开发工具:
文件大小: 1mb
下载次数: 0
上传时间: 2014-04-27
详细说明: Sucop virus analysis tool(File Format Identifier) v1.4 unnoo-dswlab products It is an auxiliary tool for virus analysis, which includes various file format recognition engine code, sniffing packers, unpacking by virtual machine, editing PE file, rebuilding PE file, obtaining the import table(using virtual machine to decode the encode import table), dumpping memory, processesing the overlay, PE address conversion, supporting PEid plugins, computing MD5 and efficient use of third-party tools, and so on. It is also used for disposing the Trojan virus samples during virus analysis. This software is free; you can download, install, copy and distribute it noncommercially; For commercial sale, copy and distribute, you should get the warranty and permission of DSWLAB before(for example, if the anti-virus company want to use it to analyses the Trojan horse in batches, he must get mandate and permission of DSWLAB before). v1.4 new features: ★add obtaining the import table function, for some encode import table, you can decode it by the virutal machine. (See section 9 following), welcome the contact us if you have more suggestions ★show more useful descriptions for the invalid pe file, thanks to Pedro Lopez for proposing it ★new skin to make more beautiful, you can switch skin style after hitting option button, thanks to fly(unpack.cn) for proposing it ★add the external signatures library which collected by fly(unpack.cn), thanks for the authorization ★correct several bugs v1.3 new features: ★add a task view which supports three functions: a.terminate the process b.corrent the image size of the module c.dump the memory with three mode(Dump Full、Dump Partial and Dump Region) v1.2 new features: ★support PEid plugins ★add a feature for rebuilding PE v1.1 new features: ★add VMUnpacker unpack engine for unpacking, the unpacking capacity is equal VMUnpacker v1.4 ★add some external signatures from the internet ★add a feature for deleting overlay and saving overlay ★add PE Address Conversion(RAV<->RAW) First, Sniff Packers Supporting file drag, directory drag, you can also install shell extensions to recognize file and directory. In order to recognize more packers, you can use the external signatures library (must named userdb.txt, the library format is as same as the PEid's external signatures library). Note: A '*' will appear if this packers was sniffed by the external signatures. Second, Unpack ...展开收缩
(系统自动生成,下载前可以参看下载内容)
下载文件列表
相关说明
- 本站资源为会员上传分享交流与学习,如有侵犯您的权益,请联系我们删除.
- 本站是交换下载平台,提供交流渠道,下载内容来自于网络,除下载问题外,其它问题请自行百度。
- 本站已设置防盗链,请勿用迅雷、QQ旋风等多线程下载软件下载资源,下载后用WinRAR最新版进行解压.
- 如果您发现内容无法下载,请稍后再次尝试;或者到消费记录里找到下载记录反馈给我们.
- 下载后发现下载的内容跟说明不相乎,请到消费记录里找到下载记录反馈给我们,经确认后退回积分.
- 如下载前有疑问,可以通过点击"提供者"的名字,查看对方的联系方式,联系对方咨询.
