From SpybotWiki
Jump to: navigation, search
General properties

FileAlyzer is our file analysis tool, initially created as our internal helper in updating our detection database, published in a generalized version, and now, since version 1.6, improved with functions that do support OpenSBI.

Recognized contents

  • Generic file attributes, including CRC-32, MD5 and SHA-1 hashes (OpenSBI compatible export)
  • File signatures
  • Version resource (multilingual) (OpenSBI compatible export)
  • Link destinations
  • Authenticode signatures (OpenSBI compatible export)
  • Resources (OpenSBI compatible export)
  • Streams (including Alternate Data Streams)
  • PE file headers
  • PE file sections (OpenSBI compatible export)
  • ELF file headers
  • ELF file sections
  • x86 code (shown disassembled)
  • Import table
  • Export tables (OpenSBI compatible export)
  • Hex dump with pattern recognition (GUIDs, filenames, &c.)
  • Image preview
  • EXIF information
  • Text preview
  • INI file contents
  • HTML preview
  • Archive preview
  • Database preview (dBase, CSV, Tab)
  • ID3 tags (v1 and v2)
  • RIFF structure (AVI containers)

Many of these sections might be improved by adding direct OpenSBI support as well in the future.



FileAlyzer 1.6 adds the following features that are intended to help in creating and maintaining OpenSBI files:


Similar functions have been added to the included FoldAlyzer application:

  • Functions to create OpenSBI advanced file parameters for all selected files
  • Functions to create adv. file parameters for detection by PE sections
  • Functions to create adv. file parameters for detection by authenticode signatures