Release Notes for v1.9.0

Date: 14 September, 2023

This version is not suitable for a clean installation due to breaking changes introduced in Docker 25. Please use version 1.9.2 or later for clean installations!

Added:
  • Support different retention periods for different verdicts
  • The /api/scan/file API endpoint accepts base64-encoded file content in the JSON request body
  • Support filenames with various unicode characters
  • Support unpacking of 64-bit executables
  • Integrated "Detect It Easy" to identify characteristics of executable files related to compilation and packing
  • Support malicious documents embedded in PDF files hidden as ActiveMime objects in MHTML format
  • New threat indicators to detect the WikiLoader malware family (Microsoft Office files)
  • Detection and extraction of embedded RTF files in Office documents, as described in CVE-2023-36884
  • Detect XOR decoding routine near the executable entry point
  • Enhance Threat Indicator for Mavinject
Adversaries may abuse mavinject.exe to proxy execution of malicious code. Mavinject.exe is the Microsoft Application Virtualization Injector, a Windows utility that can inject code into external processes as part of Microsoft Application Virtualization (App-V) See example and new threat indicator. [https://attack.mitre.org/techniques/T1218/013/](https://attack.mitre.org/techniques/T1218/013/)

Adversaries may abuse mavinject.exe to proxy execution of malicious code. Mavinject.exe is the Microsoft Application Virtualization Injector, a Windows utility that can inject code into external processes as part of Microsoft Application Virtualization (App-V) See example and new threat indicator.

https://attack.mitre.org/techniques/T1218/013/

Changed:

  • Faster scan processing time
  • Enhanced logging to provide more relevant information
  • Improved VBA emulation to support additional features
  • Refined emulation error handling for higher success ratio
  • Enhanced threat indicators and verdict calculation
  • Improved string analysis
  • Optimized disk space utilization & clean-up mechanisms
  • Enhanced MITRE mapping for user clarity
  • Enhanced flagging for suspicious imported APIs and modules

Fixed:

  • Added version locks for dependencies in various emulator components
  • Improved application security
  • Incorrect detection of zip bombs
  • Incorrect condition for the emulation of ActiveMime files
  • Improved processing of large sample files
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Release Notes for v1.8.1

See the "Technical Datasheet" for a complete list of features: https://docs.opswat.com/filescan/datasheet/technical-datasheet

On This Page
Release Notes for v1.9.0Date: 14 September, 2023