Didier Stevens

Thursday 18 September 2014

FileScanner.exe Part 4

Filed under: My Software — Didier Stevens @ 0:00

Please read part 1, part 2 and part 3 for more info.

A few remarks for people having issues running my program.

Folder Release contains a 32-bit executable that requires the Visual C++ Redistributable Packages for Visual Studio 2013.

Folder Release CRT contains a 32-bit executable with embedded C runtime, it does not require the redistributable.

Folder x64 contains 64-bit executables.

I included a rule file as example, filescanner-analysis-01.txt:

#Comment
exhaustive
PK:start:str=PK
$META:icontent:str=MANIFEST.MF
JAR:and:PK $META
CLASS:start:CAFEBABE
MZ:start:4D5A
PDF:start:str=%PDF-
OLE:start:D0CF11E0
RAR:start:526172211A07
$ATTRIBUT:content:00417474726962757400
OLE-VBA:and:OLE $ATTRIBUT
CAB:start:str=MSCF
ARJ:start:EA60
JFIF:start:FFD8FFE0

FileScanner_V0_0_0_3.zip (https)
MD5: D9A7BA5874C10B10BF380D03E49C82A6
SHA256: C89FF7DBDB71A22E2A88C16ECD65E36619BD8EA39A77036404B6F4B1049D21E5

Blog at WordPress.com.