HexDive 0.2

June 21, 2012 in HexDive, Malware Analysis

I just released a new version of HexDive. Added really lots of new strings so it should be picking up more juice from malicious samples 🙂

New strings include:

  • pcap (winpcap related strings)
  • libraries
  • mime types
  • charset encodings
  • formatted strings patterns
  • OS file names
  • protocols
  • IPs
  • User agents
  • information-stealing related keywords
  • and more

Note, at this stage HexDive doesn’t search for any regexes (e.g. URLs/emails/etc ), but it is in the making, so stay tuned.

You can download it here.

If your .exe download is blocked, you can try a zip file.

Note1:

If you find HexDive is missing strings, please let me know and I will add them. At some stage I plan to release all of the strings ofr free, but before I do it I want to ensure they are at least classified to some extent. Yes, I will do the dirty job 🙂 just let me know what is missing. Thanks!

Note2:

hdive can be ran on static samples (unpacked) and process memory dumps as well; for the benchmark purposes – an example when it is ran on a 27MB file which is a process memory dump of a simple trojan takes 12-13 seconds.

TimeThis :  Command Line :  hdive malware.DMP
TimeThis :    Start Time :  Fri Jun 22 20:24:02 2012

TimeThis :  Command Line :  hdive malware.DMP
TimeThis :    Start Time :  Fri Jun 22 20:24:02 2012
TimeThis :      End Time :  Fri Jun 22 20:24:15 2012
TimeThis :  Elapsed Time :  00:00:12.683

Share this :)

Comments are closed.