Updates II

Author: David Zimmer
Date: 05.03.12 - 4:09am
One more Update to add to the last post..

scdbg updates:

libemu pop esp and jg bugfixes
now supports drag and drop for shellcode files and folders

PdfStreamDumper updates:

FaxDecode filter added
JBIG2 filter added (disabled by default)
right click Image viewer feature added (for JPXDecode and DCTDecode streams)
tools->Filter Visualizer form added
tools->Download file w/progressbar and abort support
Search->extract URLS
Search->Filter Chains
dedicated hexeditor component now utilized
VirusTotal plugin
- Hash lookup of the current pdf
- Bulk hash lookup of embedded objects in the current pdf
- Bulk hash lookup of CRLF list of MD5s loaded from clipboard

The JBIG2 decoder is disabled by default because it uses a complex native code library. I have not been able to get it to crash when doing bulk testing on old samples, but better safe than sorry. Enable it in tools->options->Enable Jbig2 Decoding Support. It will stay active until disabled again.

From the last post:

Malcode Analyst Pack Updates:

Virustotal app, right click in explorer, or bulk lookup from Hash Files form.
added dirwatch and procwatch from SysAnalyzer package. (monitor file system changes and process creation events)
added finddll command line utility (scan all processes for target dll)
ShellExt.Hash files right click menu:
- Copy Hashs
- VirusTotal search selected, VirusTotal search All
- Make Extensions Safe,
- Rename to MD5,
- Coopy to CSV,
- Rename Extensions.
- A compile date/detected file type field was also added
- Google search for hash button added
ShellExt.Strings form:
- Find all button
- file offsets now included in results with raw and VA modes(for PE files)
- progress bar displayed while searching or scanning
- better font
- automatic filter to reduce noise (filtered results still viewable)
- rescan button to change size of minimum match length
- form maintains its size and position across runs now