Merge pull request #864 from mandiant/package-update

🤖 Package update

packages/capa.vm/capa.vm.nuspec

@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>capa.vm</id>
-    <version>6.1.0.20231212</version>
+    <version>7.0.1</version>
     <description>capa detects capabilities in executable files. You run it against a PE file or shellcode and it tells you what it thinks the program can do.</description>
     <authors>@williballenthin, @mr-tz, @Ana06, @mike-hunhoff, @mwilliams31, @MalwareMechanic</authors>
     <dependencies>

packages/capa.vm/tools/chocolateyinstall.ps1

@@ -4,7 +4,7 @@ Import-Module vm.common -Force -DisableNameChecking
 $toolName = 'capa'
 $category = 'Utilities'
 
-$zipUrl = "https://github.com/mandiant/capa/releases/download/v6.1.0/capa-v6.1.0-windows.zip"
-$zipSha256 = "070923d5ca225ef29a670af9cc66a8d648fcaaff7e283cb1ddc73de6e3610f0f"
+$zipUrl = "https://github.com/mandiant/capa/releases/download/v7.0.1/capa-v7.0.1-windows.zip"
+$zipSha256 = "05bac209f50302308e37eb658fe36a40418aa9c37f57d440355706e13cabc43d"
 
 VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -consoleApp $true -arguments "--help"

packages/dnspyex.vm/dnspyex.vm.nuspec

@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>dnspyex.vm</id>
-    <version>6.4.1.20231203</version>
+    <version>6.5.0</version>
     <authors>0xd4d, ElektroKill</authors>
     <description>dnSpyEx is a unofficial continuation of the dnSpy project which is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don't have any source code available.</description>
     <dependencies>

packages/dnspyex.vm/tools/chocolateyinstall.ps1

@@ -5,8 +5,8 @@ try {
   $toolName = 'dnSpy'
   $category = 'dotNet'
 
-  $zipUrl = "https://github.com/dnSpyEx/dnSpy/releases/download/v6.4.1/dnSpy-netframework.zip"
-  $zipSha256 = "d3d8aefb7c5c4ef15d077c13f88c13b0f1403fb71e73610dc68975a62e4230cb"
+  $zipUrl = "https://github.com/dnSpyEx/dnSpy/releases/download/v6.5.0/dnSpy-netframework.zip"
+  $zipSha256 = "5962e3cca902e650c61050e2a879af58b78eec91288b7a7b77a7bc761424a0ed"
   $toolDir = (VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256)[0]
 
   $toolNameX86 = "$toolName-x86"

packages/exiftool.vm/exiftool.vm.nuspec

@@ -2,12 +2,12 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>exiftool.vm</id>
-    <version>12.73.0</version>
+    <version>12.76.0</version>
     <authors>Phil Harvey</authors>
     <description>A tool for reeding and writing file metadata</description>
     <dependencies>
       <dependency id="common.vm" />
-      <dependency id="exiftool" version="[12.73.0]" />
+      <dependency id="exiftool" version="[12.76.0]" />
     </dependencies>
   </metadata>
 </package>

packages/ghidra.vm/ghidra.vm.nuspec

@@ -2,12 +2,12 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>ghidra.vm</id>
-    <version>10.3.3.20231025</version>
+    <version>11.0.1</version>
     <authors>National Security Agency</authors>
     <description>A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission.</description>
     <dependencies>
       <dependency id="common.vm" />
-      <dependency id="ghidra" version="[10.3.3]" />
+      <dependency id="ghidra" version="[11.0.1]" />
       <dependency id="openjdk.vm" />
     </dependencies>
   </metadata>

packages/ida.plugin.capa.vm/ida.plugin.capa.vm.nuspec

@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>ida.plugin.capa.vm</id>
-    <version>6.1.0</version>
+    <version>7.0.0</version>
     <description>capa explorer is an IDAPython plugin that integrates capa with IDA Pro.</description>
     <authors>@mike-hunhoff, @williballenthin, @mr-tz</authors>
     <dependencies>

