Skip to content

Releases: struppigel/PortEx

1.0 Beta 1.1

29 Sep 08:00
@struppigel struppigel
v1.0_beta1.1
bfcf813
Compare
Choose a tag to compare
1.0 Beta 1.1 Pre-release
Pre-release

Changes

  • Bug fix of Shannon entropy for sections
Loading

1.0 Beta 1

29 Sep 07:08
@struppigel struppigel
v1.0_beta1
fdaf4da
Compare
Choose a tag to compare
1.0 Beta 1 Pre-release
Pre-release

Changes

  • robustness for corkami's PoC binaries (thanks Ange Albertini) and ca 100000 Virusshare binaries
  • lots of anomalies added for detection (77 different anomalies by now)
  • delay-load imports added
  • delay-load imports in Visualizer
  • hash, debug and relocs added to reportcreator output
  • FileTypeScanner added (still experimental)
  • cofoja removed
  • Visualizer refactoring --> API change, use VisualizerBuilder now to craft your Visualizer instance
  • Hasher interface change: takes MessageDigest instance
Loading

1.0 Alpha 7

08 Sep 10:15
@struppigel struppigel
v0.7.0-alpha
f2db72c
Compare
Choose a tag to compare
1.0 Alpha 7 Pre-release
Pre-release

Changes:

  • Relocations parsing
  • MD5 and SHA256 calculation for sections and files
  • Resource loop detection and robustness
  • Anomaly detections added:
    • shuffled sections
    • fractionated data directories
    • invalid data directory entry
    • reserved MSDOS fields
    • Kernel32.dll imports by ordinal
    • entry point in writeable header
  • Report creator added
  • Additional MSDOS Header fields
  • Local entropy calculation
  • Visualizer update with local entropy and relocations
  • Anomaly API overhaul
  • Fractionated data directory robustness
  • Ordinal imports
  • PE parts loaded in chunks for speed improvement
Loading

1.0 Alpha 6

08 Sep 10:11
@struppigel struppigel
v0.6.0-alpha
57d5977
Compare
Choose a tag to compare
1.0 Alpha 6 Pre-release
Pre-release

Changes:

  • shannon entropy calculation for sections, byte arrays or whole files
  • anomaly-statistics based detection heuristic
  • anomaly subtypes added
  • subsystem additions
  • rudimentary : exception section
  • null completely removed as return type
Loading

1.0 Alpha 5

06 Jun 11:53
@struppigel struppigel
v0.5.0-alpha
f8d7892
Compare
Choose a tag to compare
1.0 Alpha 5 Pre-release
Pre-release

Changes

  • API changes (to avoid null, better method names, better interfaces)
  • PE Visualizer
  • more anomalies recognized
Loading

1.0 Alpha 4

27 May 07:01
@struppigel struppigel
v0.4.0-alpha
0433175
Compare
Choose a tag to compare
1.0 Alpha 4 Pre-release
Pre-release

1.0 Alpha 4

Features

  • Reading header information from: MSDOS Header, COFF File Header, Optional Header, Section Table
  • Reading standard section formats: Import Section, Resource Section, Export Section, Debug Section
  • Dumping of sections, overlay, embedded ZIP, JAR or .class files
  • Scanning for file anomalies in the PE Headers: including collapsed headers and usage of deprecated, reserved or wrong values
  • Scan for PEiD signatures or your own signature database
  • Scan for jar2exe or class2exe wrappers
  • Overlay detection
Loading