Exeinfo Pe ver.0.0.6.3 Test (available only from author's VIP section) - Identify Packers/Obfuscators/and much more. (Exeinfo + DiE=EZ)

[dfnctsc]

IF YOU FIND THIS TOOL USEFUL, PLEASE SHOW SOME LOVE TO THE ORIGINAL AUTHOR ASL

Official Website: hXXp://www.exeinfo.byethost18.com/?i=1

 

fixed Button [<] back oep if value bigger then 0 ( if config fast scan = off )
added to section Pre-Scan :
MS C++ version , Embarcadero , Delphi , Codegear ver. string , Go build Compiler ID/inf , Go Packed section .zlb data ,
GCC:GNU libgc(*) runtime library , Cygwin runtime library , CNU C Compiler version Section
Go build Compiler ID/inf section , Packed section .zlb data section,
[ .QT METADATA Section ] , [ Armadillo 32/64 v5-9 zlib/* ] , [*Armadillo v6-9 zlib ] ,
[ TAGGANT data section - Packer Software with Crypto secure sign SHA256 ]
[ Import like Themida/Winlicense section ]
[ Themida & WinLicense DATA section ][* .NET RESources ] , * RSA sign ] ,
png/jpg/Gif pictures ,
[ SHA1 crypto ] , [ MFC C++ API ]
Str.Version info - Resources
[ Zlib v1.x.x ] max 1.2.8
[ Borland Delphi/C++ Runtime ]
Export data
exe , cab , cab xor FF , zip , msi , rar , 7z , [ LZMA Archive 23 def ]
Delphi TPForm

Includes:
1085 / 99 signatures
userdb.txt : 4432 signatures
 
If you have a custom or private userdb.txt you can replace it, or diff it with the one provided and add on to your own if it has any you are missing.
  
Please like if you will be using this VIP section only release, or if you're feeling nice, share your userdb.txt with me if you have private/custom sigs.
 
Enjoy!

 

Hidden Content
You'll be able to see the hidden content once you reply to this topic or

Please Login or Register to see this Hidden Content

.

 

 

VirusTotal Results:

Please Login or Register to see this Hidden Content

[dfnctsc]

Just curious, no one has found any use for this? I always use at least two programs to get an idea what packer/ofbuscater/etc a program is using and what it is written in - no sense in diving in with a debugger if you know what you're dealing with beforehand. This is one of them and is not available to the general public on the authors website.

 

I particularly like this tool because it has a ripper function to rip any PE's/files it finds embedded in the program, or even the graphics/images used can be ripped (though I use the former).

 

This is also useful for skids because you can compare results to DiE or whatever you use already, this use alone has helped me countless times identify a modified version of a open source obuscator/packer.

 

And for the skids, if you're reversing something and don't have much skill, you may get lucky and find its obfuscated/packed with a tool thats been posted in this forum can automagically put into its original state before obuscating/packing.

 

 

Just thought I'd elaborate on why this tool should be in your arsenal.

[Depression]

good work! thank you for this

[wigword]

 

IF YOU FIND THIS TOOL USEFUL, PLEASE SHOW SOME LOVE

 

 

Includes:
1085 / 99 signatures
userdb.txt : 4432 signatures
 
If you have a custom or private userdb.txt you can replace it, or diff it with the one provided and add on to your own if it has any you are missing.
  
Please like if you will be using this VIP section only release, or if you're feeling nice, share your userdb.txt with me if you have private/custom sigs.
 
Enjoy!

 

 

 

 

VirusTotal Results:

Please Login or Register to see this Hidden Content

 

 

Damn, well this is pretty nice

[dfnctsc]

good work! thank you for this

 

No problem. I have access to all the beta and pre-releases that often include new signatures that you wont find in Detect it Easy. Though eventually DIE updates and takes Exeinfo signatures and vice versa. I find it best to use both when initially looking at at something to crack.

 

Lots of people here are interested in trying to crack vmprotect 3+ which is a futile effort for all but a few on this board, and I doubt they're active and if they are they would not share their techniques. However, lots of skids write in .net and try and protect with vmprotect. VMP is a fairly complicated and powerful packer/visualizer and you can often find plaintext strings within the code if it was not configured properly. Furthermore if you run poorly configured vmp3+ programs viewing your memory will often lead to way to crack the software.

 

Only in the hands of someone that knows how to properly configure vmp3+ for their software will be safe, so long as their software doesn't catch the eye of someone with skill.

 

I started reversing when Olly .net reflector were the tools of choice. I'm trying to catch up but so much has changed!

 

Also fuck x64dbg, the creator is a snitch.

[kommaroo]

Wow thank you

[dlkjfdskssdkf]

thanks for thei one

[scherzo]

Hmm, very good

nice, gracias

[ErrX]

Nice share will greatly help reversing things

[gent0o0]

Thanks so much!!