Version 8.20. Extended blacklist of API
. Extended the detection of Smartcard usage
Version 8.19. Extended blacklist of API
. Detect Mouse and Keyboard Events programmatic synthesis
Version 8.18. Extended detection of files embedded in Resources and Overlay
Version 8.17. Added support for detection of Undocumented API (PeStudioFunctionsUndocumented.xml)
Version 8.16. Fixed a bug when invoking PeStudio.exe from the prompt with a file
Version 8.15. Extended Features detection
. Extended Blacklisted functions detection
. Extended detection of Overlay for InnoSetup
. Show shrinked DOS-Header
. Extended detection of Overlay
. Added PeStudioWhiteListLibraries.xml
. Show Overlay Signature
. Blacklist Well-Known SID
. Fixed a bug when Dumping a resource
. Images in Windows directories are considered as trusted
. Extended Features detection
. Extended Blacklisting
Version 8.10. Blacklist DNS and IP APIs
. Added detection of Microsoft Detour
. Added detection of Hooking
. Added detection of AutoIt
. Allow RAW-dumping using the context menu of any resource
. Extended Features detection
. Added Detection of Resources reuse
. Extended Features detection
. Extended Blacklisting
. Show default Icon of the Image being analysed (which often helps as first suspicious indicator)
Version 8.05. Extended Features detection
. Extended Blacklisting
. Extended detection of embedded IP Addresses
. Added Feature detection of Regular Expressions (Regex)
. Added Feature detection of Service Control Manager (SCM)
. Added "Anomalies" Indicators.
. Added detection of fake Microsoft executables
. Extended "Features"
. Added PeStudioFeatures.xml
. Added "Features" as part of the "Indicators". Features translates the APIs, and other data into "Features" of the executable
being analysed (e.g. The API "FindFirstUrlCacheEntry()" is translated as "The image accesses the IE Protected Storage" Feature).
. Extended PeStudioOrdinals.xml for LDAP by ordinals
. Added a Threshold for size of Custom Resources
. Extended PeStudioThresholds.xml
Version 8.00. Fixed a crash when disabling VirusTotal query
. Show the Signature of the files Embedded in the Custom Resources
. Added Min/Max Threshold checks on HTML Resource size and Extended PeStudioThresholds.xml
. Extended PeStudioIndicators.xml
. Extended PeStudioOrdinals.xml
. Extended PeStudioBlackListFunctions.xml
. Extended PeStudioBlackListLibraries.xml
. Correct an issue when showing the Resources friendly names at the GUI
. Extended PeStudioThresholds.xml to detect the Min/Max size of Manifest
. New classification of Strings
. Extended detection (and Indicator) of File Version Information suspicious fields
. Extended PeStudioOrdinals.xml
. Corrected Ordinals mapping for 64 bit images
. Better visualization of Relocations entries
. Added Detection of Blacklisted Function of Delayed-loaded Libraries
. Added Support for Strings Tables
. Added Detection of Self-Registering DLLs
. Added PeStudioEvasions.xml to support the detection of attempts Evasions (Antidebugging)
. Added (part of) exported MFC42 ordinals to PeStudioOrdinals.xml
. Map Version Translation Information to user friendly string
. Show Version Translation Information Blacklisted Languages
. Extended PeStudioOrdinals.xml to Resolve SNMP functions imported by Ordinals back to their original names
. Added Dumping of Overlay
. Extended malicious usage of Resource Icons
. Added new Indicator for suspicious Resource Icons
. Added Support for Sections -> Context Menu -> Dump
. Added Support for Dumping ICO as RAW and ICO.file format
. Extended detection of suspicious debugger fields (invalid content - e.g.: flame)
. Added PeStudioFunctionsMapping.XML to map Function Names (e.g. SystemFunction036 to RtlGenRandom )
. Added detection of GINA
. Extended Directories Validation
. Added Valid, Missing, Empty fields for Directories
. Extended PeStudioBlackListLibraries.xml
. Extended PeStudioIndicators.xml
. Extended validation of Debug fields
. Extended PeStudioIndicators.xml
. Added Context Menu at the image level
. Added Certificates validity handling
. Added Indicator Id in the output XML report
. Created PeStudioBlackListLibraries.xml for the Detection of blacklisted Libraries
. Added a new Indicator in PeStudioIndicators.xml
. Fixed a bug when handling empty Relocation Table
. Created PeStudioPrompt.exe, a stand-alone version of PeStudio running exclusively at the prompt
. Fixed a problem when disabling the Lookup to VT
. Added detection of Debug File without PDB extension
. Added detection of Debug File name different than the image name
. Changed Sections UI
. Changed VirusTotal UI
. Added Query MSDN context menu for Exported Functions
. Show Gaps in Exported Functions Table
. Extended PeStudioTranslations.xml
. Extended PeStudioIndicators.xml
. Show more details of VirusTotal
. Added detection of PeCompact compressor
. Fixed a bug with Ctrl+T
. Extended PeStudioThresholds.xml (which enables your to define your own thresholds)
. Extended PeStudioTranslations.xml (which enables you to change the text at the UI)
. Extended PeStudioSettings.XML (which enables you to change the behaviour of PeStudio)
. Added R/W support UI <--> PeStudioSettings.XML
. Extended PeStudioBlackListFunctions.xml
. Fixed an Issue when closing all files
. Added detection of missing Trust Information inside Manifest
. Extended PeStudioIndicators.xml
. Extended PeStudioTranslations.xml
. Added a switch (see PeStudioBlackListStrings.xml) for case-sensitiveness when scanning the black strings
. Added a switch (see PeStudioBlackListStrings.xml) for substrings when scanning the black strings
. Added Support for Windows File Redirection
. Added DOS Stub at the UI
. Added new Indicator related to the (suspicious) size of the DOS Stub
. Added PeStudioThresholds.xml that contains the Min, Max values used as thresholds
. Fixed enabling/disabling Virustotal lookup switch
. Enable to open ANY image (to show the results with VirusTotal)
Version 7.50. Added Dump of Indicators
. Added Dump of Manifest
. Added Context menu for Certificates
. Added Dump of Certificates
. Raw discovery of fundamental characteristics of the Certificate(s) embedded in the Image
. Handle non-printable characters in XML report
. Added more Indicators specific to the location of the Entry Point
. Added more details (offset and size) for each file Cave detected
. Show the name of the section BaseOfCode is located in
. Fixed reporting of the Libraries in the XML report
. Simplified Indicators XML file
. Added Indicators specific for First and Last Sections
. Take virtual Section into account when pointing the overlay
. Fixed detection of MPRESS under 64bit
. Added detection and Indicator of suspicious Certificate size
. Added detection and Indicator of suspicious Certificate content (e.g. padding)
. Added MD5 computation for Resources
. Added MD5 computation for Sections
. Extended Severity levels with "positive" (green) indicators
. Added collection of Unicode Strings
. Detect (direct) usage of Native API
. Detection of Embedded Executable in malformed Images
. Detect Images statically linked to the C-Runtime and show this as Indicator
. Added Detection of Device Drivers and handle Indicators accordingly
. Extended detection of Custom Embedded files in standard Resources
. Removed many strings from Parser and put these in a new PeStudioTranslations.XML file
. Corrected NB10 debug detection
. Show Section:Offset for Resources
. Extended Types and location of embedded Executable
. More validity checks on Exports
. More detection of Masqueraded UPX
»» Нажмите, для закрытия спойлера | Press to close the spoiler «« Размер: 639,68 КБ.