2012년 10월 31일 수요일

XueTr-fire eye cooperation version (2012.10.25)

XueTr의 업데이트 정보는 후에 제공되며, 이번 XueTr은 Kingsoft에서 제공하는 파일 동적 분석 시스템인 Fireeye와 결합된 버전입니다. 64bit 지원 버전은 Microsoft의 디지털 서명 구입등의 작업이 이루어지고 있는 중입니다. 기다려 주십시오.

지원 운영체제 - only Windows 32-bit 2000, xp, vista, and Win7

Fireeye Site - http://fireeye.ijinshan.com

* Fireeye에 파일 분석 의뢰

XueTr 실행 -> Fireeye탭 -> '...' 누른후 분석이 필요한 파일 선택 -> Upload
(분석된 파일의 상세 정보는 'View the result'를 누르거나 항목을 더블클릭하면 Fireeye 사이트로 이동해 상세정보를 보여줍니다. 위험도는 'Risk Level:숫자'로 표시되며 숫자가 높을수록 위험도도 높습니다.)

XueTr Download - http://xuetr.com/download/XueTr.zip

[2012.10.25] released a XueTr-fire eye cooperation version, release details later in http://t.qq.com/linxer , Welcome to the Heat:                    

A powerful manual antivirus tools being only support 32-bit 2000, xp, vista, and Win7 operating system, and so busy working this array, will buy Microsoft digital signature to develop support for 64-bit and Windows8 XueTr Please wait and see.
Download (md5: D4B3E3A5B1FEE871A610422220C0506A)

Of QQ micro-Bo: http://t.qq.com/linxer welcome to listen, later XueTr situation will be posted here.

From the 0.44 version, XT adding donation information, thanked the donors in this. See donation list.

The tools to achieve the following functions:
Processes, threads, process modules, process window, process memory, timers, hotkeys View, kill process, kill the thread, uninstall module functions
2 kernel driver module view, to support the memory copy of the kernel driver module
View 3.SSDT, Shadow SSDT, FSD, KBD, TCPIP, Classpnp, Atapi, Acpi, SCSI, IDT, GDT, and can detect and restore ssdt hook and inline hook
4.CreateProcess, CreateThread, LoadImage, CmpCallback, BugCheckCallback, Shutdown, Lego Notify Routine View, and support the deletion of these Notify Routine
5 Port View 2000 system does not currently support
View the message hook
7 kernel module iat, eat, inline hook, patches detection and recovery
Disk, volume, keyboard, network layer filter driver detection, and support for the deletion
9. Registry Editor
10. Process iat, eat, inline hook, patches detection and recovery
11 file system view, to support basic file operations
12 view (edit) IE plug-in, SPI, startup items, services, Host file, image hijacking file associations, system firewall rules, IME
13.ObjectType Hook detection and recovery
Detect and remove 14.DPC timer
15.MBR Rootkit detection and repair
16 kernel objects hijacking detection
17.WorkerThread enumeration

Disclaimer: This is just a free auxiliary gadget, if you use this tool, giving you direct or indirect losses, damage, and I take no responsibility. From the moment you use this gadget, you will be deemed to have accepted this disclaimer.


댓글 없음:

댓글 쓰기