I got bored again and as a result added support for G-Data Q files that start with a xCAxFExBAxBE magic.
The decrypted files (apart from the main sample) use extensions .met1 and .met2 and include references to malware name, and its path on disk.
The latest version of DeXRAY can be downloaded here.
DeXRAY supports:
- AhnLab (V3B)
- Amiti (IFC)
- ASquared (EQF)
- Avast (Magic@0=’-chest- ‘)
- Avira (QUA)
- Baidu (QV)
- BitDefender (BDQ)
- BullGuard (Q)
- Cisco AMP
- CMC Antivirus (CMC)
- Comodo (not really; Quarantined files are not encrypted 🙂
- ESafe (VIR)
- ESET (NQF)
- F-Prot (TMP) (Magic@0=’KSS’)
- G-Data (Q) (Magic@0=0xCAFEBABE)
- Kaspersky (KLQ, System Watcher’s .bin)
- Lavasoft AdAware (BDQ) /BitDefender files really/
- Lumension LEMSS (lqf)
- MalwareBytes Data files (DATA) – 2 versions
- MalwareBytes Quarantine files (QUAR) – 2 versions
- McAfee Quarantine files (BUP) /full support for OLE format/
- Microsoft Antimalware / Microsoft Security Essentials
- Microsoft Defender (Magic@0=0B AD|D3 45) – D3 45 C5 99 metadata + 0B AD malicious content
- Panda Zip files
- Sentinel One (MAL)
- Spybot – Search & Destroy 2 ‘recovery’
- SUPERAntiSpyware (SDB)
- Symantec ccSubSdk files: {GUID} files and submissions.idx
- Symantec Quarantine Data files (QBD)
- Symantec Quarantine files (VBN), including from SEP on Linux
- Symantec Quarantine Index files (QBI)
- Symantec Quarantine files on MAC (quarantine.qtn)
- TrendMicro (Magic@0=A9 AC BD A7 which is a ‘VSBX’ string ^ 0xFF)
- QuickHeal files
- Vipre (_ENC2)
- Zemana files+quarantine.db
- Any binary file (using X-RAY scanning)
The post DeXRAY 2.23 update appeared first on Malware Devil.
https://malwaredevil.com/2020/11/10/dexray-2-23-update/?utm_source=rss&utm_medium=rss&utm_campaign=dexray-2-23-update
No comments:
Post a Comment