Miss Identify
Miss Identify is a program to find MS Windows type win32 applications, displaying filenames of executables without standard extensions like exe, dll, or com. It can also display all executables regardless of extension and is useful in forensics investigations.
Description
Miss Identify (missidentify) is a program to find MS Windows type win32 applications. By default, it displays the filename of any executable that does not have an extension such as exe, dll, com, sys, cpl, hxs, hxi, olb, rll or tlb. It can also display all the executables regardless the extension.
Miss Identify is useful in forensics investigations, helping to identify hidden or misnamed executable files on disk images or file systems.
The tool scans files and determines if they are win32 executables based on their binary structure, ignoring file extensions to uncover potential malicious or hidden programs.
How It Works
Miss Identify scans files to detect MS Windows win32 executable format by analyzing binary headers and structure, independent of file extensions. It identifies executables lacking standard extensions (exe, dll, com, sys, cpl, hxs, hxi, olb, rll, tlb) or shows all executables with the -a flag. Additional modes support recursive traversal of directories, string extraction, and varying output verbosity.
Installation
sudo apt install missidentifyFlags
Examples
missidentify -hmissidentify -r /path/to/directorymissidentify -a /path/to/filesmissidentify -b /path/to/filesmissidentify -l /path/to/filesmissidentify -v /path/to/filesmissidentify -s /path/to/files