========================================================= === === === RogueKillerPE Changelog === === === ========================================================= ------------------- - Adlice Software - ------------------- V4.3.1 01/31/2023 ================= - Updated to core 6.7.0 * Updated libraries (libyara) * Updater translations * Fixed issues on Windows XP * Minor fixes - Now outdated notice has an hyperlink - Moved some links opening to more secured method - Dynamic translations V4.3.0 01/20/2023 ================= - Updated to core 6.6.1 * Fixed multiple issues with cloud scanning * Fixed an issue with Curl network check * Fix for obtaining default browser path * Moved some links opening to more secured method * Moved URL protocol to installer * Minor fixes - Removed embedded VT API key - Added setting to put user VT API key V4.2.0 09/26/2022 ================= - Updated to core 6.5.3 * NEW! Protocol URLs: Ability to register license from an URL * Fixed a critical issue in signatures engine (some signatures were not working) * Windows 11 official support * Logs reduction * Minor fixes - Added refresh button on Account Tab V4.1.1 04/08/2022 ================= - Minors fixes V4.1.0 04/08/2022 ================= - New dashboard page - New marketing page design - New settings page design - Added drop zone on dashboard - Now can load file with direct argument (works by dropping file on shortcut) - Selective signatures loading - Added setting to prevent signatures load - Minor fixes V4.0.1 04/05/2022 ================= - Updated to core 6.3.4 * Fixed potential memory leak in zip module * Fixed issue in cloudscanner where empty batches were sent for analysis * MalPE mitigation: Unknown cloud files are no longer considered malicious * Curl timeout increase * Redesigned all command line arguments * Cloudscanner (new module, BETA) * Fixed possible crashes (log formatting) * Fixed potential crash * Fixed infinite reload loop in scheduler causing UI to hang / having performance issue * Fix for scheduler (fixed time not starting after sleep) * Fixed an issue in common report view * Fixed an issue in path parser (task scheduler) * New scheduler * New reporting * Asynchronous logging * Fixed possible deadlock * Fixed possible infinite loop in config migration * certificate update * Fixed possible crashes when stopping * Minor fixes - Fixed font issue on Hexviews - Fixed "jump to section" selection not applied - Faster loading (fixed an issue where all resources were sent to VT) - Easier loading, now starts on drap / drop - Drag / drop now available on all tabs - Fixed sample path missing in title - Fixed theme changed issues - Fixed hashes not shown on big files V4.0.0 06/21/2021 ================= - Updated to core 6.0.5 * Fixed potential crash getting username from session ID * Fixed crash issue when old config is present (Config migration) * Fixed an issue where dates are not saved properly in config file * Fixed potential crash in getting computer name * Refactored using safer memory management (smart pointers) * Refactored with asynchronous initialization (faster to start) * Fixed possible hang on Zip * Fixed bad licensing error message in some cases * Fix for XP compat (CancelSynchronousIo) * Fix for disk enumeration hang * Fix for network file resolution hang * Fixed licensing issue with XP * Fixed issue in VTScanner on exit (submit on exit) * Fixed possible memory leak in scan items * Fixed possible memory leak in zlib module * Fixed possible memory leak in zip module * Fixed possible memory leak in COM module * Fixed possible memory leak in Event module * Fixed possible memory leak in SigCheck module * Fixed possible stack overflox in Time module * Fixed possible hang in Drives enumeration (async file opening) * Fixed possible issue (small buffer) in filter com * Fixed VTScanner cache, not working in some conditions * Fixed FileMemoryScanner, archive not scanning in some conditions * Fixed DigisigScanner, suspicious CAs * Fixed multiple crashes in PE module * Fixed possible crashes (SO) in registry, path modules * Fixed possible crashes (except) in string, buffer, curl modules * Fixed potential issue with broken Shell extension (explorer context menu) * Updater 4.0 * RK DLL 4.0 * Minor fixes - Fixed an issue where some settings in combobox where changing on page scroll (lang, theme) - Minor UI fixes V3.5.1 10/29/2020 ================= - Updated to core 5.1.4 * Minor fixes V3.5.0 09/17/2020 ================= - Updated to core 5.1.3 * Fixed several memory leaks * Fixed potential crash in digisig module for x86 * Fix for digisig module (check file from cert store) * Fixes for MalPE pre-filtering * Fixed crash in PE parser * Fixed crash in config Migration * Minor fixes - New Compararison form - Similar buffers search (BETA) - Added Chinese translation V3.4.2 07/27/2020 ================= - Updated to core 5.0.3 * Added more logs for Curl * Proxy validation * MalPE AI 0.6 * Fixed crash in regex engine - Updater 3.5 * Bigger and better * Added cancel button * Fixed a possible crash at exit V3.4.1 05/19/2020 ================= - Updated to core 4.3.3 * Fix for crash upload (limitation by dump is present) * Fixed pipe disconnect (retry logic) * Fixed pipe security * Fixed IPC cache * Added config auto-backup/restore * Fixed self-update task * Fixed crash reports upload V3.4.0 04/27/2020 ================= - Updated to core 4.3.0 * Fix for XP (libzip, openssl rebuilt) * Size optimizations * Removed warnings * New advert payload * Added some logging * Minor fixes - Fixed signatures loading (local only) - Added abort button - Added report button - Added reporting (JSON/TXT reports) - Added reports limitation (limited to last 10 reports) V3.3.0 03/25/2020 ================= - Updated to core 4.2.0 * Libraries update (libzip / sqlite) * New version manager (network failure proof) * Flush DNS cache on network domain resolve error * Fix for XP (libcurl rebuilt) * Fixed a possible crash in PE parser (VersionInfo) * Update to roguekillerpeshell 2.2.0 * Update to roguekillerdll 3.2.0 * Update to roguekillerupdater 3.4.0 * Fixes for early logging * Minor fixes - My Account links V3.2.0 03/04/2020 ================= - Updated to core 4.1.3 * Fixed url for signatures download * Updated libraries (openssl / libssh2 / libcurl /libyara) * Fixed an issue in Path parser * Fixed scheduled version check * Fixed a possible crash in Buffer module (implicitcasts) * Reduced API calls frequency * Fixed possible crash at exit * Updates libraries (jansson / cryptopp) * Fix for getting username from SYSTEM account * Fixes for scheduler engine * Fix for telemetry * Fixed bad reference decrement in Yara scanner * Fixed initialization order in worker threads * Fixed ACLs removal in Debug module * Minor fixes - Fixed a crash in disassembly module - Improved general tab header UI - Added "Load file" button in general tab header V3.1.1 12/23/2019 ================= - Updated to core 4.0.4 * Fixed bad reference decrement in Yara scanner * Fixed initialization order in worker threads * Fixed ACLs removal in Debug module * Fixed potential crash in Exclusions and History Events modules * Minor fixes V3.1.0 12/19/2019 ================= - Updated to core 4.0.2 * Fixed possible crashes in logging * Fixed an issue with processes CLI exposing pipe names (some VPN softs) * MalPE model 0.5 (fast) * New telemetry data * minor fixes V3.0.8 11/25/2019 ================= - Updated to core 3.2.18 * Minor fixes * Icons refactoring V3.0.7 10/24/2019 ================= - Updated to core 3.2.15 * Fixed common folders/files ACLs * RogueKillerDLL 2.4 * Using Restart Manager whenever possible * Added registry setting to force debug logging * Added Critical flag manipulation before processes termination * Fixed a possible deadlock and crash in scheduler/advert * Fixed an issue where Marketing request wasn't properly processed (notifications loop) * Fixed an issue where advert tasks were re-added (and cleared) on network issues * Fixed a handle leak when scanning big files * Minor fixes - Fixed an issue with licensing button notifications V3.0.6 09/23/2019 ================= - Updated to core 3.2.8 * MalPE model 0.4 * Minor fixes - Improved binaries replacement in installer V3.0.5 09/19/2019 ================= - Updated to core 3.2.7 * Minor fixes * Improved MalPE filter - Fix for notifications (bug: under taskbar) - Fix for compiler information - Fix for packer information - Minor fixes V3.0.4 08/29/2019 ========================= - Fixed assembly views font (equal width characters) - Updated to core 3.2.5 V3.0.3 08/28/2019 ========================= - Fixed Opcodes alignment - Fixed delay imports parsing - Fixed hang issue when long strings are shown in the UI (Scan strings) - Fixed broken strings dump feature - Fixed wrong EOP on Hex view and Debug view V3.0.2 08/27/2019 ========================= - Fixed legacy shell extension removal (unregister was requested at each startup) V3.0.1 08/27/2019 ========================= - Fixed max threads count for pool (issue with frozen analysis on low CPU machines) - Added legacy shell extension removal - Fixed translations V3.0.0 08/27/2019 ========================= - Updated to core 3.2.4 - New MalPE engine (0.3) - Revamped UI - Fixed a lot of bugs V2.0.3 10/12/2017 ========================= - Fixed