This is a stepping release since for the first time the Dynamic Analysis has been included for file creations (will be improved for other network/registry indicators sooner) along with process dumping feature.
Features
- String based analysis for registry, API calls, IRC Commands, DLL’s called and VM Aware.
- Display detailed headers of PE with all its section details, import and export symbols etc.
- On Distro, can perform an ascii dump of the PE along with other options (check –help argument).
- For Windows, it can generate various section of a PE : DOS Header, DOS Stub, PE File Header, Image Optional Header, Section Table, Data Directories, Sections
- ASCII dump on windows machine
- Code Analysis (disassembling)
- Online malware checking (http://www.virustotal.com)
- Check for Packer from the Database.
- Tracer functionality
- Signature Creation: Allows to create signature of malware
- CRC and Timestamp verification.
- Entropy based scan to identify malicious sections.
- Dump a process memory
- Dynamic Analysis (Still in beginning stage) for file creations.
malware_analyser 3.0.zip
0 komentar:
Posting Komentar
Silahkan mengirimkan komentar anda.