Unpacking Software Livestream

Join our monthly Unpacking Software livestream to hear about the latest news, chat and opinion on packaging, software deployment and lifecycle management!

Learn More
Chocolatey Product Spotlight

Join the Chocolatey Team on our regular monthly stream where we put a spotlight on the most recent Chocolatey product releases. You'll have a chance to have your questions answered in a live Ask Me Anything format.

Learn More
Chocolatey Coding Livestream

Join us for the Chocolatey Coding Livestream, where members of our team dive into the heart of open source development by coding live on various Chocolatey projects. Tune in to witness real-time coding, ask questions, and gain insights into the world of package management. Don't miss this opportunity to engage with our team and contribute to the future of Chocolatey!

Learn More
Calling All Chocolatiers! Whipping Up Windows Automation with Chocolatey Central Management

Webinar from
Wednesday, 17 January 2024

We are delighted to announce the release of Chocolatey Central Management v0.12.0, featuring seamless Deployment Plan creation, time-saving duplications, insightful Group Details, an upgraded Dashboard, bug fixes, user interface polishing, and refined documentation. As an added bonus we'll have members of our Solutions Engineering team on-hand to dive into some interesting ways you can leverage the new features available!

Watch On-Demand
Chocolatey Community Coffee Break

Join the Chocolatey Team as we discuss all things Community, what we do, how you can get involved and answer your Chocolatey questions.

Watch The Replays
Chocolatey and Intune Overview

Webinar Replay from
Wednesday, 30 March 2022

At Chocolatey Software we strive for simple, and teaching others. Let us teach you just how simple it could be to keep your 3rd party applications updated across your devices, all with Intune!

Watch On-Demand
Chocolatey For Business. In Azure. In One Click.

Livestream from
Thursday, 9 June 2022

Join James and Josh to show you how you can get the Chocolatey For Business recommended infrastructure and workflow, created, in Azure, in around 20 minutes.

Watch On-Demand
The Future of Chocolatey CLI

Livestream from
Thursday, 04 August 2022

Join Paul and Gary to hear more about the plans for the Chocolatey CLI in the not so distant future. We'll talk about some cool new features, long term asks from Customers and Community and how you can get involved!

Watch On-Demand
Hacktoberfest Tuesdays 2022

Livestreams from
October 2022

For Hacktoberfest, Chocolatey ran a livestream every Tuesday! Re-watch Cory, James, Gary, and Rain as they share knowledge on how to contribute to open-source projects such as Chocolatey CLI.

Watch On-Demand

Downloads:

647

Downloads of v 0.9.8:

77

Last Update:

01 Dec 2024

Package Maintainer(s):

Software Author(s):

  • Malcat

Tags:

malcat malware

Malcat - The Binary File Dissector

  • 1
  • 2
  • 3

0.9.8 | Updated: 01 Dec 2024

Downloads:

647

Downloads of v 0.9.8:

77

Maintainer(s):

Software Author(s):

  • Malcat

Tags:

malcat malware

Malcat - The Binary File Dissector 0.9.8

Legal Disclaimer: Neither this package nor Chocolatey Software, Inc. are affiliated with or endorsed by Malcat. The inclusion of Malcat trademark(s), if any, upon this webpage is solely to identify Malcat goods or services and not for commercial purposes.

  • 1
  • 2
  • 3

All Checks are Passing

3 Passing Tests

Validation Testing Passed

Verification Testing Passed

Details

Scan Testing Successful:

No detections found in any package files

Details
Learn More

Deployment Method: Individual Install, Upgrade, & Uninstall

To install Malcat - The Binary File Dissector, run the following command from the command line or from PowerShell:

>

To upgrade Malcat - The Binary File Dissector, run the following command from the command line or from PowerShell:

>

To uninstall Malcat - The Binary File Dissector, run the following command from the command line or from PowerShell:

>

Deployment Method:

NOTE

This applies to both open source and commercial editions of Chocolatey.

