HexDive 0.3

July 5, 2012 in HexDive, Malware Analysis, Software Releases

New version comes with lots of fixes and updates.

New stuff includes:

  • lots of new malware-specific APIs (I manually walked through thousands of them so over 1600+ APIs commonly used by malware is now being picked up)
  • banking URLs (all stuff from web injects from Zeus/SpyEye etc.)
  • domain names commonly changed via hosts file (anti-* routine to block security software, etc.)
  • minor fixes to existing strings (simple mistakes I spotted)
  • large files are now supported; it has been implemented since the beginning, but I have not tested it yet; if you come across issues, please let me know
  • extra option to avoid showing copyright banner (same as in SysInternals tools /q or -q)
  • better options handling (a’la Linux) so you can now specify -qfa instead of -q -f -a

What’s coming: Currently toying around with porting the code to yasm so elf32 version precompiled for Linux Ubuntu may appear soon 🙂

You can download current version of HexDive here.

If your .exe download is blocked, you can try a zip file.


If you find HexDive is missing strings, please let me know and I will add them. At some stage I plan to release all of the strings for free, but before I do it I want to ensure they are at least classified to some extent. Yes, I will do the dirty job 🙂 just let me know what is missing. If you have some features you would like to see, please let me know as well. And if you find any bugs, please also let me know.

Thanks for trying and don’t forget to check our other tools!

Comments are closed.