To protect malwares from detection by AV vendors malware authors use packers/cryptors for protection. For malware analysts unpacking executable is the greatest problem they encounter while analyzing protected executable files.
To combat packer challenges a memory dumping attack was employed in GUnpack tool.G(ods)Unpack tool unpacks packed executable files based on memory dumping technique.
Download page[Google code]
Friday, June 11, 2010
Wednesday, June 9, 2010
Autorun Cleaning tool
To clean autorun files on all the drives I have written a handy tool in Visual C.
Link1 [File Factory]
Link2 [YourFileLink]
Link3 [RapidShare]
Zipfile MD5 : BEEB5D98FBB1031F1046D801D61074DD
SHA1: D841CD5F60448FA2E487FDED179CA5E05DF79DBB
Unzip the file and check checksum before using.
SHA1 : 9A83F85FB7BFE0D585BAE662A946D8025695D11D
MD5 :BD891972669DD82393F303DDA15BF2CE
Link1 [File Factory]
Link2 [YourFileLink]
Link3 [RapidShare]
Zipfile MD5 : BEEB5D98FBB1031F1046D801D61074DD
SHA1: D841CD5F60448FA2E487FDED179CA5E05DF79DBB
Unzip the file and check checksum before using.
SHA1 : 9A83F85FB7BFE0D585BAE662A946D8025695D11D
MD5 :BD891972669DD82393F303DDA15BF2CE
Sunday, June 6, 2010
Buster sandbox Released
A new sand boxing tool Buster sand box has been released.
The tools is available for free and can be downloaded at.
It has both automatic and manual analysis mode.
It even has digital signature detection option also.
It monitors file, Registry, Network changes etc.
It can be also made to work in hidden mode using a build in driver that comes with it.
It also has excluding list to exclude certain file and registry changes.
It needs sandboxie sandbox.
The tools is available for free and can be downloaded at.
It has both automatic and manual analysis mode.
It even has digital signature detection option also.
It monitors file, Registry, Network changes etc.
It can be also made to work in hidden mode using a build in driver that comes with it.
It also has excluding list to exclude certain file and registry changes.
It needs sandboxie sandbox.
Subscribe to:
Posts (Atom)