1. Enter Your Internal Repository Url

(this should look similar to https://community.chocolatey.org/api/v2/)

2. Setup Your Environment

1. Ensure you are set for organizational deployment

Please see the organizational deployment guide

2. Get the package into your environment

  • Open Source or Commercial:
    • Proxy Repository - Create a proxy nuget repository on Nexus, Artifactory Pro, or a proxy Chocolatey repository on ProGet. Point your upstream to https://community.chocolatey.org/api/v2/. Packages cache on first access automatically. Make sure your choco clients are using your proxy repository as a source and NOT the default community repository. See source command for more information.
    • You can also just download the package and push it to a repository Download

3. Copy Your Script

choco upgrade malcat -y --source="'INTERNAL REPO URL'" [other options]

See options you can pass to upgrade.

See best practices for scripting.

Add this to a PowerShell script or use a Batch script with tools and in places where you are calling directly to Chocolatey. If you are integrating, keep in mind enhanced exit codes.

If you do use a PowerShell script, use the following to ensure bad exit codes are shown as failures:


choco upgrade malcat -y --source="'INTERNAL REPO URL'" 
$exitCode = $LASTEXITCODE

Write-Verbose "Exit code was $exitCode"
$validExitCodes = @(0, 1605, 1614, 1641, 3010)
if ($validExitCodes -contains $exitCode) {
  Exit 0
}

Exit $exitCode


- name: Install malcat
  win_chocolatey:
    name: malcat
    version: '0.9.8'
    source: INTERNAL REPO URL
    state: present

See docs at https://docs.ansible.com/ansible/latest/modules/win_chocolatey_module.html.


chocolatey_package 'malcat' do
  action    :install
  source   'INTERNAL REPO URL'
  version  '0.9.8'
end

See docs at https://docs.chef.io/resource_chocolatey_package.html.


cChocoPackageInstaller malcat
{
    Name     = "malcat"
    Version  = "0.9.8"
    Source   = "INTERNAL REPO URL"
}

Requires cChoco DSC Resource. See docs at https://github.com/chocolatey/cChoco.


package { 'malcat':
  ensure   => '0.9.8',
  provider => 'chocolatey',
  source   => 'INTERNAL REPO URL',
}

Requires Puppet Chocolatey Provider module. See docs at https://forge.puppet.com/puppetlabs/chocolatey.

4. If applicable - Chocolatey configuration/installation

See infrastructure management matrix for Chocolatey configuration elements and examples.

NOTE

Private CDN cached downloads available for licensed customers. Never experience 404 breakages again! Learn more...

Package Approved

This package was approved by moderator Windos on 01 Dec 2024.

Description

Malcat is a feature-rich hexadecimal editor / disassembler for Windows and Linux targeted to IT-security professionals.
Inspect more than 40 binary file formats, dissassemble and decompile different CPU architectures, extract embedded files and scan for Yara signatures or anomalies in a fast and easy-to-use graphical interface.
Don't like what you get? Malcat is also heavily customizable and scriptable using python.
Malcat has been designed for malware analysts, SOC operators, incident responders, CTF players or more generally anyone who needs to inspect unknown binary files on a regular basis.

ReadMe.md 
## Summary
How do I create packages? See https://docs.chocolatey.org/en-us/create/create-packages

If you are submitting packages to the community feed (https://community.chocolatey.org)
always try to ensure you have read, understood and adhere to the create
packages wiki link above.

## Automatic Packaging Updates?
Consider making this package an automatic package, for the best
maintainability over time. Read up at https://docs.chocolatey.org/en-us/create/automatic-packages

## Shim Generation
Any executables you include in the package or download (but don't call
install against using the built-in functions) will be automatically shimmed.

This means those executables will automatically be included on the path.
Shim generation runs whether the package is self-contained or uses automation
scripts.

By default, these are considered console applications.

