updated : 2021-11-14

 

Item :

Download link

Date

 

Please do not distribute on Forums

Exeinfo Pe v. 0.0.6.8 Demo

1107 / 116 signatures

( Ext_detector  ver.0.6.3.4  )

userdb.txt : 4441
 

Please do not distribute on Forums

your e-mail will be banned

from email list

 

Download link

 info : many changes and updates old signatures

fix : 800..NET - dotfuscator - PreEmpire Solutions v.1.2 - 6.0

[ Electron installer application - http://electronjs.org ]

.XZ Ripper added , Ask : 10,20,40,65,100 = continue ripping

added :
1107.GO Programming Language - Compiler v.1.17.x

added
1103.VMProtect v.3.5.0 [ Delphi XE code not packed

update ver.detector
1064.[ PyInstaller v.4.5 - 20052021 ]

PreScan : added for x64 C++ v14 section .retplne

Uniextract run changed to v2.0 - https://github.com/Bioruebe/UniExtract2#download
( from shell integration )


and other for test ( NAG )

 

14.11.2021

Exeinfo Pe v. 0.0.6.7 Test

1102 / 114 signatures

( Ext_detector  ver.0.6.1.9  )

userdb.txt : 4439
 

Please do not distribute on Forums

 

Download link

 info : many changes and updates old signatures

x64 fixed wrong detection VMProtect fixed to Obsidium

detector added : Obsidium x64 [option : MZ org. ]

added pdf crypter ( dor Pdfsecure )
NOT EXE - its .PDF (v.1.7) format - [ PACKED .zlib ] [ ENCR ]

Enabled png , jpg , gif ripper on files bigger then buffer

Big file loading changed - F11 work on file header detection ,

I loading 256 kb of file at offset 0000

PreScan : added for Embar Delphi 10.1 - 10.4 : Embarc.32 not packed sec.II
added detector DLL 32/64

added
[ VMProtect SDK 32 - www.vmpsoft.com ] Microsoft Visual C++ v.14.0


and other user fixes

 

12.10.2021

 

Exeinfo Pe v. 0.0.6.7 Test

1097 / 108 signatures

( Ext_detector  ver.0.6.1.9  )

userdb.txt : 4439
 

 

Download link

 info : many changes and updates old signatures

 added detector DLL 32/64 [ VMProtect SDK - www.vmpsoft.com ]
added pdf crypter Encrypted - passworded type : xx
Enabled png , jpg , gif  Ripper on files bigger then buffer
PreScan :

added for Embarcadero Delphi 10.1 - 10.4 : Embarc.32 not packed sec.II


x64 fixed wrong detection VMProtect fixed to Obsidium


added Obsidium x64 [option : MZ org. ]


and other user fixes



and other user fixes

 

 

03.09.2021

 

Inno Extractor  v.5.3.0.190 Free

A.S.L Edition

Support Inno Setup v.6.1.x

 You can unpack this instalation !

Download link

  This is Installer - not  portable version ! 

Created

30.08.2021

 

Exeinfo Pe v. 0.0.6.6

1096 / 107 signatures

( Ext_detector  ver.0.6.1.6  )

userdb.txt : 4438
 

 

 info : many changes and updates old signatures


 DLL fix : 5047. x64 Themida & WinLicense 2.0 - 2.4.6.0
DLL fix : 230.[section protection] VMProtect v.1.25
add : x64 added [ WinLicense SDK used for Trial ] x64 MS Visual C++
add : .NET ConfuserEx v1.6.x MOD [ v1.6.0-alpha ] - x86 / x64
add : 5105. x64 .NET ConfuserEx v0.3 - 1.0
add : .NET - modded ConfuserEX not Smartassembly [canary]
add : 900.Obsidium [ v.1.7.1.4 ]
add : Obfuscated : Babel v9.3 - 9.7 2021
add : 655.[ 7-zip SFX stub ] [ v21.01 - GENUINE Stub ]
add : for x86 : 080. .NET [ Web Downloader Installer ]
upd. 906.InstallAware for Windows Installer [ v30 X13 ]
fix : 800. .NET - dotfuscator - PreEmpire Solutions v.5.0
fix : 1079.Babel v9.3.3.1 - 9.7.3 (2020-21)
fix : 946.ESET Live Installer [ v10 ]
fix : 960.(Nstd) Radstudio v10.x ESD ( C++ Builder 10.1 - 10.4 )
fix : 963.Comodo installer - 7-zip.Sfx
fix : 771.InstallShield 2014 Pro Unicode *ISc ( v21.00 - 25.00 / Silent 7.0 )
FIX AND UPDATE : 859. RustemSoft Skater .NET Obfuscator v.4.8 - 9.5
fixed x86 / x64 : 389.Microsoft Visual C++ v.14.29 - 2020
update : 1022.WINDEV Express v.26.0.7.1 PC SOFT
update : 599.Advanced Installer [ v18.0.0.0 ] - 2003-2021
www Ripper fixed for long strings
added detector : .vcproj , .vcxproj , .vbproj , .dproj
PreScan added
[ WinLicense SDK for Trial ]
[ Del/Emb.32 Debug section data FB09 ]
[ Intel IPP libraries ] for C++ compiler

and other user fixes

 

02.07.2021

     Update main exe only !
 

Exeinfo Pe v. 0.0.6.6

1092 / 104 signatures

 

 info : many changes and updates old signatures


 DLL fix : 5047. x64 Themida & WinLicense 2.0 - 2.4.6.0
DLL fix : 230.[section protection] VMProtect v.1.25
x64 added [ WinLicense SDK used for Trial ] x64 MS Visual C++
upd.906.InstallAware for Windows Installer [ v30 X13 ]
fix : 800. .NET - dotfuscator - PreEmpire Solutions v.5.0
add : Obfuscated : Babel v9.3 - 9.7 2021
fix : 1079.Babel v9.3.3.1 - 9.7.3 (2020-21)
fix : 946.ESET Live Installer [ v10 ]
fix : 960.(Nstd) Radstudio v10.x ESD ( C++ Builder 10.1 - 10.4 )
fix : 963.Comodo installer - 7-zip.Sfx
add : 900.Obsidium [ v.1.7.1.4 ]
FIX AND UPDATE : 859. RustemSoft Skater .NET Obfuscator v.4.8 - 9.5
add : 655.[ 7-zip SFX stub ] [ v21.01 - GENUINE Stub ]
www Ripper fixed for long strings
added detector : .vcproj , .vcxproj , .vbproj , .dproj
PreScan added
[ WinLicense SDK for Trial ]
[ Del/Emb.32 Debug section data FB09 ]


and more ...
 

25.04.2021

 

PDF , doc

  and

picture hints

added : EXE Ripper base64 usage Example.pdf , drag.mp4 ,

update hints

ExeinfoPe_documents.zip

 

05.05.2021

updated !

7.5 MB

 

 

Exeinfo Pe ver.0.0.6.5 IV Test

1088 / 101 signatures

    

( Ext_detector  v.0.5.9.5  )

userdb.txt : 4437 
 

 

 info : many changes and updates old signatures


Themida/Winlicense fix ( NonSt. OEP code detector "dummy" )
Autoit v3.3.12.0 - v3.3.15.3 ( UPX )
Installer - Astrum InstallWizard 2.2x
WINDEV Express v.26
Eazfuscator.NET v2020.2-4
Embarcadero fix 32 / 64

GUI many changes , Config , Multiscan
fixed save overlay
added Multiscan - hiew colors button
- back Dir button

pre scan added :

UPX packed sec.II Del/Emb.32
UPX packed sec.II Del/Emb.64


.NET Detector detect v4.x and v5.02/3

CPU Info added on Config GUI

Buffer 255 MB for exe files
Don't close/crash on big files
and more ...
 

17.02.2021

 

Exeinfo Pe ver.0.0.6.5 II Test

1087 / 101 signatures

    

( Ext_detector  v.0.5.9.1  )

userdb.txt : 4437 
 

 

 

 info : many GUI changes and fixes

Buffer for exe file 202 MB

pre scan added - [ Real .NET reloc section ]

many changes for test only !

and more ...

