DRAFT

THIS ARTICLE IS A DRAFT. IT MUST NOT BE CONSIDERED AS PUBLISHED YET.
Thank you for your comprehension.

Description

SysAnalyzer is an automated malcode run time analysis application that monitors various aspects of system and process states. SysAnalyzer was designed to enable analysts to quickly build a comprehensive report as to the actions a binary takes on a system. SysAnalyzer can automatically monitor and compare:

• Running Processes
• Open Ports
• Loaded Drivers
• Injected Libraries
• Key Registry Changes
• APIs called by a target process
• File Modifications
• HTTP, IRC, and DNS traffic

SysAnalyzer also comes with a ProcessAnalyzer tool which can perform the following tasks:

• Create a memory dump of target process
• parse memory dump for strings
• parse strings output for exe, reg, and url references
• scan memory dump for known exploit signatures

Full GPL source for SysAnalyzer is included in the installation package.

Installation

http://labs.idefense.com/software/download/?downloadID=15

Usage

INCOMPLETE SECTION OR ARTICLE

This section/article is being written and is therefore not complete.
Thank you for your comprehension.