On 6/26/2025 at 12:29 AM, cambaz said:

🚀 Exclusive Reverse Engineering & Malware Hunting Toolkit

Released: 22 hours ago — Latest Version!

📝 About This Tool

4n4lDetector is a powerful and lightweight PE analysis scanner for Microsoft Windows executables, libraries, drivers, and memory dumps.

Designed to make malware detection easy and intuitive, the tool provides in-depth analysis of PE header structures, sections, strings, APIs, and anomalies — giving you the upper hand in detecting modern malware techniques.

It comes packed with smart heuristics, optimized detection engines, and actionable insights for reverse engineers and threat hunters.

👉 Simply drag & drop your samples — fast & intuitive!

⚡ Supported Architectures

✅ 32-bit: x86, 8086, ARMv7

✅ 64-bit: x64, x86-64, AMD64, ARMv8

TI & ET Extraction:

Alpha AXP, ARM (Thumb-2), ARM64

EFI Byte Code

Hitachi SH3, SH4, SH5

Intel i860, Itanium IA-64

MIPS R3000/R4000/FPU

x64, x86, x86-64

🎛️ UI Buttons Legend

🟢 Green: Action buttons (Open Files/Folders, Run Tools)

🔴 Red: Reset/Delete/Reconfigure

🟣 Purple: Online interactions

🌸 Pink: Navigation shortcuts

⌨️ Hotkeys

🔍 [A] Main Analysis

🌐 [W] HTML Report View

🔤 [S] Strings Viewer

🦠 [V] VirusTotal API Report

🧠 Detections & Features

🔎 PE Info & Structure

🛑 Unusual Entry Points & Code

📦 Packers / Crypters / Binders

🏗️ Compilations & Architectures

🧑‍💻 Suspicious Functions

🗝️ Registry Keys & File Access

🕵️ Anti-VM / Sandbox / Debug Detection

🌐 URL & IP Extractor

🗂️ Embedded Payloads

🛡️ AV Services Check

📄 Duplicate Sections & Rich Signature Analyzer

📬 Emails, SQL Queries, Malicious Resources

🐀 Config RAT Detection (Memory Dumps)

🧩 PE Carving & Exploit Detection

🧮 CheckSum / PE Integrity Verifications

🐍 Polymorphic Patterns

🆕 What's New in v3.1.0 🚀

✅ Added Coronavirus Icon button redirecting to PEscan.io

✅ Full integration of Zw functions & Call API By Name detections

✅ Improved SQL info gathering (faster & more accurate)

✅ Better handling of Duplicate Sections

✅ RVA calculation adjustments for Export Table

✅ New controls for Import/Export/Resources Extraction

✅ Overflow protection & stability improvements

✅ Updated SSL compatibility for VirusTotal API

✅ Manual control for message downloads

✅ Enhanced safety for Reset & Update buttons

✅ Redesigned Report UI & HTML Reports

✅ Improved Styled HTML Extraction

✅ Optimized buffer handling & performance

✅ Added .NET version & Any CPU flag detection

✅ Centered Settings & Help windows

✅ Updated 4n4l.Rules & Entry Point rules

✅ Fixed sporadic file path errors

✅ Improved extraction of executable resources

✅ Enhanced Intelligent Strings Module (better serials & IP detection)

 

Hidden Content

• Reply to this topic to see the hidden content.

 

e.s

many thx for the share

On 6/25/2025 at 2:29 PM, cambaz said:

🚀 Exclusive Reverse Engineering & Malware Hunting Toolkit

Released: 22 hours ago — Latest Version!

📝 About This Tool

4n4lDetector is a powerful and lightweight PE analysis scanner for Microsoft Windows executables, libraries, drivers, and memory dumps.

Designed to make malware detection easy and intuitive, the tool provides in-depth analysis of PE header structures, sections, strings, APIs, and anomalies — giving you the upper hand in detecting modern malware techniques.

It comes packed with smart heuristics, optimized detection engines, and actionable insights for reverse engineers and threat hunters.

👉 Simply drag & drop your samples — fast & intuitive!