issue with TLS callbacks parsing - Added Company name field in dashboard - Added Product name field in dashboard - Added Product version field in dashboard V2.0.2 10/06/2017 ========================= - Fixed issues in PDB path parsing - Fixed VT tab not refreshing properly V2.0.1 10/03/2017 ========================= - Small fixes V2.0.0 10/02/2017 ========================= - Updated EULA - NEW! Dump RT_ICON as true image - NEW! DLL characteristics as checkboxes - NEW! Sections flags as checkboxes - NEW! Dos Stub, Rich string - Refactored dashboard - NEW! Binary image - Added VBA symbols table - Added many new indicators - Removed NAG screen for FREE users - Fixed multiple bugs V1.33.1 09/06/2017 ========================= - Fixed a bug in CLI handler V1.33.0 09/01/2017 ========================= - Fixed crash when searching best icon on samples playing with RT_GROUP_ICON - NEW! VirusTotal tab with full information - Fixed checkboxed that were almost invisible due to disabled state V1.32.0 03/31/2017 ========================= - Fixed jump to overlay - Fixed naked theme - Now hex copy with CTRL+C copies without spaces V1.31.0 03/30/2017 ========================= - Fixed a bug in overlay display - Fixed multiple bugs in PE parser V1.30.0 03/30/2017 ========================= - Fixed a bug in VersionInfo - Fixed packer detection - Added section name for directories - NEW! Proprietary MalPE score - Added debug timestamp + indicator (comparison with compilation timestamp) V1.29.0 03/16/2017 ========================= - Minor bug fixes V1.28.0 03/15/2017 ========================= - Common code (refacto) - Common translations (refacto) - NEW! Duplicated imports (display + indicator) - NEW! No VersionInfo indicator - NEW! Expired digisig indicator - NEW! ASLR off indicator - NEW! Blacklisted extensions indicator (typical ransomware file search) - Added tooltip on strings to avoid expanding a lot for large strings - Fixed a parsing issue in VersionInfo - NEW! Section ratio (display + progress bar) V1.27.0 01/05/2016 ========================= - Added Hex data to digisig - Added offset to EP in hex view V1.26.0 01/05/2016 ========================= - NEW! SSDEEP display (file, sections, resources) - NEW! SSDEEP in comparator (file, sections, resources) - NEW! Similarity score in comparator (based on SSDEEP) - Added ability to disable telemetry (Premium) - Settings form refactoring - Fixed minor bugs V1.25.0 12/12/2016 ========================= - NEW! TLS directory parsing - NEW! TLS entries indicator - Fixed minor bugs V1.24.0 11/01/2016 ========================= - Fixed shell extension V1.23.0 10/31/2016 ========================= - Fixed crash in PE resources parsing (circular references) - Telemetry now sent to Adlice Software server V1.22.0 10/11/2016 ========================= - Fixed crash in PE resources parsing - NEW! PE Debug tab, reflecting the content of the debug directory V1.21.0 09/07/2016 ========================= - Fixed missing close button in comparator - Now dumps strings to file if count > 50 000 - Fixed a bug where resources were not detected when 1 was corrupted - Now shows corrupted resources V1.20.0 08/22/2016 ========================= - Fixed a crash in Comparator - Now overlay shows as last section index # - Now using Yara 3.5 engine V1.19.0 08/02/2016 ========================= - Added Anti-VM, Anti-Sandbox, Anti-Debugging strings detection (indicators) - Comparator: Now resources are compared by hash (instead of path) - Comparator: Added Version Info (strings only for now) - Comparator: Exports/Imports are now compared by name - Comparator: Fixed overlay not existing - Fixed a bug where LegalTrademarks / SpecialBuild were not reset for new analysis V1.18.0 07/01/2016 ========================= - Fixed a possible crash while parsing version info - Added VersionInfo fields: LegalTrademarks, SpecialBuild V1.17.0 06/28/2016 ========================= - Fixed hex view moving cursor at then end on key hit - Fixed bug when sections are overlapping - Fixed crash on jumping to section - Fixed VersionInfo parsing - Fixed a bug in imports parsing - Fixed ui bug when jumping to resource V1.16.0 06/10/2016 ========================= - Fixed a bug in entrypoint indicator - Comparator: Added sections MD5 - Comparator: Added overlay - Comparator: resources are now compared by path, not index - Added "Jump to XXX" context menu entries in all hex views (Jump to section, resource, global) V1.15.1 05/02/2016 ========================= - Fixed a bug in imports parsing - Fixed Sample Comparer typo => Comparator - Moved Sample Comparator in Premium features - Fixed Sample Comparator checkbox to hide