 

27.01.2021

 

 

Exeinfo Pe ver.0.0.6.4 prev

1086 / 100 signatures

    

( Ext_detector  v.0.5.8.0  )

userdb.txt : 4434 
 

 

 

 info : many changes and updates old signatures

- Ripper work faster 50 %

- Section GUI - Pre-Scan Button
added
.js crypted , [ Autoit .a3x script ] , MinGW / C-Free .stabstr sec.

FIXED : x64 GO Programming Language

added : NOT EXE - .dex - Dalvik Executable File ( for Android system v.9.0+ )
added : NOT Win EXE - .o - ELF [ 32bit obj. Exe file - CPU : QUALCOMM DSP6 ]
added version detector :800.NET - dotfuscator - PreEmpire Solutions

- www Ripper added : "https://" - in unicode

and more ...
 

08.10.2020

 

 

Exeinfo Pe ver.0.0.6.3 Final

1086 / 100 signatures

    

( Ext_detector  v.0.5.6.8  )

userdb.txt : 4433 
 

 

 

fix for dll - 5047. x64 Themida & WinLicense 2.0 - 2.4.6.0

added : 5099. x64 Code Virtualizer v3.0.8.0

fix NOT Win EXE - (.) - Mac OS X Mach-O 64bit Intel executable - CPU/Sub

added to section Pre-Scan :

[ BASE_64 Table ] , [ Asprotect v2.x DATA ] ,

CrashPAD Info section on C++ , ovl : Digital X509 Certificate

Trial txt ascii ,

added support F6 key - run Die v.3.0 ( Admin on exe must be OFF )

MS C++ linker - support up to 14.27

Fixed Multiscan mode - scan faster

update Linux/OS2 header

and other ...
 

14.09.2020

 

Exeinfo Pe - Advanced config tool 

ver. 1.5.0.3

 

You can enable hidden  Config options

 down link

added : support shell Die v.3.0

 

 

updated !

16.09.2020

 

Exeinfo Pe ver.0.0.6.3 Test

1085 / 99 signatures

    

( Ext_detector  v.0.5.6.7  )

userdb.txt : 4432 
 

 

 

fixed Button [<] back oep if value bigger then 0 ( if config fast scan = off )

added to section Pre-Scan :

MS C++ version , Embarcadero , Delphi , Codegear ver. string , Go build Compiler ID/inf , Go Packed section .zlb data ,
GCC:GNU libgc(*) runtime library , Cygwin runtime library , CNU C Compiler version Section

Go build Compiler ID/inf section , Packed section .zlb data section,
[ .QT METADATA Section ] , [ Armadillo 32/64 v5-9 zlib/* ] , [*Armadillo v6-9 zlib ] ,
[ TAGGANT data section - Packer Software with Crypto secure sign SHA256 ]
[ Import like Themida/Winlicense section ]
[ Themida & WinLicense DATA section ]
[* .NET RESources ] , * RSA sign ] ,
png/jpg/Gif pictures ,
[ SHA1 crypto ] , [ MFC C++ API ]
Str.Version info - Resources
[ Zlib v1.x.x ] max 1.2.8
[ Borland Delphi/C++ Runtime ]
Export data
exe , cab , cab xor FF , zip , msi , rar , 7z , [ LZMA Archive 23 def ]
Delphi TPForm

 

 

08.08.2020

 

 

Exeinfo Pe ver.0.0.6.2 Final

1083 / 97 signatures

    

( Ext_detector  v.0.5.6.7  )

userdb.txt : 4432 
 

 

 

update old detections :

GO Programming Language Compiler v1.14.5

fixed 935.VMProtect v3.00 - 3.5.0 2003-202

960.Radstudio v10.x ESD ( C++ Builder 10.1 - 10.4 - DLL library ) -

added support for bmp files v4

added for Delphi   10.4 Sydney - pas,dfm,dpr

www ripper - fixed for unicode www

Scan files faster ! - visible on big NET files

 

24.07.2020

 

 

Exeinfo Pe ver.0.0.6.2 II Test

1081 / 94 signatures

    

( Ext_detector  v.0.5.6.7  )

userdb.txt : 4430 
 

 

 

added Multiscan GUI - user directory paste for fast change Diectory.

section GUI - adde Pre-Scan for 7z , zip , rar , exe , msi , TPF , zlib 1.x.x , ...

