Releases: CERT-Polska/malduck
Releases · CERT-Polska/malduck
v4.4.1
Bugfixes:
- Fix dnpe and procmemelf typing and dependencies (by @msm-cert in #120)
- extractor: iterate over carved binaries instead of collecting all at once to avoid excessive memory usage (by @psrok1 in #121)
Full Changelog: v4.4.0...v4.4.1
Contributors
psrok1 and msm-cert
Assets 2
v4.4.0
New features and improvements:
Bugfixes:
- Fixed issues in malduck.extractor with extracting configuration from binaries that are not at the beginning of the memory dump (by @psrok1 in #100)
- Include image=True binaries in load_binaries_from_memory (by @psrok1 in #108)
Full Changelog: v4.3.2...v4.4.0
Contributors
msm-code and psrok1
Assets 2
v4.3.2
v4.3.1
Bugfixes:
- malduck doesn't work with yara-python 4.3.0. This version is strictly pinned to 4.2.3 (#86, thanks @yankovs for PR!)
Other changes:
- Minimum required Python version is 3.8 instead of 3.6. Currently malduck doesn't contain code that is incompatible with Py<3.8 but due to incoming EOL of Python 3.7 it may change in future.
Contributors
yankovs
Assets 2
v4.3.0
New features and improvements:
- ProcessMemory model for .NET (procmemdnpe) (#74, thanks @W3ndige!)
- ECB mode for DES3 (#76)
- Bumped
pefile >= 2022.5.30and removedFastPEpatch forpefile.PE(#80) - Added missing fixed argument for multiplied ints (#77)
- Additional warnings when extractor module is incorrect e.g. empty due to missing
__init__.py(#75)
Contributors
W3ndige
Assets 2
v4.2.0
v4.1.0
New features and improvements:
- crypto: Added
chacha20andsalsa20ciphers (#46) - crypto: Added
camelliacipher (#48, thanks @malwarefrank for contribution!) - pe:
malduck.pe.PE.resourcesreturns None instead of passing exception from pefile if PE file doesn't have correct resource section (#49) - Added PEP 561 typing stub (#50)