⚡ Supported Architectures

✅ 32-bit: x86, 8086, ARMv7

✅ 64-bit: x64, x86-64, AMD64, ARMv8

TI & ET Extraction:

Alpha AXP, ARM (Thumb-2), ARM64

EFI Byte Code

Hitachi SH3, SH4, SH5

Intel i860, Itanium IA-64

MIPS R3000/R4000/FPU

x64, x86, x86-64

🎛️ UI Buttons Legend

🟢 Green: Action buttons (Open Files/Folders, Run Tools)

🔴 Red: Reset/Delete/Reconfigure

🟣 Purple: Online interactions

🌸 Pink: Navigation shortcuts

⌨️ Hotkeys

🔍 [A] Main Analysis

🌐 [W] HTML Report View

🔤 [S] Strings Viewer

🦠 [V] VirusTotal API Report

🧠 Detections & Features

🔎 PE Info & Structure

🛑 Unusual Entry Points & Code

📦 Packers / Crypters / Binders

🏗️ Compilations & Architectures

🧑‍💻 Suspicious Functions

🗝️ Registry Keys & File Access

🕵️ Anti-VM / Sandbox / Debug Detection

🌐 URL & IP Extractor

🗂️ Embedded Payloads

🛡️ AV Services Check

📄 Duplicate Sections & Rich Signature Analyzer

📬 Emails, SQL Queries, Malicious Resources

🐀 Config RAT Detection (Memory Dumps)

🧩 PE Carving & Exploit Detection

🧮 CheckSum / PE Integrity Verifications

🐍 Polymorphic Patterns

🆕 What's New in v3.1.0 🚀

✅ Added Coronavirus Icon button redirecting to PEscan.io

✅ Full integration of Zw functions & Call API By Name detections

✅ Improved SQL info gathering (faster & more accurate)

✅ Better handling of Duplicate Sections

✅ RVA calculation adjustments for Export Table

✅ New controls for Import/Export/Resources Extraction

✅ Overflow protection & stability improvements

✅ Updated SSL compatibility for VirusTotal API

✅ Manual control for message downloads

✅ Enhanced safety for Reset & Update buttons

✅ Redesigned Report UI & HTML Reports

✅ Improved Styled HTML Extraction

✅ Optimized buffer handling & performance

✅ Added .NET version & Any CPU flag detection

✅ Centered Settings & Help windows

✅ Updated 4n4l.Rules & Entry Point rules

✅ Fixed sporadic file path errors

✅ Improved extraction of executable resources

✅ Enhanced Intelligent Strings Module (better serials & IP detection)

 

Hidden Content

• Reply to this topic to see the hidden content.

 

thnaks man

Thanks

I bring you a major innovation in static malware analysis, along with highly optimized performance and stability. Both the Professional version and PEscan have been updated with the latest enhancements. This version will give my neurons 🧠  a break… and I know it will be your best ally for reversing and security incidents that, unfortunately, are ahead of us. The integrated Flow Anomalies module works seamlessly with the [Show Offsets] tool, allowing you to track the execution flow of different code fragments and locate their strings. Enjoy it! 🤗

Changelog v3.2

• Compatibility with the achievement medal system and unlocking of functionalities from the previous version.

• Fixed an issue that caused duplicate section counts in non-executable files.

• Inclusion of form state controls during analysis.

• Complete review of the heuristic and email modules, now enabled by default.

• If the Options form was open during analysis, it will remain visible until completion.

• Manual string search limited to 100 characters.

• Redistribution and minor adjustments in the payload module detections.

• Review of the decimal-to-hexadecimal and hexadecimal-to-decimal offset conversion routine.

• Optimization of the Intelligent Strings module, improving performance on large files.

• Slight improvement in SQL query extraction.

• Update and optimization of the file description extraction module:

  • Language and CodePage fields are now included in all descriptions.

• Inclusion of the Flow Anomalies module, responsible for static code flow checks:

  • Identification of indirect calls in executables.

  • Detection of suspicious jump sequences (JMP and conditional), indicating possible obfuscation or packing.

  • Detection of instructions related to shellcodes and payloads.

  • Detection of NOP and breakpoint (BP) sequences.

  • Extraction of Overlay in hexadecimal and character format.

  • Verification of junk code in Entry Points.

Download: 4n4lDetector v3.2