A forum for reverse engineering, OS internals and malware analysis 

Forum for announcements and questions about tools and software.
 #21338  by HRNAYY
 Wed Nov 06, 2013 3:26 am
Hi All,

There are couple of vintage tools for malware samples sorting and database, which i am sure VXers like us are still using.

VS2000 GUI and FWeeder along with their manuals.

Can anybody share it with me? I have 1Tb of virus files which needs to be sorted and weeded from duplicate files.

Thank you in advance.
 #21341  by Buster_BSA
 Wed Nov 06, 2013 10:15 am
HRNAYY wrote:There are couple of vintage tools for malware samples sorting and database, which i am sure VXers like us are still using.

VS2000 GUI and FWeeder along with their manuals.

Can anybody share it with me? I have 1Tb of virus files which needs to be sorted and weeded from duplicate files.

Thank you in advance.
Bumblebee was so nice to release FWeeder source code years ago. The source was publicly available but at the moment I do not remember where, so I will try to find the package containing the source and I will share it.

I can share also last version of VS2000 GUI and also last versions of console utils: StripLog, RenFiles, ...
 #21344  by Buster_BSA
 Wed Nov 06, 2013 11:04 am
The package containing VS2000 GUI, console utilities and Fweeder is available here:

http://www.putlocker.com/file/77DC989CE30073BB


The package has next structure:

\CONSOLE -> Includes Fake Scanner, RenFiles, StripLog, VirWeed, VS2000 and a manual in .CHM explaining how to use them
\FWEEDER -> Includes FWEEDER source code and binary
\GUI -> Includes VS2000 GUI
\System32 -> Includes 2 .DLL files that must be placed in Windows´s "System32" folder

Notes:

The package contains the last version of each utility.

The manual for console utilities may be outdated: some of the features mentioned in the manual may not exist or available features may not be mentioned.

VS2000 GUI is more outdated than console utilities.

I may explain the use of some feature but I will not make any update to the utilities.
 #21347  by HRNAYY
 Wed Nov 06, 2013 12:32 pm
Thank you very much for the software.

I was trying to search these software since last 12 hours, but didn't found it. So thanks a ton! :)

I am more interested in sorting and weeding out the duplicate files.

Sorting should be like:

D:\VIRUS\86\AA\E1\<filename>

I want to rename files in SHA256 and wanted to sort samples in that fashion. But I think VS GUI don't support it. It only supports CRC32 and MD5, which seems out of fashion as collision in these hashes are possible. CRC32 collision are more common nowadays whereas MD5 is bit rare but still chances are there. So any way, to sort these files in SHA256 way?

And how can I create database log so that next incoming updates can be weeded out with possible duplicate files.

Your help would be highly appreciated.
 #21352  by Buster_BSA
 Wed Nov 06, 2013 5:27 pm
HRNAYY wrote:Thank you very much for the software.

I was trying to search these software since last 12 hours, but didn't found it. So thanks a ton! :)
You are welcome.
HRNAYY wrote:I am more interested in sorting and weeding out the duplicate files.

Sorting should be like:

D:\VIRUS\86\AA\E1\<filename>

I want to rename files in SHA256 and wanted to sort samples in that fashion. But I think VS GUI don't support it. It only supports CRC32 and MD5, which seems out of fashion as collision in these hashes are possible. CRC32 collision are more common nowadays whereas MD5 is bit rare but still chances are there. So any way, to sort these files in SHA256 way?
First: "D:\VIRUS\86\AA\E1\<filename>" is not any known sorting style. The "Bulk style" basis is:

Base directory has 16 subdirectories, from 0 to 9 and from A to F. Inside each of these subdirectories are created subdirectories with the first 2 letters of the hash. Example:

"C:\VIRUS\0\04\04ABC903.EXE"

Second: VS2000 GUI was coded years ago, when vxers used CRC32 to rename files and there were few collisions. Only a few were using MD5 then. So yes, VS2000 GUI is out of fashion nowadays.

If you want a folder structure based in SHA-256 you should code your own tool. I do not know of any tool doing that.
HRNAYY wrote:And how can I create database log so that next incoming updates can be weeded out with possible duplicate files.

Your help would be highly appreciated.
Did you read FWEEDER´s manual?