A freeware suite of tools including a process viewer and a PE editor called CFF Explorer. The PE editor has full support for PE32/64. Special fields description and modification (.NET supported), utilities, rebuilder, hex editor, import adder, signature scanner, signature manager, extension support etc. First PE editor with support for .NET internal structures. Resource Editor (Windows Vista icons supported) capable of handling .NET manifest resources (who are dumpable as well). The suite is available for x86, x64 and Itanium.
- Explorer Suite (Multi-Platform Version)
- Explorer Suite (x86 Version)
The process viewer makes it possible to view information about your processes and modules. The version information for each PE makes it very easy to identify files. Also, you can dump PEs or memory regions. You can also choose to open a loaded PE with the CFF Explorer. If you're on x64 or Itanium you cannot run a 32bit version of this tool: you have to install the proper version for your processor.
Features:
* Process Viewer
* Windows Viewer
* PE and Memory Dumper
* Full support for PE32/64
* Special fields description and modification (.NET supported)
* PE Utilities
* PE Rebuilder (with Realigner, IT Binder, Reloc Remover, Strong Name Signature Remover, Image Base Changer)
* View and modification of .NET internal structures
* Resource Editor (full support for Windows Vista icons)
* Support in the Resource Editor for .NET resources (dumpable as well)
* Hex Editor
* Import Adder
* PE integrity checks
* Extension support
* Visual Studio Extensions Wizard
* File Scanner
* Directory Scanner
* Deep Scan method
* Recursive Scan method
* Multiple results
* Report generation
* Signatures Manager
* Signatures Updater
* Signatures Collisions Checker
* Signatures Retriever
Homepage: http://ntcore.com/exsuite.php
Download the Explorer Suite Multiplatform:
http://ntcore.com/Files/ExplorerSuite.exe - Mirrors
Download x86 version:
http://ntcore.com/Files/ExplorerSuite-x86.exe - Mirrors
Download Explorer Suite v2 x86 w/o Installer (Portable - no installation required!) incl. Latest ExeInfo PE:
Explorer Suite v2 x86.rar (1.72 MB) - Mirror1 - Mirror2 - ...more Mirrors1 - Mirrors2 - DDL1
5 comments:
Trojan?
29-07-2007 11:52:54 SYSTEM 1368 Sign of "Win32:Trojan-gen. {Other}" has been found in "http://download190.mediafire.com/z1vmcdtim1zg/ecdcllldwzr/Explorer+Suite+v2+x86.rar\Explorer Suite v2 x86\exeinfope.exe\[UPX]\[Embedded#93ec4]" file.
29-07-2007 11:53:24 SYSTEM 1368 Sign of "Win32:Trojan-gen. {Other}" has been found in "http://d1.usaupload.net/2d390ze37ja/1185706390/0640874e141c34dcd1a75ee9ad507f40/Explorer_Suite_v2_x86.rar\Explorer Suite v2 x86\exeinfope.exe\[UPX]\[Embedded#93ec4]" file.
Do you seeee UPX exe packer!!! You should know that every exe packer can in some cases by compressing the source can do similar signatures as a trojan but it isn't a trojan or virus! Read by every exe packer software forums about it!
Its a false alert!
Don't believe?
unpack it with upx -d
scann and you see no trojan there. pack it with upx, pecompact what ever and some exe files av scanner do report as a virus.
IT'S CALLED AS FALSE POSITIVE !!!
false positive
no trojan inside.
You AV seems to be wrong informed.
Scan all original uTorrent what does it say? 3 or 4 virus cause it's exe packed ?!!
ref: http://en.wikipedia.org/wiki/Anti-virus_software
http://www.indopedia.org/Anti-virus_software.html
google: false positive virus
what is false positive
The term false positive is also used when antivirus software wrongly classifies an innocuous file as a virus. The incorrect detection may be due to heuristics or to an incorrect virus signature in a database. Similar problems can occur with antitrojan or antispyware software.
What does he want with exe related software tools if he don't know about exe packer and them phenomenas. The only negativ side effect is that exe packer beside they reduce the filesize a lot do not more take a use of paging file from mem.
simple unpack it or change the AntiVirus soft to proof it. Maybe heuristic is in highest settings done :))
Post a Comment