Exetools - Exeinfo PE

Exetools (https://forum.exetools.com/index.php)

- Community Tools (https://forum.exetools.com/forumdisplay.php?f=47)

- - Exeinfo PE (https://forum.exetools.com/showthread.php?t=20044)

New Update ( Test version ) :D

Quote:

Exeinfo Pe v. 0.0.7.2

1126 / 136 signatures

Quote:

NOT compatible with - Arabic Windows 10 !!!

this version try detect x64 dotfuscator

VMProtect v.3.6.1 2022

fix : x64 .NET + dotfuscator - PreEmpire Solutions v1.2 - 6.5.x

update :
1085.Code Virtualizer v3.0.8.0 - 3.1.3.0

added
5131. x64 InstallShield [ 2014-2021 Pro Unicode v21.00-27.00 ]

and others

Quote:

hxxps://www57.zippyshare.com/v/VD6x45li/file.html

Exeinfo Pe v.0.0.7.2

Exeinfo Pe v.0.0.7.2 (23.07.2022) VIP

dupe:
https://forum.exetools.com/showpost.php?p=125650&postcount=14

I didn't know this version was shared on the forum, can the authorized admin please delete the topic?

I agree. You can get VIP subscription for all of $5 USD -- Exeinfope is an excellent tool. No need to warez it...

Exeinfo Pe v. 0.0.7.3

New Update ( Test version ) :D

Quote:

Exeinfo Pe v. 0.0.7.3

1132 / 138 signatures
userdb.txt : 4447

Quote:

NOT compatible with - Arabic Windows 10 !

signatures update

added Flip EOF to offset 0000 - binary file tool

added Fake detector for : 800..NET + dotfuscator - PreEmpire Solutions

fix : 5096. x64 Eazfuscator.NET v2022.1

fix For : Inx .NET Protector & Obfuscator ( Strong ConfuserEx Mod )

and others

Quote:

hxxps://www24.zippyshare.com/v/5Y02vRqQ/file.html

Exeinfo Pe v. 0.0.7.3 II

New Update ( Test version ) :D

Quote:

Exeinfo Pe v. 0.0.7.3 II

1134 + 139 Signatures x64
userdb.txt : 4447

Quote:

NOT compatible with - Arabic Windows 10 !

signatures update

added x64 only if EP=0000 .NET Reactor 6.x - www.eziriz.com

added on 32 bit .NET

[ WARNING : .NET Reactor ? AntiDebug option detected* ]

645. .NET Reactor v.6.8.0.0 Native Method (.NET / MS C++ stub 9.0 )

.NET exe changes !!!

and other

detect flipped zip files

and others

Quote:

hxxps://www54.zippyshare.com/v/fGHErCI8/file.html

Exeinfo Pe v. 0.0.7.3 II VIP

Exeinfo Pe v. 0.0.7.3 II (VIP Version)

- signatures update 1134 / 139
- userdb.txt : 4447
- added x64 only if EP=0000 .NET Reactor 6.x - www.eziriz.com
- added on 32 bit .NET
- NET Reactor v.6.8.0.0 Native Method (.NET / MS C++ stub 9.0 )
- detect flipped zip files

Use search before you post ;-)

Code:

https://forum.exetools.com/showthread.php?p=126134#post126134

Exeinfo Pe v. 0.0.7.4

New Update ( Test version ) :D

Quote:

Exeinfo Pe v. 0.0.7.4

1141 / 144 Signatures x64
userdb.txt : 4450

Quote:

signatures update

File Characteristics GUI updated items :

0020 : Handle a high entropy 64 bit VA

added .NET RES in > 20 kb - search : [ .GZ archive inside - try Ripper ]

fix 961.[ Enigma new ver.5.x - 6.80.x ] -[ DotFix NiceProtect - 6.x ]

Added version detector : 599.Advanced Installer [ v7.x - v19.x ]

599. added detection v32
InstallAware for Windows Installer [ v32 X15 2022 ]

fix for dll
147.Open WATCOM C/C++32

NOT Win EXE - .o - ELF WATCOM C/C++32 v2.0

added detector : 067.Rar Sfx Archive [ MESSAGES OVL ] , Overlay

update
5044. x64 Rar Sfx Archive v6.xx - 6.20

added double app dos/windows in one
*Unknown exe

added
NOT EXE - .nrproj .NET Reactor Project xml file

- Strong update version , fixed old detection !

