missidentify - Find Win32 applications

Distribution: Fedora 25
Repository: CERT Forensics Tools x86_64
Package name: missidentify
Package version: 1.0
Package release: 1.fc25
Package architecture: x86_64
Package type: rpm
Installed size: 115.67 KB
Download size: 47.57 KB
Official Mirror: forensics.cert.org
Miss Identify is a program to find Win32 applications. In its default mode it displays the filename of any executable that does not have an executable extension (i.e. exe, dll, com, sys, cpl, hxs, hxi, olb, rll, or tlb). The program can also be run to display all executables encountered, regardless of the extension. This is handy when looking for all of the executables on a drive. Other options allow the user to record the strings found in an executable and to work recursively. See the manual page for more information. Sample output Searching for mislabeled executables C:\> missidentify * C:\missidentify-1.0\sample.jpg Searching for all executables C:\> missidentify -a * C:\missidentify-1.0\sample.jpg C:\missidentify-1.0\missidentify.exe Searching for all executables in an unusual place C:\> missidentify -ar c:\windows\system32 ... C:\WINDOWS\System32\ntdll.dll C:\WINDOWS\System32\ntoskrnl.exe C:\WINDOWS\System32\NEVER-GONNA-CATCH-ME.EXE C:\WINDOWS\System32\ntver.dll



  • missidentify = 1.0-1.fc25
  • missidentify(x86-64) = 1.0-1.fc25


    Install Howto

    1. Download cert-forensics-tools-release-25 rpm:
    2. Install cert-forensics-tools-release-25 rpm:
      # rpm -Uvh cert-forensics-tools-release*rpm
    3. Install missidentify rpm package:
      # dnf --enablerepo=forensics install missidentify


    • /usr/bin/missidentify
    • /usr/share/doc/missidentify/AUTHORS
    • /usr/share/doc/missidentify/COPYING
    • /usr/share/doc/missidentify/ChangeLog
    • /usr/share/doc/missidentify/INSTALL
    • /usr/share/doc/missidentify/NEWS
    • /usr/share/doc/missidentify/README
    • /usr/share/man/man1/missidentify.1.gz


    2008-02-19 - Jesse Kornblum <research@jessekornblum.com> * Fixed illegal filename error handling to use Unicode error display function. * Updated packaging and README file * Version bump to 1.0

    2008-02-15 - Jesse Kornblum <research@jessekornblum.com> * Completed conversion to allow Unicode filenames. Copied a few more functions from the md5deep project. * Checked code into Subversion repository * Version bump to 0.9 in preparation for release * Cast VERBOSE_DISPLAY_NUM to uint64_t in usage message to avoid crash on OS X. * Added $Id: missidentify.spec,v 1.1 2011/03/04 17:43:17 repoman Exp $ tags to source code

    2008-02-04 - Jesse Kornblum <research@jessekornblum.com> * Started conversion to allow Unicode filenames, not finished yet * Moved previous ChangeLog file to NEWS * Fixed potentially fatal error in main.c that called, ironically enough, fatal_error(). * Added counting of number of files processed for displaying current filename being processed

    2007-09-14 - Jesse Kornblum <research@jessekornblum.com> * Added -s and -S modes to capture strings

    2007-08-12 - Jesse Kornblum <research@jessekornblum.com> * Increased buffer size to 8KB to prevent underreads * Added allowed executable extensions: cpl, hxs, hxi, olb, rll, and tlb.

    2007-07-24 - Jesse Kornblum <research@jessekornblum.com> * Fixed basic MZ check to work on little endian systems * Removed fcntl.h from configuration * Fixed typo in man page

    2007-07-23 - Jesse Kornblum <research@jessekornblum.com> * Proof of concept