File: changelog.txt Project: pestudio Author: Marc Ochsenmeier Email info@winitor.com Web: www.winitor.com Copyright (C) 2009-2015, Marc Ochsenmeier Version 8.50 . Fixed a bug when handling exported functions of 54bit executables Version 8.49 . Added detection of Windows builtin services . Fixed a bug when handling strings . Leveraged Indicators for embedded files Version 8.48 . Extended Thresholds . Extended Indicators . Show virustotal score for Overlay (when available) . Fixed an issue in the Debug detection . Fixed an issue in imported symbols by ordinal for 64bit files Version 8.47 . Added computation of Imports Hash (imphash) . Added detection of strings embedded in non-PE files . Extended detection of processor types . Fixed a hangup . Updated AV list Version 8.46 . Added new thresholds . Extended detection . Fixed a crash with malformed files . Corrected duplicates during collection of functions statistics Version 8.00 to 8.45 . Added Virustotal aging and submission date . Extended Languages detection and mapping . Added PeID Signature detection of Executable embedded in Resources . Added PeID Signature detection of Executable embedded in Overlay . Added XML-based detection of PeID Signatures . Added XML-based detection of OIDs . Added XML-based detection of useragent . Extented blacklists . Added detection of references to Firefox API . Added MD5 Blacklist for a file and its Resources . Extended detection of Overlay . Extended validation of Sections . Resolve OpenSSL ordinals API to User friendly names . Added Blacklist of MD5 dedicated to the Overlay . Extended detection of files embedded in Resources . Added detection of Regular Expressions and Threshold . Cache Virustotal scores when Internet connection drops . Fixed a bug when handling the imports of some images . Added Functions Groups classification . Resources with unknown Signature and containing only text are now tagged as Text . Fixed a bug when handling the Characteristics of the FileHeader . Added MD5, SHA1 and Virustotal Score for Overlay . Fixed a bug when handling the . Fixed a bug when handling the virustotal Engines . Added Thresholds for DOS Stub and Header size . Added Thresholds for Blacklisted Imported Libs and Blacklisted functions number . Added Thresholds for Blacklisted Strings count . Added Thresholds for Blacklisted Exported Functions count Version 6.00 to 7.00 . Added Dump of Indicators . Added Dump of Manifest . Added Context menu for Certificates . Added Dump of Certificates . Raw discovery of fundamental characteristics of the Certificate(s) embedded in the Image . Handle non-printable characters in XML report . Added more Indicators specific to the location of the Entry Point . Added more details (offset and size) for each file Cave detected . Show the name of the section BaseOfCode is located in . Fixed reporting of the Libraries in the XML report . Simplified Indicators XML file . Added Indicators specific for First and Last Sections . Take virtual Section into account when pointing the overlay . Fixed detection of MPRESS under 64bit Version 6.00 . Fixed a bug by reading Symbols . Extended Indicators for Embedded Resources . Corrected missing Dependencies for some types of images . Renamed *.XML files to PeStudio*.XML . Interfaces to PeParser (PeParser.h and PeParser.lib) are now part of the Package. . Added Indexing of String . Added Detection of duplicated Section Names . Allow Strings length choice for filtering at the UI . Show Strings at the UI . Added Strings count in output XML . Detect Section-less images and added in Indicators.XML . Correct Address Offset of reported Strings Version 5.00 . The Strings contained in the file analysed can now be exported to the output XML file . Added validation Check of AddressOfEntryPoint field . Custom Resources are shown in orange colour . Corrected handling of Certificate Directory . Corrected colouring of Indicators . When handling a resources only images, some validity checks are different . Enhanced detection of device driver images . renamed parameters for command prompt (see Prompt support description above) . Added detection of CAB, PDF, RIFF, GIF, PNG files . Added detection of "requireAdministrator" Execution Level from the Manifest . Added Command Prompt support (see Prompt support description above) . Added "The image exports XY Symbols" as new Indicator . Added more obsolete functions in the WindowsFunctionsDeprecated.xml file (delivered with this project) Version 1.0 to 4.0 . Now fully support 64bit Images on 32bit Platform . Show Resources Languages . Show Type of Debug information (NB09, NB10, NB11, RSDS ) . Show imported Functions of missing libraries . Show total number of Bytes available in Caves . Show Gaps in Exported Symbols collection . Show Section Name the Base of Data belongs to . Added OptionalHeader to XML report . Added detection of duplicated Sections names . Added detection of Code-less images . Added detection of Section containing the Entry point . Corrected filtering of Obsolete Imported Functions . Corrected Imported Symbols for 64bit images . Corrected Page-able Section Flag . Corrected detection of msstyles "Resources Only" Images . Corrected a crash that takes place when switching between Tree and list View in Resources Tab . Added Detection of Image Obfuscation (encryption, compression) as Evidence . Un-decorate function names . Support Manifest dependentAssembly. . support Side-by-Side libraries. . Support Forwarded Functions . Filtering Obsolete Functions . Enumeration of Implicit dependencies and other general information