applications/forensics tools

missidentify - Find Win32 applications

Website: http://missidentify.sourceforge.net/
License: GPL
Vendor: cert.org
Description:
Miss Identify is a program to find Win32 applications. In its default
mode it displays the filename of any executable that does not have
an executable extension (i.e. exe, dll, com, sys, cpl, hxs, hxi, olb,
rll, or tlb). The program can also be run to display all executables
encountered, regardless of the extension. This is handy when looking
for all of the executables on a drive. Other options allow the user to
record the strings found in an executable and to work recursively. See
the manual page for more information.
Sample output

Searching for mislabeled executables

C:\> missidentify *
C:\missidentify-1.0\sample.jpg

Searching for all executables

C:\> missidentify -a *
C:\missidentify-1.0\sample.jpg
C:\missidentify-1.0\missidentify.exe

Searching for all executables in an unusual place

C:\> missidentify -ar c:\windows\system32
...
C:\WINDOWS\System32\ntdll.dll
C:\WINDOWS\System32\ntoskrnl.exe
C:\WINDOWS\System32\NEVER-GONNA-CATCH-ME.EXE
C:\WINDOWS\System32\ntver.dll

Packages

missidentify-1.0-1.fc10.i386 [28 KiB] Changelog by Jesse Kornblum (2008-02-19):
* Fixed illegal filename error handling to use Unicode
	  error display function.

	* Updated packaging and README file
	
	* Version bump to 1.0

Listing created by Repoview-0.6.5-1.el5