Support : Media Info Lite  from K-lite codec pack

update old detections

added : ( ovl : Inno Setup Mode : Lzma2 or Crypted )

556.[ E ] Inno Setup Module 5 SFX - [ v.6.0.0 ] - detect protector

Import GUI - added sort alphabetical on column click (under constr.)
Sectiond GUI - added sort alphabetical on column click

added to exe pe ripper -

Question in [10,20,40,65,100]) stop ripping , max ripped files to 65535

added :
NOT EXE - .img/EXT2..EXT4 Linux extended file system image
NOT EXE - .VHDX Disk2vhd v2 disk image ( empty offset :00 ) - www.sysinternals.com
 

many bugs fixed ,

 

13.07.2020

 

 

Exeinfo Pe ver.0.0.6.1

1064 / 86 signatures

    

( Ext_detector  v.0.5.6.2  )

userdb.txt : 4426 
 

 

 

New buffer size for exe file : 128 MB

GrowUp section scan 1 MB  to 2.5 MB

fixed . Inno Setup ( PUP/PUA Generic - Tampared EP )

[dUP] diablo2oo2's Universal Patcher , Sun Java Installer v8 , ....

.EIS script Engine - added :

savefile.xxx - if you need your extension
Ascii/ Hex Ripper tool

added : NOT EXE - .md5 checksum file , - .key wincmd.key - Total Commander v9.x

added detection for

VMProtect NET ,  .NET DotNetGuard v1.2 , VMProtect v3.3.4

.NET - dotfuscator - PreEmpire Solutions

( detect version only on Registered stub - trial/hacked stub not detected - v.?.?  )

Import GUI fix and others

many bugs fixed ,

 included .Eis script :

- WebP/Avi Ripper
- 7zip header fixer for tampared archives
( tampared .7z you can send via gmail.com )
 

15.05.2020

 

 

Exeinfo Pe ver.0.0.6.0

1066 / 86 signatures

    

( Ext_detector  v.0.5.5.2  )

userdb.txt : 4425 
 

 

 

many bugs fixed ,fixed 965.Hamrick Software - VueScan Installer

fixed pdf files : name , added ovl detect 32/64 :  distutils installer

added 1064.PyInstaller v.3.6

ADDED - .egg Python Distribution Package ,.

PY - Python Script file - .PYZ - Python Zip Application,

(.exe-ovl) Python ZlibArchive - created by PyInstaller - www.pyinstaller.org

update for Obfuscated like Babel 9.3 info

fixed :
800. .NET - dotfuscator - PreEmpire Solutions - www.preemptive.com

( added version detector for protected with regged versions )

fixed 641.Generic Detector new : Obsidium v1.3.x - 1.4.x

added 900. Obsidium - update to 1.6.10.3

fixed 973.Trend Micro Installer v11-v16

added on x64 Downloader - Internet Behavior

File pullDown Menu - changed - malware scan

QuickSand.io to : Hybrid Analysis ( https://www.hybrid-analysis.com )

small changes on Header_GUI Form

 

27.02.2020

 

 

Exeinfo Pe ver.0.0.5.9

1064 / 85 signatures

    

( Ext_detector  v.0.5.4.9  )

userdb.txt : 4423 
 

 

many bugs fixed ,

Added :  Python package detector - zlib , .pyz files

ovl - Distutil detector

many small updated and fixed GUI size on Multiscan

 

 

10.02.2020

 

 

Exeinfo Pe ver.0.0.5.9

1063 / 85 signatures

    

( Ext_detector  v.0.5.4.8  )

userdb.txt : 4423 
 

 