If the application is a GUI, you should create an empty file next to the exe
named 'name.exe.gui' e.g. 'bob.exe' would need a file named 'bob.exe.gui'.
See https://docs.chocolatey.org/en-us/create/create-packages#how-do-i-set-up-shims-for-applications-that-have-a-gui

If you want to ignore the executable, create an empty file next to the exe
named 'name.exe.ignore' e.g. 'bob.exe' would need a file named
'bob.exe.ignore'.
See https://docs.chocolatey.org/en-us/create/create-packages#how-do-i-exclude-executables-from-getting-shims

## Self-Contained?
If you have a self-contained package, you can remove the automation scripts
entirely and just include the executables, they will automatically get shimmed,
which puts them on the path. Ensure you have the legal right to distribute
the application though. See https://docs.chocolatey.org/en-us/information/legal.

You should read up on the Shim Generation section to familiarize yourself
on what to do with GUI applications and/or ignoring shims.

## Automation Scripts
You have a powerful use of Chocolatey, as you are using PowerShell. So you
can do just about anything you need. Choco has some very handy built-in
functions that you can use, these are sometimes called the helpers.

### Built-In Functions
https://docs.chocolatey.org/en-us/create/functions

A note about a couple:
* Get-ToolsLocation - used to get you the 'tools' root, which by default is set to 'c:\tools', not the chocolateyInstall bin folder - see https://docs.chocolatey.org/en-us/create/functions/get-toolslocation
* Install-BinFile - used for non-exe files - executables are automatically shimmed... - see https://docs.chocolatey.org/en-us/create/functions/install-binfile
* Uninstall-BinFile - used for non-exe files - executables are automatically shimmed - see https://docs.chocolatey.org/en-us/create/functions/uninstall-binfile

### Getting package specific information
Use the package parameters pattern - see https://docs.chocolatey.org/en-us/guides/create/parse-packageparameters-argument

### Need to mount an ISO?
https://docs.chocolatey.org/en-us/guides/create/mount-an-iso-in-chocolatey-package

### Environment Variables
Chocolatey makes a number of environment variables available (You can access any of these with $env:TheVariableNameBelow):

 * TEMP/TMP - Overridden to the CacheLocation, but may be the same as the original TEMP folder
 * ChocolateyInstall - Top level folder where Chocolatey is installed
 * ChocolateyPackageName - The name of the package, equivalent to the `<id />` field in the nuspec (0.9.9+)
 * ChocolateyPackageTitle - The title of the package, equivalent to the `<title />` field in the nuspec (0.10.1+)
 * ChocolateyPackageVersion - The version of the package, equivalent to the `<version />` field in the nuspec (0.9.9+)
 * ChocolateyPackageFolder - The top level location of the package folder  - the folder where Chocolatey has downloaded and extracted the NuGet package, typically `C:\ProgramData\chocolatey\lib\packageName`.

#### Advanced Environment Variables
The following are more advanced settings:

 * ChocolateyPackageParameters - Parameters to use with packaging, not the same as install arguments (which are passed directly to the native installer). Based on `--package-parameters`. (0.9.8.22+)
 * CHOCOLATEY_VERSION - The version of Choco you normally see. Use if you are 'lighting' things up based on choco version. (0.9.9+) - Otherwise take a dependency on the specific version you need.
 * ChocolateyForceX86 = If available and set to 'true', then user has requested 32bit version. (0.9.9+) - Automatically handled in built in Choco functions.
 * OS_PLATFORM - Like Windows, macOS, Linux. (0.9.9+)
 * OS_VERSION - The version of OS, like 6.1 something something for Windows. (0.9.9+)
 * OS_NAME - The reported name of the OS. (0.9.9+)
 * USER_NAME = The user name (0.10.6+)
 * USER_DOMAIN = The user domain name (could also be local computer name) (0.10.6+)
 * IS_PROCESSELEVATED = Is the process elevated? (0.9.9+)
 * IS_SYSTEM = Is the user the system account? (0.10.6+)
 * IS_REMOTEDESKTOP = Is the user in a terminal services session? (0.10.6+)
 * ChocolateyToolsLocation - formerly 'ChocolateyBinRoot' ('ChocolateyBinRoot' will be removed with Chocolatey v2.0.0), this is where tools being installed outside of Chocolatey packaging will go. (0.9.10+)

