You are browsing the archive for Software Releases.

Updated 3R (RegRipper Ripper)

November 4, 2018 in 3R, Forensic Analysis, Software Releases

It’s been 2 years since I last updated the 3R so I decided to download the latest regripper repo (https://github.com/keydet89/RegRipper2.8) and re-run my tool on it.

I had to do quick fix to handle the slack.pl script, but other than that, it’s the same old 3r.pl script generating the very same content as before, except it now covers all the new plugins Harlan added over last 2 years – if I am not wrong, there are over 40 new scripts. Kudos to Harlan for maintaining the repo for so many years.

So, there you have it, the Regripper is still here and kicking; if you ever need to write a new plug-in feel free to leverage the free online tool 3RPG, or, just learn perl πŸ™‚

DeXRAY 2.14 update

May 20, 2018 in Batch Analysis, DeXRAY, Software Releases

Corey Forman (fetchered) reached out to me about the lack of Microsoft Antimalware / Microsoft Security Essentials support in dexray. While I knew the encryption for these seemed to be trivial and was documented before (it isΒ  a simple xor 0xFF) he actually confirmed that, and provided results of his research and support in testing the algorithm. As you might have guessed, this resulted in yet another update to dexray.

Thanks Corey !

So… with all the changes implemented you can find the latest version of DeXRAY here.

The full list of supported or recognized file formats is listed below:

  • AhnLab (V3B)
  • ASquared (EQF)
  • Avast (Magic@0=’-chest- ‘)
  • Avira (QUA)
  • Baidu (QV)
  • BitDefender (BDQ)
  • BullGuard (Q)
  • CMC Antivirus (CMC)
  • Comodo <GUID> (not really; Quarantined files are not encrypted πŸ™‚
  • ESafe (VIR)
  • ESET (NQF)
  • F-Prot (TMP) (Magic@0=’KSS’)
  • Kaspersky (KLQ, System Watcher’s <md5>.bin)
  • Lavasoft AdAware (BDQ) /BitDefender files really/
  • Lumension LEMSS (lqf)
  • MalwareBytes Data files (DATA) – 2 versions
  • MalwareBytes Quarantine files (QUAR) – 2 versions
  • McAfee Quarantine files (BUP) /full support for OLE format/
  • Microsoft Antimalware / Microsoft Security Essentials
  • Microsoft Forefront|Defender (Magic@0=0B AD|D3 45) – D3 45 C5 99 header handled
  • Panda <GUID> Zip files
  • Sentinel One (MAL)
  • Spybot – Search & Destroy 2 ‘recovery’
  • SUPERAntiSpyware (SDB)
  • Symantec ccSubSdk files: {GUID} files and submissions.idx
  • Symantec Quarantine Data files (QBD)
  • Symantec Quarantine files (VBN), including from SEP on Linux
  • Symantec Quarantine Index files (QBI)
  • Symantec Quarantine files on MAC (quarantine.qtn)
  • TrendMicro (Magic@0=A9 AC BD A7 which is a ‘VSBX’ string ^ 0xFF)
  • QuickHeal <hash> files
  • Vipre (<GUID>_ENC2)
  • Zemana <hash> files+quarantine.db
  • Any binary file (using X-RAY scanning)