Hook Analyser is a freeware project, started in 2011, to analyse an application during the run-time. The project can be potentially useful in analysing malwares (static and run time), and for performing application crash analysis.
1. Spawn and Hook to Application
This feature allows analyst to spawn an application, and hook into it
2. Hook to a specific running process
The option allows analyst to hook to a running (active) process.
3. Perform quick static malware analysis
This module is one of the most interesting and useful module of Hook Analyser, which performs scanning on PE or Widows executables to identify potential malware traces.
4. Application crash analysis
This module enables exploit researcher and/or application developer to analyse memory content when an application crashes.
Change log -
- The UI and modules of the project have been re-written. The interactive mode is more verbose.
- The (static) malware analysis module has been enhanced.
- Bug fixes and other improvements.
Hook analyser is a hook tool which could be potentially helpful in reversing application and analysing malwares.
- Static analysis functionality has got improved significantly.
- Nice fingerprinting feature (part of the static analysis module).
- Analysis and logging modules have improved.
- No more annoying browser pop-ups (previous releases had some).
Malware Analyser is a freeware tool to perform static and dynamic analysis of the malwares.
- String based analysis for registry, API calls, IRC Commands, DLL’s called and VMAware.
- Display detailed headers of PE with all its section details, import and export symbols etc.
- On distros, can perform an ASCII dump of the PE along with other options (check –help argument).
- For windows, it can generate various section of a PE : DOS Header, DOS Stub, PE File Header, Image Optional Header, Section Table, Data Directories, Sections
ASCII dump on windows machine.
- Code Analysis (disassembling)
- Online malware checking (www.virustotal.com)
- Check for Packer from the Database.
- Tracer functionality: Can be used to identify
- Anti-debugging Calls tricks, File system manipulations Calls Rootkit Hooks, Keyboard Hooks, DEP Setting Change, Network Identification traces.
- Signature Creation: Allows to create signature of malware.
- Batch Mode Scan to Scan all DLL and Exe in directories and sub-directories
Malware Analyzer v3.3 rleased.
--Added Traces signatures
Hook analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer. The tool can hook to an API in a process and can do following tasks.
- 1. Hook to API in a process
- 2. Hook to API and search for pattern in memory of a process
- 3. Hook to API and dump buffer (memory).