- Do not Distribute only for test .NET exe diagnose many changes

- added plugin : wwwHelper v0.2
updated www links for unpackers

and other

Quote:

hxxps://www42.zippyshare.com/v/QWwOpnvU/file.html

Exeinfo Pe v0.0.7.6

New Update ( Test version ) :D

Quote:

Exeinfo Pe v. 0.0.7.6

1150 + 151 Signatures x64
Ext_detector - v6.7.5 ( 675 Non eXe Signatures )
userdb.txt : 4451

Quote:

Signatures Update

- Strong update .NET obfuscator x86 / x64 , fixed fake detection !
- DLL Characteristics GUI updated
- .NET GUI added Hex view
- Added .jp2 jpeg2000 Ripper ( for .pdf files )
- fixed : x64 GO Programming Language
- 5045.x64 - AutoIt [ v3.3.14.5 ]
- 5045.x64 - AutoIt [ v3.3.16 2022.09 ]
- 5012.x64 Embarcadero Delphi NSTD
- 5035.x64 Paquet Builder v21.0.0
- 016.PEcompact ver.3.02.2
update : 5076.[ x64 Enigma ver.5.x - 7.0 ]
update ver.VMProtect v.3.5.1 - 3.7.3 2022
fixed & upd.723.Ahk2Exe for AutoHotkey [ v1.1.36.02 ]
added v10 : 588.Enigma Virtual Box - v10.00 (2022.12.14)
fix detector :
5135.x64 VMProtect v.3.6.0 - 3.7.3 2022
added new version :
1021.InstallAware Virtualization v6 ( BoxedApp packer v2.x - 14.0 )
1021.BoxedApp Packer 2018 / 2019 14.0
added x64 : [ ESET module MZ-Header ]
added v5 generic :
760.Generic Crypto Obfuscator For .Net v5 - LogicNP Software
added tampared exe :
Windows PE exe for .NET / GNU compiler but no "PE" tampared/compr.
Windows PE exe compressed LZ77
fix : NOT EXE - .dex - Dalvik Executable v5.0 - 9.0

- This Version Not Support : Windows 10 ( Arabic version )

A.S.L ( c ) 2022.12.29

Quote:

hxxps://www22.zippyshare.com/v/RoJZCnQ8/file.html

Exeinfo Pe v. 0.0.7.7

New Update ( Test version ) :D

Quote:

Exeinfo Pe v. 0.0.7.7

1156 / 157 Signatures x64
Ext_detector - v6.8.4 ( 675 Non eXe Signatures )
userdb.txt : 4453

Quote:

Signatures Update

- Strong update .NET obfuscator x86 / x64 ,

fixed fake detection !

- added for test : x64 ArmDot 2023 v3.0.0 - www.armdot.com

( I have trial version only )

IF result is : Sign. for DLL : RustemSoft Skater .NET Obfusc.

on EXE file , you can change this result :

Click on Main form [ < ] Button

Exeinfo ignore this detection.

many NON EXE detection added

- This Version Not Support : Windows 10 ( Arabic version )

Last signatures :

x86

1138.EasyCode v2.0 x86 + MASM ( std sign no Deb ) - www.easycode.cat
1139.EasyCode v2.0 x86 + MASM ( Dbg sign ) - www.easycode.cat
1140.[ WARNING : Tampared - Nullsoft Install System v3.0x ] - not packed stub / v.3.05
1141.EuroAssembler ver.20190402 - http://euroassembler.eu *ACM
1142.Standalone EXE Document Locker v1.1 - 2022.11.29 www.4dots-software.com
1143.ZIP SelfExtractor Maker Setup v1.11 2022.11 - www.4dots-software.com
1144.BoxedApp packer v4 2021 (c) Softanics - BozedAppSDK.dll incl. - stub : Delphi/C++/FPC detect only !
1145.[ BoxedApp SDK32 - 2018-2021 ] DLL library - www.boxedapp.com - stub : C++ 12 NSTD EP
1146.DeepSea Obfuscator v.x.x - 4.4.4 ┬ر 2001-2013 TallApplications - obsolete tool ! - 90% detector
1147.Generic for DLL : RustemSoft Skater .NET Obfuscator v.4.8 - 9.9 - 2022 - www.rustemsoft.com ( only if config fast : OFF)
1148..NET - DNGuard HVM v.2 - 4.20 by ZiYuXuan Studio - 2022.11 - www.dnguard.net - stub : MS Visual C#
1149.[ DNGuard HVM Runtime - v3.x - 4.x 2022 ] DLL library - www.dnguard.net - stub : MS C++
1150.DNGuard v4.x 2022 ( static stub x86/x64 .NET inside ) - www.dnguard.net - stub : Microsoft Visual C++ v.8.0
1151.Baymax Patch Tools v3.1.0 - 3.x 2023.01 by Nisy/PYG www.chinapyg.com - stub : Microsoft Visual C++ v.9.00 & UPX Stub
1152.Metrowerks CodeWarrior C/C++ x86 V2.4 ( MAC OS ) CW Tools 6.0 - obsolete compiler - www.freescale.com *ACM
1153.Struct 3 : VMProtect v.3.6.0 - 3.7.3 2022 [ Exe , Option : packed ] - www.vmpsoft.com
1154.Yano v1.0.15.0 ntoolbox.bom/yano 2012 obsolete! - stub : MS Visual C# / Basic.NET
1155.ArmDot 2023 v3.0.0 - www.armdot.com ( protector/license creator ) - stub : MS Visual C# / Basic.NET

