Version history

0.4.0 (January 12, 2025)

This release adds multiple new rules and support for Electron applications. It also adds support for HTML reports.

  • Improved rules to reduce false positives: PE171, PE173, PE174, PE178, PE179.
  • Added new rules to check if the imported DLLs name case matches the actual DLL file names case (PE183, PE188).
  • Added new combined rules PE189 and PE190 which check if a signed executable imports unsigned libraries.
  • Added new Electron rules EXE001 and EXE002 to check if the used version of Electron is recent and is not preview.
  • Added support for nicely formatted HTML reports (with custom template support).
  • Supported better analysis cancellation.
  • Made shared data generators execute on-demand if there is an executable and the rule which need the corresponding data. Previously, all shared generators were executed before analysis unconditionally.
  • Multiple UI improvements.
  • Many other minor bugfixes and improvements.

0.3.1 (December 11, 2024)

This is a minor update which includes a new pe_bliss2 library with bugfixes. It also fixes the build on the latest MSVC compiler.

0.3 (February 15, 2024)

This version adds a fully featured GUI (based on Qt) to Binary Valentine. It also includes various internal changes to the program core, as well as minor report message fixes and exception handling improvements.

0.2 (December 30, 2023)

This release adds new Authenticode signature checks for the portable executable format.

  • Updated dependencies (pe_bliss2, fmt).
  • Rules improved:
    • PE017: Executable is not signed - now properly checks if the Authenticode signature is present.
  • New rules added:
    • PE047: Security directory format error
    • PE048: Authenticode signature format error
    • PE165: Incorrect Authenticode image hash value
    • PE166: Authenticode certificate store format warning
    • PE167: Incorrect Authenticode image page hashes
    • PE168: Absent Authenticode image page hashes
    • PE169: Authenticode image page hashes check error
    • PE170: Incorrect Authenticode message digest
    • PE171: Weak Authenticode image hash algorithm
    • PE172: Unable to check Authenticode image signature
    • PE173: Weak Authenticode signature RSA key size
    • PE174: Weak Authenticode signature ECDSA curve
    • PE175: Incorrect Authenticode image signature
    • PE176: Absent Authenticode timestamp counter-signature
    • PE177: Incorrect Authenticode timestamp counter-signature digest
    • PE178: Weak Authenticode timestamp counter-signature digest algorithm
    • PE179: Weak Authenticode timestamp counter-signature imprint digest algorithm
    • PE180: Incorrect Authenticode timestamp counter-signature
    • PE181: Absent Authenticode timestamp counter-signature signing time
    • PE182: Authenticode signature check error
    • PE184: Authenticode test signature
    • PE185: Authenticode signing certificate empty subject DN
    • PE186: Authenticode signing certificate subject DN missing attributes
    • PE187: Authenticode signing certificate subject DN invalid attributes

0.1 (June 22, 2023)

First version with the initial set of rules.