It’s been a while since I updated HexDive, so I took some time today to fix a few things + add new keywords.<\/p>\n
So, what’s new?<\/p>\n
Mainly lots of new keyword sets. Some are just a tip of an iceberg and I will be extending these as I go through a malware collection in the future, but even at this stage these should certainly help in picking up some new interesting stuff, including but not limited to:<\/p>\n
You can download current version of HexDive here<\/a>. If your .exe download is blocked, you can try a zip file<\/a>.<\/p>\n p.s.<\/p>\n I still don’t pay too much attention to a Linux version – this is lower priority than a different feature I am currently working on (stay tuned).<\/p>\n <\/p>\n Bonus update:<\/strong><\/p>\n hdive ran over two gauss samples<\/p>\n Various classes of interesting strings are highlighted:<\/p>\n 08D7DDB11E16B86544E0C3E677A60E10_100-dskapi.ocx<\/strong><\/p>\n CorExitProcess 5604A86CE596A239DD5B232AE32E02C6_smdk.ocx<\/strong><\/p>\n CorExitProcess It’s been a while since I updated HexDive, so I took some time today to fix a few things + add new keywords. So, what’s new? Mainly lots of new keyword sets. Some are just a tip of an iceberg … Continue reading \n
\nmscoree.dll<\/span>
\nnull
\nnull
\nsupport
\nopen
\nsupport
\nsupport
\nkernel32.dll<\/span>
\nlocal
\nlocal
\nlocal
\ndefault
\nlocal
\ndddd, MMMM dd, yyyy<\/span>
\nGetLastActivePopup
\nGetActiveWindow
\nMessageBoxA
\nUSER32.DLL<\/span>
\nSunMonTueWedThuFriSat
\nurlmon.dll<\/span>
\nSeTakeOwnershipPrivilege<\/span>
\ninflate<\/span>
\n deflate<\/span>
\nabcd
\nABCD
\nabcd
\nSeRestorePrivilege<\/span>
\n SeTakeOwnershipPrivilege<\/span>
\n SeRestorePrivilege<\/span>
\nLoadLibraryW
\nkernel32.dll<\/span>
\nGetCommandLineW
\nSleep
\nkernel32.dll
\nFreeLibrary
\nkernel32.dll
\nVirtualFree
\nkernel32.dll
\nExitThread
\nkernel32.dll
\nDeleteFileA
\nkernel32.dll
\nMoveFileExA
\nkernel32.dll
\nntdll.dll
\nSeRestorePrivilege<\/span>
\n SeBackupPrivilege<\/span>
\nRegCreateKeyExW<\/span>
\n RegSaveKeyW<\/span>
\n RegRestoreKeyW<\/span>
\n RegOpenKeyExW<\/span>
\n RegFlushKey<\/span>
\n RegCloseKey<\/span>
\n RegSetValueExW<\/span>
\n RegDeleteValueW<\/span>
\n RegQueryValueExW<\/span>
\nObtainUserAgentString<\/span>
\n HttpSendRequestW<\/span>
\n InternetQueryOptionW<\/span>
\n InternetSetOptionW<\/span>
\n InternetCloseHandle<\/span>
\n InternetQueryDataAvailable<\/span>
\n HttpAddRequestHeadersW<\/span>
\n InternetReadFile<\/span>
\n HttpQueryInfoW<\/span>
\n InternetOpenW<\/span>
\n InternetConnectW<\/span>
\n HttpOpenRequestW<\/span>
\n OpenProcessToken<\/span>
\n ImpersonateLoggedOnUser<\/span>
\nAdjustTokenPrivileges
\nLookupPrivilegeValueW
\nRegDeleteKeyW<\/span>
\nSetEntriesInAclW
\nFreeSid
\nMoveFileExW
\nCloseHandle
\nDeleteFileW
\nCreateMutexW
\nSleep
\nGetCurrentProcessId
\nVirtualAlloc
\nLoadLibraryW
\nCreateThread
\nGetModuleFileNameW
\nVirtualFree
\nGetCurrentProcess
\nGetModuleHandleA
\nOpenProcess