 

many bugs fixed ,

Fixed DEEP scanning Engine 

Added :  NOT Win EXE - .o - ELF exe [ 32bit obj. Exe file - CPU : NVIDIA CUDA

Added .tips : Xvolkolak v0.22 unpacker

Installers update : InstallSimple v.3.0 , Install Creator , WinRar sfx

generic [ Setup / Installer ] fix

ovl - Install Shield 201x fix for new version

fixed .bin/rom - BIOS ROM Extension (IA-32) Intel

1015.VMProtect v3.00 - 3.1.2 [ *nstd EP ] - fixed

946.ESET Live Installer - fix update

many small updated and fixed GUI size on Multiscan

( added 20 skin )

 

 

03.01.2020

 

 

Exeinfo Pe ver.0.0.5.8 Final

1062 / 85 signatures

( Ext_detector  v.0.5.4.1  )

userdb.txt : 4422 
 

 

 

many bugs fixed ,

Added new DEEP scanning Engine 

( exe/zip/rar/7z/cab/Lzma m.23 on biggest section )

Added : : ELF executable ripper to EXE PE (  for ROM Bios files )

Added .lzma40 nstd ripper for Installers

Buffer for exe files - now 112 MB  - not 96 MB

added Generic Setup detector

many signatures updated and fixed

and other...

 

22.10.2019

 

Cryptographic plugins for Exeinfo Pe

kanal v2.92

and

Hash & Crypto Detector v1.4

Download link- crypto_plugins.zip

07.03.2019

 

 

Exeinfo Pe ver.0.0.5.0

1015 / 67 signatures 

 

Ext_detector.dll

for : Exeinfo Pe   &   Xor Data Uncrypter

version 0.4.9.0

 

new signatures added : Detect VMProtect v3.1 ( 32 & 64 bit )

many diagnose changed , added new Ripper for Packed .js files

changed  :Quick Unpack registry from v2.2 -> v3.4 , v2.2 not supported !

External scan - userdb.txt support up to : 4800 sign

.ico Ripper error fix

fix : Not Windows PE -> Signature : LX <- OS/2 ver.2.0 or higher , EIP : 00xxx

added to DOS exe : Not Windows PE -> Sign. : DOS 8 bit - CS:IP : 0000:00xx

961.[ Obsidium ver.1.6.43.0 ] fix TAGG

946. fix : ESET Live Installer

external db signatures : 4524

GUI - Windows Visual Style - fixed

....

 

12.04.2018

 

Exeinfo Pe ver.0.0.4.8 Test

994 / 64 signatures

( Ext_detector  v.0.4.5.2 )

Many fixes : Added detection for  Go language x64

old signatures updated GNU GCC MinGW + ver.detector ,

added : GO language detector , STATIC - Qt v5.x App.devel.

fix for ScreenShot create - Multiscan GUI Win7 , Inno Setup updated

External scan changed : minimum 4 bytes length ( ex. E8 ?? ?? ?? ?? ) !!!

10.09.2017

 

Exeinfo Pe ver.0.0.4.3 Win 10

( Ext_detector v.0.3.8.2 )

 960 / 49 signatures

Base64 exe Ripper added , Form view fixed , Time convert UTC ...

Debug pdb  added ,  console "/lol:' added  , new signatures update !

external signatures 4700 userdb.txt support ! + 4511 userdb.txt

11.08.2016

 

     

   Adv_scan.dll plugin  - A.S.L version fixed

-> no trojan on Anti Virus scanners

https://app.box.com/ADVscanv107  
     

For Developers / Programmers

   

 

           Exeinfo Pe / PeID  plugin

   Source code  : 

PowerBASIC ,

C++ ,

Delphi ,

MASM

 

Download link  

           Exeinfo Pe / PeID  plugin

   Example code :  Delphi source code

https://app.box.com/s/rq9cwxc6ogsc2k8oyjtf4vmj1zn7nfol  

 How to use Ext_detector.dll from  Exeinfo Pe

    Language : Delphi 2006 - Console only 

              minimum code  - source

https://app.box.com/s/54axndbrk89zxdx1p0b6w4dvtf2xk2ff  

Send suggestions   :   asl@onet.eu

 
Free Web Hosting