导出为各种格式 PEstudio的常见用途包括: 分析恶意软件 逆向工程实际文件 调试执行文件 创建自定义PE文件资源程序 研究PE文件格式 PEstudio的优点: 功能强大且使用方便 支持广泛的PE文件格式 定期更新新功能和签名 拥有活跃的社区和大量支持资源
资源推荐
资源详情
资源评论
收起资源包目录
pestudio-pro_9.58.zip (18个子文件)
pestudio-pro_9.57
changes.log 19KB
peparser.dll 1.51MB
pestudio.lic 2KB
pestudio.exe 891KB
RemoveFromShell.reg 112B
xml
rich.xml 35KB
mitre.xml 23KB
thresholds.xml 3KB
languages.xml 17KB
settings.xml 9KB
functions.xml 430KB
translations.xml 44KB
strings.xml 63KB
signatures.xml 1.01MB
indicators.xml 17KB
namespaces.xml 6KB
pestudiox.exe 79KB
AddToShell.reg 478B
共 18 条
- 1
资源评论
mahuan168888
- 粉丝: 44
- 资源: 8
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功