X

Adlice PEViewer (RogueKillerPE) 3.2.0.0 Multilingual

One of the oldest specialized Arab scientific forums for more than seventeen years

 
  • Filter
  • Time
  • Show
Clear All
new posts
  • Saadedin
    Thread Author
    Administrator
    • Sep 2018 
    • 36005 
    • 18,822 
    • 2,852 

    Adlice PEViewer (RogueKillerPE) 3.2.0.0 Multilingual

    Adlice PEViewer هو برنامج يستخدمه العديد من الباحثين في شركات مكافحة الفيروسات أو CERT في جميع أنحاء العالم من أجل إجراء تحليل ثابت للبرامج الضارة.
    تحاول البرامج الضارة أحيانًا إخفاء أهدافها لتجنب الكشف والتحليل الثابت. من خلال القيام بذلك ، يتركون المؤشرات والبيانات الوصفية والتعديلات المشبوهة وراءهم.

    يبحث Adlice PEViewer في هذه الأعمال الفنية ويسردها لمساعدة الباحثين على اتخاذ قرار بشأن ملف مشبوه. يستخدم البرنامج محلل PE قوي وكذلك محرك التحليل والكشف عن الاستدلال لبناء هذه المؤشرات.

    تعتمد PEViewer أيضًا على ماسحات ضوئية تابعة لجهات خارجية مثل VirusTotal التي تعرض النتائج عليها وعلى الذكاء الاصطناعي الداخلي (MalPE). كل هذا معًا يسمح للأداة ببناء درجات خطيرة ........



    Adlice PEViewer is a software used by many researchers at Antivirus companies or CERT worldwide in order to perform malware static analysis.
    Malicious software sometimes try to hide their goals to evade detection and static analysis. By doing so, they leave indicators, metadatas and suspicious modifications behind.

    Adlice PEViewer searches and lists these artifacts to help researchers making up their mind on a suspicious file. The software uses robust PE parser as well as analysis engine and heuristics detections to build these indicators.

    PEViewer also relies on 3rd party scanners like VirusTotal for which it displays the results, and on an in-house Artificial Intelligence (MalPE). All of this together allows the tool to build severity scores........

    Features :

    Open PE from file, and read disk image.
    Open PE from process, and read memory or disk image.
    Open file from command line.
    Drag and drop support.
    Explorer context menu integration.
    Process general information (pid, parent, ...)
    File general information (attributes, size, ...)
    Process module general information (address, size, ...)
    Many different hashes (MD5, SHA1, SHA256, IMPHASH, ...)
    Process memory pages, with ability to dump.
    Injected pages detection, non-readable pages detection.
    Ability to dump injected pages to file.
    Hex code, with ability to search (hex values, or string ANSI/UNICODE).
    Assembly code, with ability to navigate.
    PE Headers (MZ, PE, Optional, ...)
    RunPE detection, shows which header fields are modified.
    Checksum validation.
    PE Sections, with ability to watch hex code and dump to file.
    PE Debug, with ability to watch hex code and dump to file.
    PE Imports, with ability to watch APIs assembly code (memory only).
    PE Exports, with ability to watch APIs assembly code.
    Hooks detection in imports/exports (table and inline hooks).
    PE Resources. Able to parse all well known types and display them accordingly (strings, version information, icons, ...)
    Ability to scan resources, sections, debug on VirusTotal.
    Executable files detection in resources.
    Ability to watch hex code of resources.
    Ability to dump resources to file.
    PDB path detection.
    Strings scanner, with classification (Registry, files, ...)
    Ability to dump all strings (by category or not) to file.
    Bin2Img (binary to image).
    Digital Signature parsing (embedded only).
    Bright or dark theme.
    Samples Comparator (Premium).
    Sample Scoring.
    Maliciousness Indicators.
    VirusTotal full information.

    56.8MB
    http://s15.alxa.net/001/05/Adlice.P...ltilingual.rar
  • أبو حكمت
    Free Membership
    • Sep 2018 
    • 2353 
    • 3,324 
    • 8,527 

    #2
    جزاك الله كل خير أخي الغالي

    Comment
    • abo salma
      Free Membership
      • Nov 2018 
      • 68 
      • 24 

      #3
      كل الشكر لك أخى
      Comment
      Working...
      X