missidentify-1.0-1.fc25.i686.rpm


Advertisement

Description

missidentify - Find Win32 applications

Property Value
Distribution Fedora 25
Repository CERT Forensics Tools i386
Package name missidentify
Package version 1.0
Package release 1.fc25
Package architecture i686
Package type rpm
Installed size 103.69 KB
Download size 47.15 KB
Official Mirror forensics.cert.org
Miss Identify is a program to find Win32 applications. In its default
mode it displays the filename of any executable that does not have
an executable extension (i.e. exe, dll, com, sys, cpl, hxs, hxi, olb,
rll, or tlb). The program can also be run to display all executables
encountered, regardless of the extension. This is handy when looking
for all of the executables on a drive. Other options allow the user to
record the strings found in an executable and to work recursively. See
the manual page for more information.
Sample output
Searching for mislabeled executables
C:\> missidentify *
C:\missidentify-1.0\sample.jpg
Searching for all executables
C:\> missidentify -a *
C:\missidentify-1.0\sample.jpg
C:\missidentify-1.0\missidentify.exe
Searching for all executables in an unusual place
C:\> missidentify -ar c:\windows\system32
...
C:\WINDOWS\System32\ntdll.dll
C:\WINDOWS\System32\ntoskrnl.exe
C:\WINDOWS\System32\NEVER-GONNA-CATCH-ME.EXE
C:\WINDOWS\System32\ntver.dll

Alternatives

Package Version Architecture Repository
missidentify-1.0-1.fc25.x86_64.rpm 1.0 x86_64 CERT Forensics Tools
missidentify - - -

Requires

Name Value
libc.so.6(GLIBC_2.4) -
rtld(GNU_HASH) -

Provides

Name Value
missidentify = 1.0-1.fc25
missidentify(x86-32) = 1.0-1.fc25

Download

Type URL
Binary Package missidentify-1.0-1.fc25.i686.rpm
Source Package missidentify-1.0-1.fc25.src.rpm

Install Howto

  1. Download cert-forensics-tools-release-25 rpm:
    https://forensics.cert.org/cert-forensics-tools-release-25.rpm
  2. Install cert-forensics-tools-release-25 rpm:
    # rpm -Uvh cert-forensics-tools-release*rpm
  3. Install missidentify rpm package:
    # dnf --enablerepo=forensics install missidentify

Files

Path
/usr/bin/missidentify
/usr/share/doc/missidentify/AUTHORS
/usr/share/doc/missidentify/COPYING
/usr/share/doc/missidentify/ChangeLog
/usr/share/doc/missidentify/INSTALL
/usr/share/doc/missidentify/NEWS
/usr/share/doc/missidentify/README
/usr/share/man/man1/missidentify.1.gz

Changelog

2008-02-19 - Jesse Kornblum <research@jessekornblum.com>
* Fixed illegal filename error handling to use Unicode
error display function.
* Updated packaging and README file
* Version bump to 1.0
2008-02-15 - Jesse Kornblum <research@jessekornblum.com>
* Completed conversion to allow Unicode filenames.
Copied a few more functions from the md5deep project.
* Checked code into Subversion repository
* Version bump to 0.9 in preparation for release
* Cast VERBOSE_DISPLAY_NUM to uint64_t in usage message to avoid
crash on OS X.
* Added $Id: missidentify.spec,v 1.1 2011/03/04 17:43:17 repoman Exp $ tags to source code
2008-02-04 - Jesse Kornblum <research@jessekornblum.com>
* Started conversion to allow Unicode filenames, not
finished yet
* Moved previous ChangeLog file to NEWS
* Fixed potentially fatal error in main.c that called,
ironically enough, fatal_error().
* Added counting of number of files processed for displaying
current filename being processed
2007-09-14 - Jesse Kornblum <research@jessekornblum.com>
* Added -s and -S modes to capture strings
2007-08-12 - Jesse Kornblum <research@jessekornblum.com>
* Increased buffer size to 8KB to prevent underreads
* Added allowed executable extensions:
cpl, hxs, hxi, olb, rll, and tlb.
2007-07-24 - Jesse Kornblum <research@jessekornblum.com>
* Fixed basic MZ check to work on little endian systems
* Removed fcntl.h from configuration
* Fixed typo in man page
2007-07-23 - Jesse Kornblum <research@jessekornblum.com>
* Proof of concept

See Also

Package Description
mount_ewf-20090113-2.fc25.noarch.rpm mount files in Expert Witness Format using loopback file system
nDPI-1.8-1.fc25.i686.rpm Open source deep packet inspection
nDPI-1.8-2.fc25.i686.rpm Open source deep packet inspection
nDPI-1.8-3.fc25.i686.rpm Open source deep packet inspection
nDPI-2.1-1.fc25.i686.rpm Open source deep packet inspection
nDPI-2.3.0-1.fc25.i686.rpm Open source deep packet inspection
nDPI-devel-1.8-1.fc25.i686.rpm Header files and libraries for developing applications for nDPI
nDPI-devel-1.8-2.fc25.i686.rpm Header files and libraries for developing applications for nDPI
nDPI-devel-1.8-3.fc25.i686.rpm Header files and libraries for developing applications for nDPI
nDPI-devel-2.1-1.fc25.i686.rpm Header files and libraries for developing applications for nDPI
nDPI-devel-2.3.0-1.fc25.i686.rpm Header files and libraries for developing applications for nDPI
netsa-python-1.5-1.fc25.i686.rpm Python routines and frameworks helpful when developing analyses using the SiLK toolkit
netsa-rayon-1.4.3-2.fc25.i686.rpm Python library and set of tools for generating basic two-dimensional statistical visualizations
netsa-rayon-pipevis-0.0-3.i686.rpm Pipeline alert visualization web application
netsa_silk-1.0-1.fc25.i686.rpm netsa_silk netsa-python PySiLK integration
Advertisement
Advertisement