RSS Feed

Please wait while my feed loads

See more posts...

Newsletter

Subscribe to either one of our two newsletters for regular updates and information

Downloads newsletter

This is a weekly newsletter with download news, updates and other information

This is a monthly newsletter with software store information, offers and deals

DensityScout build 45

Quickly find even unknown malware with this interesting command-line tool from CERT Austria

by Mike Williams

Our Rating:
Your Rating:
Login to rate
Based on 0 ratings
License: Freeware
Operating Systems: Linux, Windows 10, Windows 7 (32 bit), Windows 7 (64 bit), Windows 8, Windows Vista (32 bit), Windows Vista (64 bit), Windows XP
Requirements:
Languages: English
Software Cost: Free
Date Updated: 08 January 2017
Watchlist: Add download to my watchlist
Downloads To Date: 374
Developer: CERT Austria
RSS News Feed: http://www.cert.at/all.warnings.specials.rss_2.0.xml
Last few! Malwarebytes 3.0 Premium with a 1-PC LIFETIME license, only $49.99, from store.downloadcrew.com
DensityScout
Quickly find even unknown malware with this interesting command-line tool

DensityScout is an interesting command-line tool from CERT Austria which can highlight malware-related files on your PC.

The program uses an unusual mathematical technique to figure this out. Or, as the author puts it, DensityScout "calculates density (like entropy) for files of any file-system-path to finally output an accordingly descending ordered list".

But the underlying idea is this. Standard unpacked executable files will have an uneven spread of bytes; that is, some byte patterns will occur more often than others due to structures in the file. Malware is often packed, though, which not only conceals the real executable, but also means you'll have a more even distribution of byte usage throughout the file.

So what does this mean? The author recommends launching the program with a line like this.

densityscout -s cpl,exe,dll,ocx,sys,scr -p 0.1 -o results.txt c:\Windows\System32

(Be sure to read his SANS blog post on the program.)

Which essentially means scan all the executable files in the Windows System32 folder, saving the data to results.txt. Those results are then placed in order, with the lowest and most suspect values at the top. Which in our case started like this:

(0.02417) | c:\Windows\System32\FlashPlayerInstaller.exe
(0.16460) | c:\Windows\System32\DivX.dll
(0.22350) | c:\Windows\System32\iglhsip32.dll
(0.28759) | c:\Windows\System32\AuthFWGP.dll

And as you can see, the program has worked, at least to a degree: the two top values are "intruders", presumably packed (though also entirely legitimate, so of course you must check any highlighted files to see what they really are).

There's no magic solution here, then, and the program's command-line nature mean it's not exactly easy to use. But, if you're an expert who would like a little extra antivirus help then DensityScout could definitely come in handy occasionally.

Verdict:

A clever idea which could help you locate suspect files on your computer (though its command-line nature and general complexity mean it's strictly experts-only)

Your Comments & Opinion
 
Related Download Articles
 
Panda Free Antivirus

Panda Free Antivirus 18.1

Freeware

A fast, easy-to-use antivirus tool

SpyShelter Security Test Tool

SpyShelter Security Test Tool 1.2

Freeware

Are you safe from malware?

AVG Rescue CD (USB Flash Drive Edition)

AVG Rescue CD (USB Flash Drive Edition) v120.160420

Freeware

Free bootable USB-based environment to remove viruses and fix some PC startup problems

Re-Enable 2.0

Re-Enable 2.0

Freeware

Quickly repair your system after a virus attack

Other Download Articles From This Category
Dalenryder Password Generator

Dalenryder Password Generator 4.0

Freeware

A handy collection of password tools

HTTPS Everywhere

HTTPS Everywhere for Chrome 2017.4.19

Freeware

Increase the safety of connections to web sites by encrypting them

McAfee Avert Stinger

McAfee Avert Stinger 12.1.0.2347

Freeware

Seek out and destroy the most common malware with a click

McAfee Avert Stinger (64-bit)

McAfee Avert Stinger 12.1.0.2347 (64-bit)

Freeware

Seek out and destroy the most common malware with a click

From Softwarecrew

Please wait while my feed loads

See more posts...

Our Price: $19.95
RRP: $49.99
Saving 60%
Buy Now
Offer Ends In:
 

Spotlight: Free Full Software

Unreal Engine 4.15.1

Free Full Commercial Software

Unreal Engine is Epic Games' game engine, a powerful suite of tools for developing anything from basic 2D games to professional RPGs, first person shooters and whatever else you like.

Wide standards support - DirectX, OpenGL, JavaScript/ WebGL - means your projects can be targeted to almost any platform: consoles, iOS, Android, Windows, OS X, Linux, HTML5 browsers and more.

There's a vast amount to learn, of course, and that's even before you start building your game. But there's plenty of documentation, tutorials, demos and sample projects to point you in the right direction.

The package is now entirely free, too - no annoying limitations, nag screens or anything else. Epic now only requires that you pay a 5% royalty after the first $3,000 of revenue per product per quarter. And even then, you "pay no royalty for film projects, contracting and consulting projects such as architecture, simulation and visualization."

4.15.1 brings:
- Bug Fixes

[...]
Value:
Free
Rating: