Malware Analyser 3.1
36 views
Skip to first unread message
Beenu
Apr 30, 2011, 2:05:50 AM4/30/11
to malwareanalyser
Hi Guys, hope you had a great easter break. I'm working on the next
release i.e. 3.1. My primary focus is on the DLL's analysis and
Process analysis.
I hope to release the version by late end of May.
/late
release i.e. 3.1. My primary focus is on the DLL's analysis and
Process analysis.
I hope to release the version by late end of May.
/late
VSA
May 29, 2011, 2:34:02 AM5/29/11
to malwareanalyser
MalwareAnalyser is a great tool!
I would suggest adding the possibility to scan all files in a folder/
subfolders for mass-processing.
I would suggest adding the possibility to scan all files in a folder/
subfolders for mass-processing.
Beenu
Jun 12, 2011, 4:25:16 AM6/12/11
to malwareanalyser
Mates,
Malware Analyser 3.1 is out.
Here is the release notes:
Version : 3.1
Release Notes : 30/04/2011
--Added DLL analysis
Release Noted: 12/06/2011
--Added Batch Mode Scan: Scan all DLL and Exe in directories and sub-
directories
Thanks to VSA for giving idea.
Malware Analyser 3.1 is out.
Here is the release notes:
Version : 3.1
Release Notes : 30/04/2011
--Added DLL analysis
Release Noted: 12/06/2011
--Added Batch Mode Scan: Scan all DLL and Exe in directories and sub-
directories
Thanks to VSA for giving idea.
VSA
Jun 12, 2011, 2:09:36 PM6/12/11
to malwareanalyser
It's great! Thanks!
Btw, is there currently a way to disable certain features? E.g. if I
want to do a batch scan, but I do not want to disassemble the first
block or not scan online, can I deactivate those (or maybe can I
enable just the ones I need)?
I saw some few mistypos in the program, like e.g. Usagae,
Disaassembling, etc. ;)
Could you please explain a bit the SIgnature based scans? Like e.g. in
the following cases, do I need to create signatures (or am I missing a
signature db?) for those functions or does it mean that it did not
find anything?
-----------Performing signatures based scan---------------
[+]Displaying Interesting System Calls Made.
[-]Signatures not found.....
[+]Displaying Registry Hives Edited.
[-]Signatures not found.....
[+]Displaying A Little Online Behaviour.
[-]Signatures not found.....
[+]Displaying the Loaded DLLs.
[-]Signatures not found.....
[+]Commands Inside the Malware.
[-]Signatures not found.....
[+]Sys Calls Made.
[-]Signatures not found.....
[+]Searching if malware is VM aware
[-]Signatures not found.....
Thanks for your help and great tool! :)
Btw, is there currently a way to disable certain features? E.g. if I
want to do a batch scan, but I do not want to disassemble the first
block or not scan online, can I deactivate those (or maybe can I
enable just the ones I need)?
I saw some few mistypos in the program, like e.g. Usagae,
Disaassembling, etc. ;)
Could you please explain a bit the SIgnature based scans? Like e.g. in
the following cases, do I need to create signatures (or am I missing a
signature db?) for those functions or does it mean that it did not
find anything?
-----------Performing signatures based scan---------------
[+]Displaying Interesting System Calls Made.
[-]Signatures not found.....
[+]Displaying Registry Hives Edited.
[-]Signatures not found.....
[+]Displaying A Little Online Behaviour.
[-]Signatures not found.....
[+]Displaying the Loaded DLLs.
[-]Signatures not found.....
[+]Commands Inside the Malware.
[-]Signatures not found.....
[+]Sys Calls Made.
[-]Signatures not found.....
[+]Searching if malware is VM aware
[-]Signatures not found.....
Thanks for your help and great tool! :)
Beenu Arora
Jun 12, 2011, 9:37:43 PM6/12/11
to malware...@googlegroups.com, malwareanalyser
Hey VSA ,
For now it's scanning for everything but I would introduce the optional scan feature in the next build.
Regarding the typos , I'll get rid of them in next release.
Also the signatures based scan is part of core functionality and one may not add themselves. If you've a signature then please send across and I would add you on contributors list.
Thanks for reviewing it and appreciate your efforts.
Cheers
Sent from my iPhone
Reply all
Reply to author
Forward
0 new messages