We’re happy to announce the release of Cerbero Suite 5.1 and Cerbero Engine 2.1!
This release comes packed with features and improvements. In this post we summarized the most important ones.
Installable Packages
While there are many interesting new features in this release, we consider the most important one to be the introduction of installable packages.
Packages enable developers to create plugins that can be easily installed by the user with just a few clicks. Not only that, but the same package is compatible with both Cerbero Suite and Cerbero Engine.
Packages can be encrypted and signed. When a package is not signed or the signature cannot be trusted, it is shown by the installation dialog.
We wrote an in-depth article about packages if you’re interested in learning more.
Improved Decompiler
We have introduced some improvements in the decompiler output. The most interesting of these improvements is the support of indirect string literal references.
We wrote a post about this topic for more information.
Local Carbon Structures
Previously, imported structures were shared among Carbon disassemblies in the same project. In Cerbero Suite 5.1 every disassembly in a project can have its own local structures.
This is especially useful when importing data structures from PDB files.
Of course, shared structures are also supported.
Improved CFBF Format View
We have simplified the analysis of Microsoft Office legacy documents that contain text controls by previewing their name in the format view.
We have published a 150-seconds video analysis of an Emotet sample which as part of its obfuscation strategy makes use of text controls.
Improved XLSB Support
We have improved support for the Microsoft Excel XLSB format.
We’ll soon publish malware analysis to showcase these improvements.
Improved Silicon Excel Emulator
We have added support for the FORMULA.ARRAY macro, since this macro is often used by malicious Excel documents.
Hierarchy View Size Column
We received this feature request on Twitter: now the hierarchy view also shows the size of files.
This can be useful when prioritizing the analysis of embedded files.
Improved File Dialogs
We disabled the preview of actual file icons in all file dialogs. This makes opening folders with thousands of files blazingly fast and it’s also better for security.
This may seem like a minor problem, but the devil is in the details…
Grid Layouts in Custom Views
We have added a new type of layout in custom views: grid layouts. This new layout type is already documented in our latest official SDK documentation.
Additionally, this new version comes with minor speed optimizations and bug fixes.