PE-Bear crashes with this file

Question

PE-Bear crashes with this file

tonykarg opened this issue 3 years ago · comments

Hello!

I tried to view this file:
https://www.virustotal.com/gui/file/db9de8ff7ed80cf7563502c25d6aad2e2fee258da407c52a6c4a2192f9170d14/details
with latest version of PE-Bear (0.5.5).

It loads layout of this file in left pane. I can see tabs with sections names, headers, etc.
Also when I hover mouse pointer over right pane a rounding circle is showing instead of simple arrow:

Then when I try to click on any tab PE-Bear hangs and closes without errors after 2-3 seconds.

This is sample from Bluenoroff group (sub-group of Lazarus that specializes only on financial attacks):
https://apt.securelist.com/apt/bluenoroff
It is packed with ENIGMA commercial packer.
This hash is seen here:
https://documents.trendmicro.com/assets/Appendix_ratankba-delving-into-large-scale-watering-holes-against-enterprises.pdf

I think this article can show some info about it:
https://www.trendmicro.com/en_us/research/17/b/ratankba-watering-holes-against-enterprises.html

I would be glad if PE-Bear can handle this file.

hasherezade · Answer 1 · Wed Jan 12 2022 01:51:34 GMT+0800 (China Standard Time)

Thank you for the report! I will take care of this soon.

hasherezade · Answer 2 · Wed Jan 12 2022 08:06:06 GMT+0800 (China Standard Time)

@Kargin - I fixed it, please check out the new release: https://github.com/hasherezade/pe-bear-releases/releases/tag/0.5.5.1

tonykarg · Answer 3 · Wed Jan 12 2022 18:52:13 GMT+0800 (China Standard Time)

@hasherezade
Thank you for such fast fix, but I got a problem.

Ran PE-Bear from archive x64_win_vs13 and got this error:

Also there are no win_vs17 versions for some reason. I prefer them :)
Tried next OS:
Windows 10 Pro x64 10.0.17763
Windows 10 Pro x64 10.0.19042

Older version (0.5.5.0) x64_win_vs13 runs with out errors.

Other versions:
qt4_x86_win_vs10
x86_win_vs13

ran without errors and fix worked:

hasherezade · Answer 4 · Wed Jan 12 2022 22:15:45 GMT+0800 (China Standard Time)

@Kargin - ok, I am sorry: I see what happened. I was in a hurry, and mistakenly I uploaded the 64 bit build along with 32 bit DLLs, I will reupload the valid package shortly.

hasherezade · Answer 5 · Wed Jan 12 2022 22:20:46 GMT+0800 (China Standard Time)

ok, the new one is uploaded, check it out. win_vs17 will be added later today.

tonykarg · Answer 6 · Wed Jan 12 2022 22:27:10 GMT+0800 (China Standard Time)

@hasherezade Thank you very much! x64_win_vs13 works now!

hasherezade · Answer 7 · Wed Jan 12 2022 23:51:46 GMT+0800 (China Standard Time)

@Kargin - the win_vs17 builds are ready! please check them out, and feel free to close this issue once you are sure that everything is ok.

tonykarg · Answer 8 · Thu Jan 13 2022 06:09:41 GMT+0800 (China Standard Time)

@hasherezade Thank you very much!
All versions work!
Closing issue.