病毒分析工具 V1.4 万能脱壳工具

Sucop virus analysis tool(File Format Identifier) v1.4 unnoo-dswlab products It is an auxiliary tool for virus analysis, which includes various file format recognition engine code, sniffing packers, unpacking by virtual machine, editing PE file, rebuilding PE file, obtaining the import table(using virtual machine to decode the encode import table), dumpping memory, processesing the overlay, PE address conversion, supporting PEid plugins, computing MD5 and efficient use of third-party tools, and so on. It is also used for disposing the * virus samples during virus analysis. This software is free; you can download, install, copy and distribute it noncommercially; For commercial sale, copy and distribute, you should get the warranty and permission of DSWLAB before(for example, if the anti-virus company want to use it to analyses the * horse in batches, he must get mandate and permission of DSWLAB before). v1.4 new features： ★add obtaining the import table function, for some encode import table, you can decode it by the virutal machine. (See section 9 following), welcome the contact us if you have more suggestions ★show more useful descriptions for the invalid pe file, thanks to Pedro Lopez for proposing it ★new skin to make more beautiful, you can switch skin style after hitting option button, thanks to fly(unpack.cn) for proposing it ★add the external signatures library which collected by fly(unpack.cn), thanks for the authorization ★correct several bugs v1.3 new features： ★add a task view which supports three functions: a.terminate the process b.corrent the image size of the module c.dump the memory with three mode(Dump Full、Dump Partial and Dump Region) v1.2 new features： ★support PEid plugins ★add a feature for rebuilding PE v1.1 new features： ★add VMUnpacker unpack engine for unpacking, the unpacking capacity is equal VMUnpacker v1.4 ★add some external signatures from the internet ★add a feature for deleting overlay and saving overlay ★add PE Address Conversion(RAV<->RAW) First, Sniff Packers Supporting file drag, directory drag, you can also install shell extensions to recognize file and directory. In order to recognize more packers, you can use the external signatures library (must named userdb.txt, the library format is as same as the PEid's external signatures library). Note: A '*' will appear if this packers was sniffed by the external signatures. Second, Unpack