classify strings by groups, by colors and. ) … classify imported functions by groups, by colors and. ) dump overlay detect imports by ordinals and imports anti-debug detect duplicated exports detect import anonymous, undocumented and deprecated detect whitelist strings detect file(s) embedded in overlay blacklist signature of resource query imports and exports functions MSDN Indicate API strings not referenced in the import table Indicate strings "hint" (e.g. the professional version of pestudio Feature detect file signature (à la PEID) detect hardcoded URL and IP addresses detect unusual dos-stub message detect debug information detect exceptions detect TLS callback function detect anonymous, undocumented and deprecated functions detect blacklist and whitelist strings compute entropy of file, resources, sections, dos-stub and overlay compute Imphash compute file-ratio of dos-stub, resources, sections and overlay show first bytes of entry-point and overlay show dos-stub message dump dos-stub blacklist section name, libraries, imports and exports indicate self-modifying sections show first bytes (hex) of file and resources online score of file (virustotal) dump resources (ico, manifest, version, strings tables. ![]() ![]() The table compares the features of the standard vs.
0 Comments
Leave a Reply. |