packages/ida.plugin.capa.vm/tools/chocolateyinstall.ps1

@@ -3,7 +3,7 @@ Import-Module vm.common -Force -DisableNameChecking
 
 try {
     # Install plugin
-    $pluginUrl = "https://raw.githubusercontent.com/mandiant/capa/v6.1.0/capa/ida/plugin/capa_explorer.py"
+    $pluginUrl = "https://raw.githubusercontent.com/mandiant/capa/v7.0.0/capa/ida/plugin/capa_explorer.py"
     $pluginSha256 = "a9a60d9066c170c4e18366eb442f215009433bcfe277d3c6d0c4c9860824a7d3"
     $pluginsDir = New-Item "$Env:APPDATA\Hex-Rays\IDA Pro\plugins" -ItemType "directory" -Force
     $pluginPath = Join-Path $pluginsDir "capa_explorer.py"
@@ -19,8 +19,8 @@ try {
     VM-Assert-Path $pluginPath
 
     # Download capa rules
-    $rulesUrl = "https://github.com/mandiant/capa-rules/archive/refs/tags/v6.1.0.zip"
-    $rulesSha256 = "d87240475b2989e919f65381556f28b455a2f7d6cd35d95acdbbbe9f04f86c84"
+    $rulesUrl = "https://github.com/mandiant/capa-rules/archive/refs/tags/v7.0.0.zip"
+    $rulesSha256 = "4dd27227e68ba419dd8cbe66ba6b09d2b55836e832a97170c9e8b6398caf15fb"
     $packageArgs = @{
         packageName    = ${Env:ChocolateyPackageName}
         unzipLocation  = $pluginsDir
@@ -29,7 +29,7 @@ try {
         checksumType   = 'sha256'
     }
     Install-ChocolateyZipPackage @packageArgs
-    $rulesDir = Join-Path $pluginsDir "capa-rules-6.1.0" -Resolve
+    $rulesDir = Join-Path $pluginsDir "capa-rules-7.0.0" -Resolve
 
     # Set capa rules in the capa plugin
     $registryPath = 'HKCU:\SOFTWARE\IDAPython\IDA-Settings\capa'

packages/pebear.vm/pebear.vm.nuspec

@@ -2,12 +2,12 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>pebear.vm</id>
-    <version>0.6.7</version>
+    <version>0.6.7.20240208</version>
     <authors>hasherezade</authors>
     <description>Delivers fast and flexible "first view" for malware analysts</description>
     <dependencies>
       <dependency id="common.vm" />
-      <dependency id="pebear" version="[0.6.7]" />
+      <dependency id="pebear" version="[0.6.7.3]" />
     </dependencies>
   </metadata>
 </package>

packages/pestudio.vm/pestudio.vm.nuspec

@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>pestudio.vm</id>
-    <version>9.57</version>
+    <version>9.58</version>
     <authors>Marc Ochsenmeier</authors>
     <description>The goal of pestudio is to spot artifacts of executable files in order to ease and accelerate Malware Initial Assessment.</description>
     <dependencies>

packages/pestudio.vm/tools/chocolateyinstall.ps1

@@ -4,7 +4,7 @@ Import-Module vm.common -Force -DisableNameChecking
 $toolName = 'pestudio'
 $category = 'PE'
 
-$zipUrl = 'https://www.winitor.com/tools/pestudio/current/pestudio-9.57.zip'
-$zipSha256 = 'df0664f07bc1561788abfad101ac371e37310bb20f50d5171fb3edf65e950eeb'
+$zipUrl = 'https://www.winitor.com/tools/pestudio/current/pestudio-9.58.zip'
+$zipSha256 = '06c06dc1e6db6b8672b0827ca800affa0739a6878d9767d89122826ca0a2425e'
 
 VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -innerFolder $true

packages/tor-browser.vm/tor-browser.vm.nuspec

@@ -2,12 +2,12 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>tor-browser.vm</id>
-    <version>13.0.8</version>
+    <version>13.0.9</version>
     <authors>Tor Project</authors>
     <description>The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world.</description>
     <dependencies>
       <dependency id="common.vm" />
-      <dependency id="tor-browser" version="[13.0.8]" />
+      <dependency id="tor-browser" version="[13.0.9]" />
     </dependencies>
   </metadata>
 </package>