DeXRAY is a private tool that turned public a few years ago. It can help a digital forensic examiner to decrypt some AV Quarantine files. Here is the full list of supported or recognized file formats:
- ASquared (EQF)
- ESET (NQF)
- Fortinet (Magic@0=0B AD) – not handled yet; only recognized
- Kaspersky (KLQ) – based on the code by Optiv
- MalwareBytes Data files (DATA)
- MalwareBytes Quarantine files (QUAR)
- McAfee Quarantine files (BUP) – not perfect, but it should still help
- SUPERAntiSpyware (SDB)
- Symantec Quarantine Data files (QBD)
- Symantec Quarantine files (VBN) – not perfect, but it should still help
- Symantec Quarantine Index files (QBI)
- TrendMicro (Magic@0=A9 AC BD A7 which is ‘VSBX’ string ^ 0xFF) – based on the code by Optiv
- Any binary file (using X-RAY scanning)
For more info check the Hexacorn blog.
[su_button url=”http://hexacorn.com/download.php?f=DeXRAY.pl” target=”blank” style=”flat” background=”#222348″ size=”7″ radius=”0″]Download DeXRAY[/su_button]