#### Set By Options and Configuration
Some environment variables are set based on options that are passed, configuration and/or features that are turned on:

 * ChocolateyEnvironmentDebug - Was `--debug` passed? If using the built-in PowerShell host, this is always true (but only logs debug messages to console if `--debug` was passed) (0.9.10+)
 * ChocolateyEnvironmentVerbose - Was `--verbose` passed? If using the built-in PowerShell host, this is always true (but only logs verbose messages to console if `--verbose` was passed). (0.9.10+)
 * ChocolateyExitOnRebootDetected - Are we exiting on a detected reboot? Set by ` --exit-when-reboot-detected`  or the feature `exitOnRebootDetected` (0.11.0+)
 * ChocolateyForce - Was `--force` passed? (0.9.10+)
 * ChocolateyForceX86 - Was `-x86` passed? (CHECK)
 * ChocolateyRequestTimeout - How long before a web request will time out. Set by config `webRequestTimeoutSeconds` (CHECK)
 * ChocolateyResponseTimeout - How long to wait for a download to complete? Set by config `commandExecutionTimeoutSeconds` (CHECK)
 * ChocolateyPowerShellHost - Are we using the built-in PowerShell host? Set by `--use-system-powershell` or the feature `powershellHost` (0.9.10+)

#### Business Edition Variables

 * ChocolateyInstallArgumentsSensitive - Encrypted arguments passed from command line `--install-arguments-sensitive` that are not logged anywhere. (0.10.1+ and licensed editions 1.6.0+)
 * ChocolateyPackageParametersSensitive - Package parameters passed from command line `--package-parameters-sensitive` that are not logged anywhere.  (0.10.1+ and licensed editions 1.6.0+)
 * ChocolateyLicensedVersion - What version is the licensed edition on?
 * ChocolateyLicenseType - What edition / type of the licensed edition is installed?
 * USER_CONTEXT - The original user context - different when self-service is used (Licensed v1.10.0+)

#### Experimental Environment Variables
The following are experimental or use not recommended:

 * OS_IS64BIT = This may not return correctly - it may depend on the process the app is running under (0.9.9+)
 * CHOCOLATEY_VERSION_PRODUCT = the version of Choco that may match CHOCOLATEY_VERSION but may be different (0.9.9+) - based on git describe
 * IS_ADMIN = Is the user an administrator? But doesn't tell you if the process is elevated. (0.9.9+)
 * IS_REMOTE = Is the user in a remote session? (0.10.6+)