\nGetLastError
\nGetFileSize
\nReadFile
\nCreateFileW
\nGetPrivateProfileStringW
\nFreeLibrary
\nGetProcAddress
\nGetSystemTime
\nDuplicateHandle
\nMultiByteToWideChar
\nLoadResource
\nSizeofResource
\nLockResource
\nGetVersionExW
\nCreateToolhelp32Snapshot
\nGetFileAttributesW
\nGetModuleHandleW
\nSetFileTime
\nWriteFile
\nProcess32FirstW<\/span>
\n ReadProcessMemory<\/span>
\n Process32NextW<\/span>
\n WriteProcessMemory<\/span>
\n VirtualAllocEx<\/span>
\n CreateRemoteThread<\/span>
\nVirtualFreeEx<\/span>
\nLocalFree
\nLocalAlloc
\nLoadLibraryA
\nTerminateProcess
\nSetUnhandledExceptionFilter
\nIsDebuggerPresent
\nGetCurrentThreadId
\nGetCommandLineA
\nHeapFree
\nGetVersionExA
\nHeapAlloc
\nExitProcess
\nGetFileType
\nGetStartupInfoA
\nDeleteCriticalSection
\nGetModuleFileNameA
\nFreeEnvironmentStringsA
\nGetEnvironmentStrings
\nFreeEnvironmentStringsW
\nWideCharToMultiByte
\nGetEnvironmentStringsW
\nHeapDestroy
\nHeapCreate
\nQueryPerformanceCounter
\nGetTickCount
\nGetSystemTimeAsFileTime
\nGetCPInfo
\nGetACP
\nLeaveCriticalSection
\nEnterCriticalSection
\nInitializeCriticalSection
\nSetFilePointer
\nGetStringTypeA
\nGetStringTypeW
\nGetLocaleInfoA
\nWriteConsoleA
\nWriteConsoleW
\nCreateFileA
\nFlushFileBuffers
\nGetSystemMetrics<\/p>\n
\nmscoree.dll<\/span>
\nnull
\nnull
\nsupport
\nopen
\nsupport
\nsupport
\nlocal
\nlocal
\nlocal
\ndefault
\nlocal
\nkernel32.dll<\/span>
\ndddd, MMMM dd, yyyy
\nengland
\nchinese
\nchinese
\nchinese
\nchinese
\nGetProcessWindowStation
\nGetLastActivePopup
\nGetActiveWindow
\nMessageBoxA
\nUSER32.DLL<\/span>
\nSunMonTueWedThuFriSat
\ndeflate<\/span>
\nJean-loup Gailly<\/span>
\n Mark Adler<\/span>
\ntrue
\nRegOpenKeyW
\nRegCloseKey
\nRegQueryValueExW
\nRegOpenKeyExW
\nTerminateThread
\nCreateThread
\nProcess32NextW
\nCreateToolhelp32Snapshot
\nGetLastError
\nProcess32FirstW
\nDuplicateHandle
\nGetCurrentProcess
\nSetEvent
\nGetLogicalDriveStringsW
\nGetSystemTime
\nDeviceIoControl
\nCreateFileW
\nGetDriveTypeW
\nFindClose
\nFindFirstFileW
\nFindNextFileW
\nLocalAlloc
\nGetProcAddress
\nFreeLibrary
\nLoadLibraryA
\nTerminateProcess
\nSetUnhandledExceptionFilter
\nIsDebuggerPresent
\nGetCurrentThreadId
\nGetCommandLineA
\nHeapFree
\nGetVersionExA
\nHeapAlloc
\nGetModuleHandleA
\nSleep
\nExitProcess
\nGetFileType
\nGetStartupInfoA
\nDeleteCriticalSection
\nGetModuleFileNameA
\nFreeEnvironmentStringsA
\nGetEnvironmentStrings
\nFreeEnvironmentStringsW
\nWideCharToMultiByte
\nGetEnvironmentStringsW
\nHeapDestroy
\nHeapCreate
\nVirtualFree
\nQueryPerformanceCounter
\nGetTickCount
\nGetCurrentProcessId
\nGetSystemTimeAsFileTime
\nGetCPInfo
\nGetACP
\nLeaveCriticalSection
\nEnterCriticalSection
\nVirtualAlloc
\nWriteFile
\nInitializeCriticalSection
\nMultiByteToWideChar
\nGetStringTypeA
\nGetStringTypeW
\nGetLocaleInfoA
\nSetFilePointer
\nWriteConsoleA
\nWriteConsoleW
\nCreateFileA
\nFlushFileBuffers
\nGetFileSize
\nGetFileAttributesW<\/p>\n","protected":false},"excerpt":{"rendered":"