x64

5141. x64 MASM , Linker 14.xx - [ DBG_13 sign ] - no www.microsoft link to masm64 sdk
5142. x64 MASM , Linker 2.50 POLINK v8 2015 - smorgasbordet.com , no www.microsoft link to masm64 sdk
5143. x64 - EuroAssembler ver.20190402 - http://euroassembler.eu *ACM
5144. x64 Microsoft VC++ 14.29 exe [ CPU : AA64 ARMv8 ]
5145. x64 - SecureUPDATE_Installer ( Wizard or Patch - Delta instaler for patch/update ) - stub : [ Tampared file ] x64 UPX v.3.9-4.0
5146. x64 BoxedApp packer v4 2021 www.boxedapp.com - Softanics - BoxedAppSDK.dll incl. - stub : xxxx
5147. x64 [ BoxedAppSDK64 - 2018-2021 ] DLL library - www.boxedapp.com - stub : C++ 12 NSTD EP
5148. x64 - DeepSea Obfuscator v.x - v4.4.4 ┬ر 2001-2013 TallApplications - 96% detector , NO *ACM can detect Fake results !
5149. x64 [ DNGuard HVM Runtime - v4.x 2022 ] DLL library - www.dnguard.net - stub : x64 Microsoft Visual C++ v8.x
5150. x64 .NET - DNGuard HVM v4.20 by ZiYuXuan Studio - 2022.11 - www.dnguard.net - stub : EP=0000
5151. x64 DLL from : Microsoft AppStore ( Export : RHBinder__ShimExeMain ) - stub : NSTD MSV C++ built by: PROJECTNREL
5152. x64 EXE from : Microsoft AppStore ( exe run dll -> RHBinder__ShimExeMain ) - stub : NSTD MSV C++ built by: PROJECTNREL
5153. x64 Baymax Patch Tools v3.1.0 - 3.x 2023.01 by Nisy/PYG www.chinapyg.com - stub : Microsoft Visual C++ v.9.00 & UPX Stub
5154. x64 Microsoft Visual C++ v14.16 - 2017 - DLL ( push rbx , DisableThreadLib.Cs. )
5155. x64 Yano v1.0.15.0 ntoolbox.bom/yano 2012 obsolete! - stub : x64 .NET exe file : 00 Entry Point
5156. x64 ArmDot 2023 v3.0.0 - www.armdot.com ( protector/license creator ) - stub : x64 .NET DLL with : 00 Entry Point - CPU : AMD64

A.S.L ( c ) 2023.01

Quote:

hxxps://www79.zippyshare.com/v/VzUzsPAk/file.html

Exeinfo Pe v. 0.0.7.7 V

New Update ( Test version 5 ) :D

Quote:

Exeinfo Pe v. 0.0.7.7 V

115x / 15x Signatures x64
Ext_detector - v6.8.4 ( 675 Non eXe Signatures )
userdb.txt : 4453

Quote:

.NET - Babel v9.x updated , IntelliLock 3.0

console mode fixed - window no flash

overlay xor - changed ! , you can use on non executable files ( un-xor binary file )

fix : 426.Themida & WinLicense 2.0 - 2.4.6 - struct (Hide from PE scanners II-V)

Config - if set to English , I delete config lng file for external language like : Chinese.lng

added on MSV C++ for PUA App. : [ WARNING : File use VirtualProtect ]

update [ 7-zip SFX stub ] [ v22.01 Con - GENUINE Stub ]

1145.[ BoxedApp SDK32 - 2018-2021 ] DLL library - www.boxedapp.com

All signs : imptoved VMProtect 3.5.x - 3.6.x - x86 & x64 - Strong detection POWER !

fix 797.DeployLX Software Protection System - Codeveil 5.x for .NET

added
800.[ NETSecureFake Signature ! ] .NET + dotfuscator - PreEmpire Solutions

fixed Non exe - .h264 movie detector

Quote:

hxxps://anonfiles.com/v2Ues0g8z0/Exeinfo_0077fixed_console5_zip

Exeinfo Pe v.0.0.7.8

New Update ( Test version ) :D

Quote:

Exeinfo Pe v.0.0.7.8

1167 / 161 Signatures x64
Ext_detector - v0.6.9.6
userdb.txt : 4453

Quote:

console mode fixed - window no flash

Now detect All exe xor-ed -combination on binary files*

fix and update 32/64 : VMware/BitRock InstallBuilder ver: 22.x

fixed console mode option '/se' scan with external signatures userdb.txt

added detection :
925.Make SFX v5.x http://74.cz

NOT EXE - .ZIP archive - .appxbundle Windows 8.1 App Bundle

851.VirtualBox Installer [v.7.00.6 ] 2023

[ Sfx Easy 7-Zip 0.1.6 James Hoo

added 32/64 & update :
[ Update Tool ] - x64 Microsoft Visual C++ v14.34

update EP
VMProtect v.3.6.0 - 3.7.3 2022 [ Exe , Option : packed ]

now detect v.23
1054.Yandex browser installer v19 - 23.x full

update detector
970.Google UPDATE (MS Edge/Chrome) Update Setup Installer

added only x86 stub : [ Opera 2023 Installer ]

fixed : x64 for Alexandria ver35
5012.x64 Embarcadero Delphi compiler

added signatures :

5150. x64 .NET - DNGuard HVM v4.20 by ZiYuXuan Studio - 2022.11 - www.dnguard.net - stub : EP=0000
5151. x64 DLL from : Microsoft AppStore ( Export : RHBinder__ShimExeMain ) - stub : NSTD MSV C++ built by: PROJECTNREL
5152. x64 EXE from : Microsoft AppStore ( exe run dll -> RHBinder__ShimExeMain ) - stub : NSTD MSV C++ built by: PROJECTNREL
5153. x64 Baymax Patch Tools v3.1.0 - 3.x 2023.01 by Nisy/PYG www.chinapyg.com - stub : Microsoft Visual C++ v.9.00 & UPX Stub
5154. x64 Microsoft Visual C++ v14.16 - 2017 - DLL ( push rbx , DisableThreadLib.Cs. )
5155. x64 Yano v1.0.15.0 ntoolbox.bom/yano 2012 obsolete! - stub : x64 .NET exe file : 00 Entry Point
5156. x64 ArmDot 2023 v3.0.0 - www.armdot.com ( protector/license creator ) - stub : x64 .NET DLL with : 00 Entry Point - CPU : AMD64
5157. x64 GO Programming Language - Compiler v1.19.7
5158. x64 - DLL to EXE converter v1.1 - for 32 & 64 bit DLLs - 2018-10-10
5159. x64 .NET - DLL to EXE converter v1.1 - for 32 & 64 bit DLLs - 2018-10-10
5160. x64 .NET IntelliLock 2.9 - 3.0 ( unreg.js script ) .NET Reactor

and x86 signatures :

1155.ArmDot 2023 v3.0.0 - www.armdot.com ( protector/license creator ) - stub : MS Visual C# / Basic.NET
1156.[ PUP/PUA - Softonic Downloader v6.4x 2022 ] - Inno Setup Module 5 SFX - [ v.6.1.0 ]
1157.InstallForge Setup v.1.4.2 ( free ) 2007-2020 - http://installforge.net - stub : PureBasic v4.20 - v6.0
1158.[ A.S.L - NSIS Setup Protector ver.0.01 ] - Nullsoft Install System v2.xx - 3.0 / v.2.12
1159..NET exe bytepress v1.0.0.2 by Adam Roach - http://github.com/roachadam/bytepress ( Mode : lzma/gzip/quickLz )
1160..NET Bat2Exe v2.1 ( 17.11.2021 ) - http://github.com/dehoisted
1161.[ Overlay crypted PUP/PUA - Unknown Pack ] - Generic : Installer Nullsoft PiMP Stub / v.20-Sep-2022.cvs
1162.Generic new : AVAST/AVG Software Sfx installer v23.x 2023 - www.avast.com - stub : NSTD MS VC++ 14.x
1163.x86/x64 Chromium Installer v.113.x - 2023 - stub : Microsoft Visual C++ v.14 - 2015 ( NSTD ) microsoft.com
1164.x86/x64 Generic/Modded : Chromium Installer v.xx - 2023 - stub : Microsoft Visual C++ v.14 - 2015 ( NSTD ) microsoft.com ( ex.Maxton )
1165.x86 - DLL to EXE converter v1.1 - for 32 & 64 bit DLLs - 2018-10-10
1166.Adobe Installer downloader v2.11.0.30 - upx stub 3.91
1167..NET IntelliLock 2.9 - 3.0 ( unreg.js script ) .NET Reactor

Quote:

hxxps://anonfiles.com/h0A2Fch6z6/ExeinfoPE_0078_zip

New Update ( Test version ) :D

Quote:

Exeinfo Pe v.0.0.7.8 II

1169 / 161 Signatures x64
Ext_detector - v0.7.0.7
userdb.txt : 4455

Quote:

hxxps://anonfiles.com/W8E9v4v1z7/ExeinfoPE_0078_II_zip