4n4lDetector Pro - Version 2025

Purchase

Below is a breakdown of the available packages:

Number of Scans	Price	Details
4n4lDetector Pro 2025	€120	One-year license with no limit on machines
4n4lDetector Pro 2025 200 Scans Private API Report	€130	A one-year license with unlimited machine access, including 200 scans via PEscan.io with Private API reports.

Delivery

After completing the payment, the download link for your private version of 4n4lDetector Pro will be sent to the email address provided during the purchase process.

Video Demo

New Features

YARA rule creation improvements:

Improved detection of anomalous characters for YARA rules with a new algorithm.
Included function content from the Export Table in YARA rules.
Renamed YARA files to YaraRule.yar.
Increased the collection and verification limit of strings for IOC creation in YARA rules.

Added a button in the main panel to take users to the PEscan.io site when pressed.

The button will show a green check if the sample is found in the PEscan.io database.
Online hash verification will be reflected in the Information section.
Pressing the button with the green check will redirect the user to the web search section.

Added Text format for extracted resource contents.

Review of executable detection in resources.

Added 5300 new detections for known malware Entry Points.
Manually added all Zw functions and descriptions, also for Call API By Name detection.
Major improvements in SQL query information gathering module.
Increased and adjusted detection in the Intelligent Strings module.
Enhanced Intelligent Strings module for serial numbers and IP addresses collection.
Optimized duplicate section detection functionality and review.
Changed RVA address of the Export Table to be calculated in Offset.
Extraction control added for the Import Table, Export Table, and Resources.
Added control to prevent overflow issues.
SSL update for VirusTotal API.
Blocked automatic download request in Settings, now users must click to download.
Added action verification to the Reset and Updates buttons in the Settings section.
A License Control has been added for the Pro version of the tool.
Enhanced report presentation to improve user experience.
Reviewed HTML extractions from the File Access module.
Buffers Optimizations.
Added .NET version details and flag for Any CPU.
The Settings and Help forms now always open at the center of the main form.
Improved compatibility with Pescan.io for compare file hashes.
Fixed a casual bug in the File Paths section.

Platinum Upgrade and UI Enhancements

We have enhanced the professional version while retaining the medal system. In the free edition, the medal tiers function as a symbolic gameplay element, while in the Pro edition users are automatically upgraded to the Platinum tier with all advantages fully unlocked. Beyond the redesigned color scheme for the main interface, the Pro version grants exclusive access to the complete unlocking of words from the “Words of Interest” section, together with the unique ability to generate YARA rules, a feature available only to Pro users.

Additionally, we have included a Complete Word Search functionality, which can be accessed directly from the Settings section of the tool. This new feature allows users to perform more accurate and comprehensive searches for malware signatures or key terms within the analyzed files.

Advanced Static Analysis Tool

4n4lDetector is a scan tool for Microsoft Windows executables, libraries, drivers, and memory dumps. Its main objective is to collect the necessary information to facilitate the identification of malicious code within the analyzed files. This tool analyzes, among other things, the PE header and its structure, the content of the sections, the different types of strings, and many other aspects. It also incorporates a multitude of its own ideas to recognize anomalies in file construction and detect mechanisms used by modern malware.

Using the tool is simple: just configure the options in the dropdown panel on the right and drag the samples into 4n4lDetector.

Full Support

32-bit (8086, x86, ARMv7)
64-bit (AMD64, x86-64, x64, ARMv8)

IT and ET Extraction

Alpha AXP, ARM, ARM Thumb-2 (32-bit Thumb), ARM64, EFI Byte Code, EFI Byte Code (EBC), Hitachi SH3, Hitachi SH3, Hitachi SH4, Hitachi SH5, Intel i860, Intel Itanium (IA-64), M32R, MIPS16, MIPS16 with FPU, MIPS R3000, MIPS R4000, MIPS with FPU, MIPS little-endian, MIPS little-endian WCE v2, x64, x86, x86-64.

Buttons Code

Green buttons are action buttons that open files and folders or interact with the tool's utilities.
Red buttons perform reconfigurations, delete data, or reset functional files.
Purple buttons announce the activation of online interactions.
Pink buttons are shortcut tabs to navigate between different types of utilities.

PE Chart Code

Executable header is Light Blue.
Executable sections are Pink.
Non-executable sections are Black.
Code added externally to a compiler appears in Red (Crypters, Joiners, Droppers...)

Chart code for other files

Printable characters are Light Blue.
Non-printable characters (Null Bytes) are Black.

Console Options (Analysis to File)

Start the graphical interface parsing a file from the console:

4n4lDetector.exe Path\App.exe -GUI

Remove binary after scan:

4n4lDetector.exe Path\App.exe -GREMOVE

Parse a file from the console and the output is written to a TXT file:

4n4lDetector.exe Path\App.exe -TXT

Parse a file from the console and the output is written to HTML file:

4n4lDetector.exe Path\App.exe -HTML

Detections

PE Information, Unusual Entry Point Position or Code (Algorithms, Anomalous Instructions... ), Packers, Compilations, Binders/Joiners/Crypters, Architectures, Possible malicious functions, Registry Keys, Files Access, Juicy Words, Anti-VM/Sandbox/Debug, URLs Extractor, Payloads, AV Services, Duplicate Sections, IP/Domains List, Config RAT (Only In Memory Dumps), Call API By Name, Unusual Chars In Description File (Polymorphic Patterns), Rich Signature Analyzer, CheckSum Integrity Problem, PE Integrity Check, SQL Queries, Emails, Malicious resources, PE Carve, Exploits, File Rules for Entry Points and more...

More Information

For further information regarding the project, please visit our Blog and Github repository.

Legal Disclaimer

This software is provided "as is," without any warranties, either express or implied, including, but not limited to, warranties of merchantability or fitness for a particular purpose. The author shall not be held liable for any direct, indirect, incidental, or consequential damages arising from its use or inability to use it. Any use of the files that comprise the 4n4lDetector or 4n4lDetector Pro applications for purposes other than those intended requires the explicit authorization of the author.

The author reserves the right to disable or block the software at any time without prior notice or the right to refunds. This software is distributed under a usage license, and if it is found to be leaked or shared through any public or private channel, it may be immediately disabled.

By using this software, you acknowledge that you have read and fully understood this disclaimer.

License of Use

4n4lDetector (Free Version)

This software is free for personal and research purposes only. Commercial use, resale, redistribution, or integration of this software into online services, platforms, or security products without the explicit written authorization of the author is strictly prohibited.

4n4lDetector Pro

The Pro version is provided under individual authorization by the author. Any redistribution, resale, commercial use, or integration into online services or products without the explicit written authorization of the author is strictly prohibited.

By downloading, copying, or using this software (Free or Pro), you agree to be bound by these terms.

Back to Main Page