Difference between revisions of "FileAlyzer"
(New page: FileAlyzer is our file analysis tool, initially created as our internal helper in updating our detection database, published in a generalized version, and now, since version 1.6, improved ...) |
m (added tutorials) |
||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
+ | [[Image:FileAlyzer-intro-tab.png|thumb|300px|General properties]] | ||
FileAlyzer is our file analysis tool, initially created as our internal helper in updating our detection database, published in a generalized version, and now, since version 1.6, improved with functions that do support [[OpenSBI]]. | FileAlyzer is our file analysis tool, initially created as our internal helper in updating our detection database, published in a generalized version, and now, since version 1.6, improved with functions that do support [[OpenSBI]]. | ||
Line 41: | Line 42: | ||
* Functions to create adv. file parameters for detection by [[md5(version)|version resources]] | * Functions to create adv. file parameters for detection by [[md5(version)|version resources]] | ||
* Functions to create adv. file parameters for detection by [[authx509|authenticode signatures]] | * Functions to create adv. file parameters for detection by [[authx509|authenticode signatures]] | ||
− | |||
===FoldAlyzer=== | ===FoldAlyzer=== | ||
Line 49: | Line 49: | ||
* Functions to create adv. file parameters for detection by [[md5(sections)|PE sections]] | * Functions to create adv. file parameters for detection by [[md5(sections)|PE sections]] | ||
* Functions to create adv. file parameters for detection by [[authx509|authenticode signatures]] | * Functions to create adv. file parameters for detection by [[authx509|authenticode signatures]] | ||
+ | |||
+ | ===Tutorials=== | ||
+ | * [[Choosing advanced file parameters]] |
Latest revision as of 18:30, 27 May 2008
FileAlyzer is our file analysis tool, initially created as our internal helper in updating our detection database, published in a generalized version, and now, since version 1.6, improved with functions that do support OpenSBI.
Recognized contents
- Generic file attributes, including CRC-32, MD5 and SHA-1 hashes (OpenSBI compatible export)
- File signatures
- Version resource (multilingual) (OpenSBI compatible export)
- Link destinations
- Authenticode signatures (OpenSBI compatible export)
- Resources (OpenSBI compatible export)
- Streams (including Alternate Data Streams)
- PE file headers
- PE file sections (OpenSBI compatible export)
- ELF file headers
- ELF file sections
- x86 code (shown disassembled)
- Import table
- Export tables (OpenSBI compatible export)
- Hex dump with pattern recognition (GUIDs, filenames, &c.)
- Image preview
- EXIF information
- Text preview
- INI file contents
- HTML preview
- Archive preview
- Database preview (dBase, CSV, Tab)
- ID3 tags (v1 and v2)
- RIFF structure (AVI containers)
Many of these sections might be improved by adding direct OpenSBI support as well in the future.
OpenSBI
FileAlyzer
FileAlyzer 1.6 adds the following features that are intended to help in creating and maintaining OpenSBI files:
- Functions to create OpenSBI advanced file parameters for the current file
- Hash sums shown for resources
- Functions to create adv. file parameters for detection by resource
- Functions to create adv. file parameters for detection by PE section
- Functions to create adv. file parameters for detection by export table
- Functions to create adv. file parameters for detection by export function
- Functions to create adv. file parameters for detection by version resources
- Functions to create adv. file parameters for detection by authenticode signatures
FoldAlyzer
Similar functions have been added to the included FoldAlyzer application:
- Functions to create OpenSBI advanced file parameters for all selected files
- Functions to create adv. file parameters for detection by PE sections
- Functions to create adv. file parameters for detection by authenticode signatures