equal entries - Now sections are compared by name, not index (Comparator) - Added resources comparison (Comparator) - Fixed overlay columns order (entropy/ flags) V1.15.0 05/01/2016 ========================= - NEW! Sample Comparer in version 1.0 - Moved section entropy before flags - Fixed section Physical address value - Fixed RT_VERSION case - Added resource type (friendly + hex) - Updated to use new themes - Fixed a bug in imphash V1.14.0 04/22/2016 ========================= - Yara Editor in version 1.3.0 - Yara Editor: Added edition for most fields (tags, metas, strings, ...) - Yara Editor: Drag/Drop support - Yara Editor: Added edition of test strings (double click) - Fixed RT_VERSION case sensitiveness V1.13.0 03/29/2016 ========================= - New project name: Adlice PEViewer (to avoid confusion with RogueKiller) - Added indicator when file has more than 8 sections - Added entropy on sections - Fixed a bug in sections Parser - Added "Private Build" in RT_VERSION parsing V1.12.0 03/29/2016 ========================= - Fixed a bug where settings were not applied at startup - Fixed a bug where PeSections index column was sorted based on string, not on number - Fixed a crash in PEResource RT_MENU parsing - NEW! Now application keeps window state at close when it is restarted - Yara Editor in version 1.2.0 - Yara Editor: Added Strings (ANSI/Unicode) test set V1.11.0 03/25/2016 ========================= - Added Themes (Premium) - clear theme - dark theme - naked theme - Yara Editor in version 1.1.0 V1.10.5 03/10/2016 ========================= - Yara Editor in version 1.0.0 - Yara Editor: Fixed rules loading - Yara Editor: Added version number - Yara Editor: Added error messages - Yara Editor: Now processes list is threaded V1.10.5 03/10/2016 ========================= - Added Yara Editor (Tools menu) - Now PE Resource icons are shown in real size (limited to 128px) - Fixed a bug where unicode strings were not selected properly - Added PE Resource icons size as information - Added backward offset in HexView V1.10.4 02/10/2016 ========================= - Now corrupted PE sections are labeled as such - Added indicator for corrupted PE sections - Added exports hash (exphash) - Digisig serial is now lowercase - Fixed PE sections index (1-based instead of 0-based) V1.10.3 02/01/2016 ========================= - Fixed cursor in HexView - Added ASCII cursor in HewView - Fixed a problem where VirusTotal was not thread-safe ("An error occured: 200") - Added digital signature (WinTrust method) error code on general tab - Added digisig serial in hex - Added index column for PeSections - Improved non-ASCII characters display in HexView - Fixed Updater V1.10.2 01/25/2016 ========================= - Now program icon takes the best icon from first RT_GROUP_ICON - Update checker works now without restarting app - Fixed lowercase cursor in Hexview - Fixed Ascii/Hex hidden cursor in Hexview - Fixed resources metas not refreshed on new resource clicked - Now strings default length search isn't reset when loading new file - New about form reflects licensing state V1.10.1 01/22/2016 ========================= - Fixed installer (COM error message) - Added auto scroll when selecting block in HexView - Fixed selection in HexView - Fixed a crash in PE parsing (resources) - Fixed bug in VT score indicator (VT score is low) - Added PE parsing errors as new indicator - Fixed Filenames regular expression - Fixed displayable characters range in Hexview V1.10.0 01/21/2016 ========================= - Now icon is taken from resources - Strings are displayed by address (default) - Automatic updates (Premium only) - HexView have more accurate selection V1.9.2 01/20/2016 ========================= - Fixed a bug in Certificates parsing - Now showing overlay even if it's a Security Directory - Now tagging overlay if it's a Security Directory V1.9.1 01/19/2016 ========================= - Fixed a bug in RT_VERSION parser - Fixed a bug where you could switch memory view while on a single file - Fixed VersionInfo tab not clearing info when a new file is loaded V1.9.0 01/15/2016 ========================= - Added link to show PDB path in HexView - Now HexView displays correct offset for memory items - Added Settings (Premium only) - Added HexView fixed width setting (Premium) - Added HexView decimal/hex address setting (Premium) - Fixed a bug where jumping to hex was putting cursor at the end of the selection - Added offset (instead of just address) in status bar of HexView V1.8.0 01/15/2016 ========================= - Added Version Info tab - Added Digital Signature info - Fixed overlapping in HexView - Added go to offset in