Content plugin with gentlemen's feature set to determine the malware :)
Is able to identify Windows PE executable files, regardless of extension being used and show the following information on them:
- Is file packed or encrypted (heuristically determines)
- The validity of digital signature
- The name of PE section in which program entry point is located (useful for determining infection with file viruses)
- A list of PE sections and their entropy in percents
- The presence of a file version information(the information itself is not displayed, only the fact of its presence for the convenience of the Advanced Search)
- A summary of the use of some winapi-functions (does application use a network, files, registry, processes, etc). It analyzes the import table, so the dynamically loaded libraries are not considered. List of api functions can be edited in the file funcgroups.json
- Detection of the file by antivirus software. Plugin checks detection using file MD5 hash with online detection service http://www.virustotal.com (uses 50+ antiviruses). This function can be very slow with poor internet connection. Detects are cached on the user's computer, if you need to rescan the files, you need to delete the cache file "verdicts" in the plugin folder.
You can also use the plug-in columns for advanced search and file highlighting.