#### Not Useful Or Anti-Pattern If Used

 * ChocolateyInstallOverride = Not for use in package automation scripts. Based on `--override-arguments` being passed. (0.9.9+)
 * ChocolateyInstallArguments = The installer arguments meant for the native installer. You should use chocolateyPackageParameters instead. Based on `--install-arguments` being passed. (0.9.9+)
 * ChocolateyIgnoreChecksums - Was `--ignore-checksums` passed or the feature `checksumFiles` turned off? (0.9.9.9+)
 * ChocolateyAllowEmptyChecksums - Was `--allow-empty-checksums` passed or the feature `allowEmptyChecksums` turned on? (0.10.0+)
 * ChocolateyAllowEmptyChecksumsSecure - Was `--allow-empty-checksums-secure` passed or the feature `allowEmptyChecksumsSecure` turned on? (0.10.0+)
 * ChocolateyChecksum32 - Was `--download-checksum` passed? (0.10.0+)
 * ChocolateyChecksumType32 - Was `--download-checksum-type` passed? (0.10.0+)
 * ChocolateyChecksum64 - Was `--download-checksum-x64` passed? (0.10.0)+
 * ChocolateyChecksumType64 - Was `--download-checksum-type-x64` passed? (0.10.0)+
 * ChocolateyPackageExitCode - The exit code of the script that just ran - usually set by `Set-PowerShellExitCode` (CHECK)
 * ChocolateyLastPathUpdate - Set by Chocolatey as part of install, but not used for anything in particular in packaging.
 * ChocolateyProxyLocation - The explicit proxy location as set in the configuration `proxy` (0.9.9.9+)
 * ChocolateyDownloadCache - Use available download cache? Set by `--skip-download-cache`, `--use-download-cache`, or feature `downloadCache` (0.9.10+ and licensed editions 1.1.0+)
 * ChocolateyProxyBypassList - Explicitly set locations to ignore in configuration `proxyBypassList` (0.10.4+)
 * ChocolateyProxyBypassOnLocal - Should the proxy bypass on local connections? Set based on configuration `proxyBypassOnLocal` (0.10.4+)
 * http_proxy - Set by original `http_proxy` passthrough, or same as `ChocolateyProxyLocation` if explicitly set. (0.10.4+)
 * https_proxy - Set by original `https_proxy` passthrough, or same as `ChocolateyProxyLocation` if explicitly set. (0.10.4+)
 * no_proxy- Set by original `no_proxy` passthrough, or same as `ChocolateyProxyBypassList` if explicitly set. (0.10.4+)
tools\bin\malcat.exe.gui
tools\chocolateyinstall.ps1 
$packageArgs = @{
	packageName   	= "Malcat"
	url           	= "https://malcat.fr/all/0.9.8/malcat_win64_lite.zip"
	unzipLocation 	= Join-Path -Path ${Env:ProgramFiles} -ChildPath "Malcat Lite"
	Checksum        = "892044B0A8564DF26B0BD01631232F1E7E739A30411B06F9E8769F284E0B40B2"
	ChecksumType    = "sha256"
}
# If the Destination Folder doesn't exist, it's created.
if (!(Test-Path $packageArgs.unzipLocation -PathType Container)) {
    Write-Output $("Creating target directory : " + $packageArgs.unzipLocation)
	New-Item -ItemType Directory -Force -Path $packageArgs.unzipLocation | Out-Null
    Write-Output $("Changing rights of directory : " + $packageArgs.unzipLocation)
}
# Write permission is added on the Destination Folder for config files to be created by a regular Windows User
Try {
	# Getting current ACL of the Destination Folder
	$ACL = Get-Acl -Path $packageArgs.unzipLocation

	# Getting the "Users" group name in the correct langage (Thanks MS)
	$objSID = New-Object System.Security.Principal.SecurityIdentifier ("S-1-5-32-545")
	$objUser = $objSID.Translate( [System.Security.Principal.NTAccount])
	$Name = $objUser.Value	

	# Adding the Modify permission to the "Users" group
	$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($Name,"Modify","ContainerInherit",0,"Allow")
	$ACL.SetAccessRule($AccessRule)
	$ACL | Set-Acl -Path $packageArgs.unzipLocation
}
Catch {
	$ErrorMsg = $_.Exception.Message
	Write-Output $("Set folder permissions error : " + $ErrorMsg)
	Exit 421
}

# Archive is unzipped into Destination Folder
Write-Output $("Unzipping files to : " + $packageArgs.unzipLocation)
Install-ChocolateyZipPackage @packageArgs | Out-Null

$linkArgs = @{
	ShortcutFilePath 	= "$ENV:USERPROFILE\Desktop\Malcat Lite.lnk"
	targetPath 			= Join-Path -Path ${Env:ProgramFiles} -ChildPath "Malcat Lite\bin\malcat.exe"
}

# Link is created on the Desktop
Write-Output $("Creating Link on Desktop")
Install-ChocolateyShortcut @linkArgs
tools\chocolateyuninstall.ps1 
$ShortcutFilePath = "$ENV:USERPROFILE\Desktop\Malcat Lite.lnk"
if (Test-Path -Path $ShortcutFilePath -PathType Leaf) {
		Write-Output $("Removing Link : " + $ShortcutFilePath)
		Remove-Item $ShortcutFilePath
	}

$InstallationFolder = Join-Path -Path ${Env:ProgramFiles} -ChildPath "Malcat Lite"
if (Test-Path -Path $InstallationFolder -PathType Container) {
		Write-Output $("Removing installation folder : " + $InstallationFolder)
		Remove-Item $InstallationFolder -Recurse
	}
	
$OldInstallationFolder = $(Split-Path -parent $MyInvocation.MyCommand.Definition)
if (Test-Path -Path $OldInstallationFolder -PathType Container) {
		Write-Output $("Removing old installation folder : " + $OldInstallationFolder)
		Remove-Item $OldInstallationFolder -Recurse
	}
tools\static\python64\python.exe.ignore
tools\static\python64\pythonw.exe.ignore

Log in or click on link to see number of positives.

In cases where actual malware is found, the packages are subject to removal. Software sometimes has false positives. Moderators do not necessarily validate the safety of the underlying software, only that a package retrieves software from the official distribution point and/or validate embedded software against official distribution point (where distribution rights allow redistribution).

Chocolatey Pro provides runtime protection from possible malware.

Add to Builder Version Downloads Last Updated Status
Malcat - The Binary File Dissector 0.9.8 77 Sunday, December 1, 2024 Approved
Malcat - The Binary File Dissector 0.9.7 65 Wednesday, September 25, 2024 Approved
Malcat - The Binary File Dissector 0.9.5 126 Sunday, March 17, 2024 Approved
Malcat - The Binary File Dissector 0.9.4 95 Tuesday, November 28, 2023 Approved
Malcat - The Binary File Dissector 0.9.2 117 Friday, August 4, 2023 Approved
Malcat - The Binary File Dissector 0.9.0 167 Wednesday, February 15, 2023 Approved

Today we are happy to announce the release of version 0.9.8. As we are now approaching the 1.0 release, we have focused our efforts on freezing parts of the API, creating documentation (including the long-awaited file parser doc!) and making various quality of life improvements for this release.
● Scripting and QoL improvements (All details on https://malcat.fr/blog/098-is-out-scripting-qol-improvements/)
● Intelligence:
- Added InQuest as threat intel source
- FileScanIO can now be used as download source
- Triage can now be used as download source
- Added API key support to MalwareBazaar (will soon be mandatory)
● Strings:
- Added an additional Xref-based heuristic to recover tricky Golang strings
- Improved Rust strings detection
● Decompiler:
- Better parameters recovery for Delphi programs
● Scripting:
- Added a script to remove null bytes in last section / overlay
- Added a script to fix section addresses for badly dumped PE files
- Added a script to extract BMP pixels data in the right order
- Added a simple config extractor for LummaStealer
- Added a simple config extractor for DarkComet
- Added a simple config extractor for Remcos
- Added malcat.kesakode.py to bin/ folder (query kesakode on a file from the command line, only for full/pro versions)
- Added analysis.selection.as_hex method
- Reworked the interface to analysis.xrefs (cf. doc)
- Added File.read_until function (cf. doc)
- Added .bb, .function, .inrefs and .outrefs attributes to malcat.Instruction (cf. doc)
- Added .function, .inrefs and .outrefs attributes to malcat.BasicBlock (cf. doc)
- Added .callers, .callees, .inrefs and .outrefs attributes to malcat.Function (cf. doc)
- Added disasm() function to malcat.Instruction, malcat.BasicBlock and malcat.Function objects (with formatting options, cf. doc)
- Added hex() function to malcat.Analysis, malcat.BasicBlock and malcat.Function objects (with magic masking options)
- malcat.CarvedFile.file is now malcat.CarvedFile.open() and returns a malcat.File instance
- malcat.VirtualFile.unpack() is now malcat.VirtualFile.open() and returns a malcat.File instance
- Added helper function Analysis.open_vfile(path)
- Added a method malcat.setup() to make malcat's data/bindings/user dirs accessible from scripts in headless mode
- Added an option in Preferences - General to display an empty script in the script editor by default (instead of the tutorial script)
● Analysis:
- .NET static arrays are now cross-referenced by instructions accessing their correspondig field
- "Force imagebase" menu action is now working as intended
- User types are now stored in a "usertypes" directory instead of "types"
- User types directory can now also contain python files containing Malcat's Struct type definitions
● Parsers:
- Added an heuristic to retrieve obfuscated/trashed PCLn header in Golang 1.18+ programs
- Proper symbol parsing for relocatable (.o) ELF files
- Reimplemented zipfile's CRC32 decryption in c++ for faster non-AES encrypted ZIP decryption
- Added documentation on how to write your own parser
- Bat2Exe batch files now appear in the virtual file system tab (post-2016 bat2exe only, does not support multi-bat setups yet)
● Transforms:
