Authenticode signatures are partially checked on Linux from now on! However, the certificate trust chain is not verified yet.
The list of known packer section names has been expanded.
The RICH header is now parsed, and its integrity is verified. The Olympic Destroyer wiper is a good example of how inconsistencies are reported. I have also written a
blog post on the subject if you want to know more!
I have written a new plugin to look at the PE's overlay data (example: this sample from the FelixRoot campaign).
I've started listing Manalyze users on the project's GitHub page. Let me know if you would like to be added to the list!
Tuesday July 18, 2017
There is now a "discussion" tab you can use to exchange information on samples.