Posted 15 May 2019 | Modified 15 May 2019

Author Attila Suszter

Introduction

HexLasso CLI is a binary data analysis utility with command line interface that allows for static exploration of binary data.

HexLasso CLI takes input files and produces an interactive HTML file that can be viewed from a web browser.



The HexLasso plot of a high entropy sample showing increased matches in the second half of the data in green.

When the HTML file is loaded in the web browser, you can choose out of a list of analysis plots to be drawn. Such plots include entropy, match coverage, and byte frequency plots among others.

Plots you choose are combined into one overall graph which comes with the advantage to see the correlation between them.

The horizontal axis is the position in the data, and the vertical axis is the score between 0 and 100.

You can mark positions in the plot to display the data offset of important location.

Plots

You can choose out of a list of analysis plots to be drawn.

ENTROPY

ENTROPY _IN_ORDER_1

BYTE _PREDICTION_IN_ORDER_1

COMPRESSED _SIZE_DEFLATE_OR_DATA_SIZE

UNIQUE _DWORD_CNT

UNIQUE _WORD_CNT

UNIQUE _BYTE_CNT

MATCH _COVERAGE_WORD

MATCH _COVERAGE_DWORD

MATCH _COVERAGE_QWORD

BYTE _FREQ_ASCII_CONTROL

BYTE _FREQ_ASCII_PRINTABLE

BYTE _FREQ_EXTENDED_ASCII

BYTE _FREQ_00

BYTE _FREQ_FF

BYTE _FREQ_8B

BYTE _FREQ_E8_E9

BYTE _FREQ_MULTIPLE_OF_4

BYTE _FREQ_MULTIPLE_OF_8

WORD _FREQ_FF15

WORD _FREQ_FF25

MOST _FREQ_BYTE_VALUE

MOST _FREQ_BYTE_COVERAGE

STRING _COVERAGE_ASCII_PRINTABLE_MINLEN_4

STRING _COVERAGE_ASCII_PRINTABLE_MINLEN_8

STRING _COVERAGE_UNICODE_PRINTABLE_MINLEN_4

STRING _COVERAGE_UNICODE_PRINTABLE_MINLEN_8

RUNS _OF_BYTES_MINLEN_4

RUNS _OF_BYTES_MINLEN_8

RELATIVE _REFERENCE

DELTA _CH

System Requirements

The minimum required OS to run HexLasso CLI is Windows XP. A web browser with SVG and JavaScript support is required to run the interactive HTML file.

Development Details

HexLasso CLI is being developed in Visual C# 2010 and .NET Framework 4. It is entirely implemented in managed code.

HexLasso CLI is a spin-off project of BinCovery.