You are browsing the archive for Software Releases.

Updated appid_calc.pl & dexray.pl

November 26, 2020 in appid_calc.pl, DeXRAY, Software Releases

Stuart pinged me about an issue with appid_calc.pl, so I updated the tool to fix the bug.

You can download appid_calc from here.

And Brian did another run over dexray – this time adding support for linux quarantine files using a new offset value.

You can download dexray from here.

DeXRAY 2.25 update

November 17, 2020 in DeXRAY, Software Releases

I recently learned there is a lot of new (to me) AV companies that I never heard of. As such, it became an opportunity to update DeXRAY with additional decryption routines.

Such is the case with Total AV that I just added to the list. After I installed the product the actual analysis took literally 15 seconds after I realized the quarantine file is just a ZIP file encrypted with a password ‘infected’. Oh well, adding features sometimes is easy.

The latest version of DeXRAY can be downloaded here.

DeXRAY supports:

  • AhnLab (V3B)
  • Amiti (IFC)
  • ASquared (EQF)
  • Avast (Magic@0=’-chest- ‘)
  • Avira (QUA)
  • Baidu (QV)
  • BitDefender (BDQ)
  • BullGuard (Q)
  • Cisco AMP
  • CMC Antivirus (CMC)
  • Comodo (not really; Quarantined files are not encrypted 🙂
  • ESafe (VIR)
  • ESET (NQF)
  • F-Prot (TMP) (Magic@0=’KSS’)
  • G-Data (Q) (Magic@0=0xCAFEBABE)
  • K7 Antivirus (<md5>.QNT)
  • Kaspersky (KLQ, System Watcher’s .bin)
  • Lavasoft AdAware (BDQ) /BitDefender files really/
  • Lumension LEMSS (lqf)
  • MalwareBytes Data files (DATA) – 2 versions
  • MalwareBytes Quarantine files (QUAR) – 2 versions
  • McAfee Quarantine files (BUP) /full support for OLE format/
  • Microsoft Antimalware / Microsoft Security Essentials
  • Microsoft Defender (Magic@0=0B AD|D3 45) – D3 45 C5 99 metadata + 0B AD malicious content
  • Panda Zip files
  • Sentinel One (MAL)
  • Spybot – Search & Destroy 2 ‘recovery’
  • SUPERAntiSpyware (SDB)
  • Symantec ccSubSdk files: {GUID} files and submissions.idx
  • Symantec Quarantine Data files (QBD)
  • Symantec Quarantine files (VBN), including from SEP on Linux
  • Symantec Quarantine Index files (QBI)
  • Symantec Quarantine files on MAC (quarantine.qtn)
  • Total AV ({GUID}.dat) ‘infected’
  • TrendMicro (Magic@0=A9 AC BD A7 which is a ‘VSBX’ string ^ 0xFF)
  • QuickHeal files
  • Vipre (_ENC2)
  • Zemana files+quarantine.db
  • Any binary file (using X-RAY scanning)