HexView (search) - Fixed resources folder name display - Fixed a bug while toggling ascii/hex in HexView V1.7.0 01/11/2016 ========================= - Added context menus to sections - Added context menus to resources - Added resource name - Added resource language - Added horizontal address bar in HexView - Added status bar in HexView - Added selection address/size in status bar in HexView - Limited VT scans of resources to 7 max (as a security, to not reach API limits) - Now HexView show addresses relative to base (not starting at 0 necessarily) - Fixed a bug where address toggle was overlapping in HexView V1.6.0 01/08/2016 ========================= - Added overlay (in sections tab) - Added scan sections on VirusTotal - Added resources SHA256 - HexView is now resizable - HexView can now hide Hex part or Ascii part - HexView has new context menus - HexView now displays hexadecimal in uppercase - Fixed a bug where HewView could not select in ascii side - Added links to entrypoint hex/disass in PE header tab - Added size in bytes V1.5.1 01/06/2016 ========================= - Fixed various bugs V1.5.0 01/06/2016 ========================= - Added VirusTotal scan of resources (+rescan). Not all types are scanned by default - Added installable version V1.4.0 12/30/2015 ========================= - Added context menu handler in explorer - Fixed issue in PE header information V1.3.0 12/16/2015 ========================= - Added Re-scan on VirusTotal - Better VirusTotal information - Added EULA - Now preventing from scanning own process memory - Added indicators tab - Added malicious score - Added VirusTotal indicator - Added Packer indicator - Added Digital Signature indicator - Added Registry/Filesystem modifications indicator - Added Low level APIs indicator - Added entrypoint indicator - Added low imports count indicator - Added is driver indicator - Added RunPE indicator - Added Hooks indicator - Added Checksum indicator - Added PE in resources indicator V1.2.0 12/12/2015 ========================= - Fixed link to download page - Added String copy to clipboard - Added Hex copy to clipboard (Hex/Ascii) V1.1.0 12/04/2015 ========================= - Fixed crashes. - Added ability to submit unknown files to VirusTotal - Added about window - UI is now locked during work to avoid analysis collisions. - Now handles LNK / Reparse files, opening target and displaying information. - Removed not-ready-yet Yara Editor menu. V1.0.0 12/03/2015 ========================= - Ability to dump all injected pages (context menu process) - Added search on all HEX editors (Hex, Resources, ...) => CTRL+F to show, ESC to hide. - Added strings scan (Hex tab becomes Hex/Strings) - Ability to dump all strings by category (Filenames, registry, GUID, ...) - PDB path detection V1.0.0 beta 1 11/25/2015 ========================= - imports/exports hooks detection V1.0.0 alpha 9 11/19/2015 ========================= - Dump process memory (context menu) - modules names are now shown in disassembly (process memory only) - Fixed a bug in process tree on XP - Now PID is shown in process tree - Now item name is shown in window title V1.0.0 alpha 8 11/18/2015 ========================= - RunPE detection (shows mismatches in MZ/PE headers between disk/memory image) - Process injection detection (shows injected pages in memory tab) - added context menus V1.0.0 alpha 7 11/17/2015 ========================= - added multiple context menus - added disassembly for imports/exports - fixed bugs - added ADS (Alternate Data Streams) - now disassembly can read whole process memory V1.0.0 alpha 6 11/13/2015 ========================= - Improved UI responsiveness - Added more resource types V1.0.0 alpha 5 11/12/2015 ========================= - Added SHA1 - Added SHA256 - Added CRC32 - Now PE Checksum is verified and compared to calculated one - Added VirusTotal score and permalink - Added button to refresh current item - Fixed bugs in disassembly V1.0.0 alpha 4 11/11/2015 ========================= - Added disassembly tab - Fixed imports by ordinal display - Added Imphash - Better Packer/Compiler signatures - Added Hex editor for sections tab - Now can open file with command line parameter V1.0.0 alpha 3 11/10/2015 ========================= - Now linked to RogueKiller SDK - Added resource MD5 - Added resource Size - Moved resource text helper in the lower part - Added version checker - Added Packer/Compiler detection - Better icons for treeviews V1.0.0 alpha 2 11/06/2015 ========================= - Added drag-drop support to load a file - Now processes listing button needs an elevation V1.0.0 alpha 1 11/06/2015 ========================= - Initial release