You are browsing the archive for DeXRAY.

DeXRAY 2.21 update

September 18, 2020 in DeXRAY, Software Releases

Thanks to @r0ns3n added support for Cisco AMP Quarantine files and also improved how the X-Ray algorithm is handling files.

The latest version of DeXRAY can be downloaded here.

Thank you @r0ns3n!

At this stage, DeXRAY supports:

  • AhnLab (V3B)
  • ASquared (EQF)
  • Avast (Magic@0=’-chest- ‘)
  • Avira (QUA)
  • Baidu (QV)
  • BitDefender (BDQ)
  • BullGuard (Q)
  • Cisco AMP
  • CMC Antivirus (CMC)
  • Comodo (not really; Quarantined files are not encrypted 🙂
  • ESafe (VIR)
  • ESET (NQF)
  • F-Prot (TMP) (Magic@0=’KSS’)
  • Kaspersky (KLQ, System Watcher’s .bin)
  • Lavasoft AdAware (BDQ) /BitDefender files really/
  • Lumension LEMSS (lqf)
  • MalwareBytes Data files (DATA) – 2 versions
  • MalwareBytes Quarantine files (QUAR) – 2 versions
  • McAfee Quarantine files (BUP) /full support for OLE format/
  • Microsoft Antimalware / Microsoft Security Essentials
  • Microsoft Defender (Magic@0=0B AD|D3 45) – D3 45 C5 99 metadata + 0B AD malicious content
  • Panda Zip files
  • Sentinel One (MAL)
  • Spybot – Search & Destroy 2 ‘recovery’
  • SUPERAntiSpyware (SDB)
  • Symantec ccSubSdk files: {GUID} files and submissions.idx
  • Symantec Quarantine Data files (QBD)
  • Symantec Quarantine files (VBN), including from SEP on Linux
  • Symantec Quarantine Index files (QBI)
  • Symantec Quarantine files on MAC (quarantine.qtn)
  • TrendMicro (Magic@0=A9 AC BD A7 which is a ‘VSBX’ string ^ 0xFF)
  • QuickHeal files
  • Vipre (_ENC2)
  • Zemana files+quarantine.db
  • Any binary file (using X-RAY scanning)

DeXRAY 2.20 update

September 16, 2020 in DeXRAY, Software Releases

A massive update to VBN processing thanks to Brian who became de facto Symantec Quarantine files SME. His new code helps to handle even the most obscure VBN samples in our collections so it’s a win-win for DFIR. Thank you Brian!

The latest version of DeXRAY can be downloaded here.