- Improved data preview: hex, text and disasm mode, scrolling support, copy / paste
- Added a button to add a new transform directly into your user data directory using Malcat's python editor
- You can now save transform chains into templates for future use
- You can now store the transform result directly into the clipboard
- You can now also transform dynamic strings
- Transform dialog now selects the result only if the "In place" option has been chosen
- Improved "reverse" and "skip" transforms
- Added "flip2d" and "keep" transforms
- Added "nrv2b decompress" transform
- Added "zlb1 decompress" transform
- Added "insert" transform
- Added "salsa20" transform
● Data preview:
- Added more data types (timestamp, filetime, dostime and GUID)
- You can now modify data in the same way as in the structure editor
- Added the possibility to switch between little endian and big endian interpretation
- Added the possibility to switch between decimal/hexadecimal display
● User interface:
- Find dialog: your search query is now kept when switching the search mode
- Find dialog: find pattern now defaults to selected text in the source view
- The "find in current file" context menu action now pops up the find dialog (gives you a chance to modify the pattern)
- Hex view: you can now set the width of the colored blocks/columns in the Options dialog
- Hex view: you can now groups bytes (i.e. no space) belonging to the same colored block/column (also in the Options dialog)
- Added a context menu in strings view when multiple strings are selected
- Added a context menu in the files tab when multiple carved/virtual files are selected
- You can now copy module names to the clipboard in the symbol view
- Kesakode view: the accordion labels now display the number of elements currently displayed (before, was ALL elements)
- Improved charset conversion performances
- Structure editor now uses OS's locale for date fields
- Disassembly view: clicking on a hexa byte now displays the data preview
- Dates are now displayed in ISO format in the structure view and the quickview
● Bug fixing:
- Fixed a parameter parsing issue in install_api.py script
- Fixed a slowdown in the Yara scanner module when handling very large .yar files
- Fixed a bug when modifying huge (u)int64_t value in the structure editor
- Fixed a bug when modifying a DOS imestamp using the structure editor, the result would be in the local timezone instead of UTC
- Fixed a regression where function discovery was not performed for x86 code embedded inside p-code VB programs
- Fixed a parsing bug in InnoSetup language section: license text is always utf8, even in unicode versions
- Fixed a bug in the .NET disassembler for very large (>256 targets) switch opcodes
- Fixed kesakode http error message being hidden

If you want to see the complete list of improvements, have a look at our blog on https://malcat.fr/blog.html.

Discussion for the Malcat - The Binary File Dissector Package

Ground Rules:

  • This discussion is only about Malcat - The Binary File Dissector and the Malcat - The Binary File Dissector package. If you have feedback for Chocolatey, please contact the Google Group.
  • This discussion will carry over multiple versions. If you have a comment about a particular version, please note that in your comments.
  • The maintainers of this Chocolatey Package will be notified about new comments that are posted to this Disqus thread, however, it is NOT a guarantee that you will get a response. If you do not hear back from the maintainers after posting a message below, please follow up by using the link on the left side of this page or follow this link to contact maintainers. If you still hear nothing back, please follow the package triage process.
  • Tell us what you love about the package or Malcat - The Binary File Dissector, or tell us what needs improvement.
  • Share your experiences with the package, or extra configuration or gotchas that you've found.
  • If you use a url, the comment will be flagged for moderation until you've been whitelisted. Disqus moderated comments are approved on a weekly schedule if not sooner. It could take between 1-5 days for your comment to show up.
comments powered by Disqus