Sunday, September 22, 2013

Malware / Application Exploit Analysis tool - Hook Analyser 2.6

Hook Analyser :
                        is a freeware project, started in 2011, to analyse an application during the run-time. The project can be potentially useful in analysing malwares (static and run time), and for performing application crash analysis.

The following sections break down the features (and functionality) of the Hook Analyser, and attempts to answer ‘How-to’ and ‘so-what’ queries.

Application UI – Significant updates have been performed on the latest release (v 2.2) to make it more verbose.

Hook Analyser is a hook tool which could be potentially helpful in reversing application and analyzing malwares.

The tool can hook to an API in a process and can do following tasks.

1. Hook to API in a process
2. Hook to API and search for pattern in memory of a process
3. Hook to API and dump buffer (memory).


It's completely automated where you need not to mention any specific API, it does all by itself and stores result in log file.

Needless to say : Support pattern searches , dump memory content and more..


Following is the change log -
  1. Added new signatures (and removed redundant ones) 
  2. Bug fixes - Many thanks for community users to reporting them.
  3. Fixed start-up error. 

Release of the Hook Analyser v2.6.

Following is the change log -

-- Added new signatures (and removed redundant ones)
-- Bug fixes - Many thanks for community users to reporting them.
-- Fixed start-up error.

  5 key functionalities -


  1. Spawn and Hook to Application - This feature allows analyst to spawn an application, and hook into it. The module flow is as following -
    1. PE validation
    2. Static malware analysis.
    3. Other options (such as pattern search or dump all)
    4. Type of hooking (Automatic, Smart or manual)
    5. Spawn and hook
         Currently, there are three types of hooking being supported –
  • Automatic – The tool will parse the application import tables, and based upon that will hook into specified APIs
  • Manual – On this, the tool will ask end-user for each API, if it needs to be hooked.
  • Smart – This is essentially a subset of automatic hooking however, excludes uninteresting APIs.
    2.  Hook to a specific running process-The option allows analyst to hook to a running (active) process. The program flow is –
  1. List all running process
  2. Identify the running process executable path.
  3. Perform static malware analysis on executable (fetched from process executable path)
  4. Other options (such as pattern search or dump all)
  5. Type of hooking (Automatic, Smart or manual)
  6.  Hook to a specific running process
  7. Hook and continue the process 

  3.   Static Malware Analysis  - This module is one of the most interesting and useful module of Hook Analyser, which performs scanning on PE or Widows executables to identify potential malware traces. The sub-components have been mentioned below (and this is not the full list) -

  1. PE file validation
  2. CRC and timestamps validation
  3. PE properties such as Image Base, Entry point, sections, subsystem
  4. TLS entry detection.
  5. Entry point verification (if falls in suspicious section)
  6. Suspicious entry point detection
  7. Packer detection
  8. Signature trace (extended from malware analyser project), such as Anti VM aware, debug aware, keyboard hook aware etc. This particular function searches for more than 20 unique malware behaviours (using 100’s of signature).
  9. Import intel scanning.
  10. Deep search (module)
    Online search of MD5 (of executable) on Threat Expert.
  11. String dump (ASCII)
  12. Executable file information
  13. Hexdump
  14. PEfile info dumping
  15. ...and more.

   4.   Application crash analysis - This module enables exploit researcher and/or application developer to analyse memory content when an application crashes.This module essentially displays data in different memory register (such as EIP).
  • Application crash analysis video demonstration – 
  • http://www.youtube.com/watch?v=msYo7pPsu6A
  5.   Exe extractor - This module essentially extracts executables from running process/s, which could then be further analysed using Hook Analyser , Malware Analyser or other solutions. This module is potentially useful for incident responders

Download Link :


http://www.ziddu.com/download/23012698/HookAnalyser2.6.zip.html



Mirror :

http://we.tl/R0iDHL2nlg

3 comments:

  1. Its not good you are promoting malwares here.....

    ReplyDelete
  2. ^ it's not a malware, just an API hooking tool

    ReplyDelete
  3. Too Stressed ??
    Money can bring the "Peace" in your "soul"!!
    Your life can 'Recover'!!
    Get this 100% free method, Which will earn money for you by using PayPal Hack tool and earn UP TO 500$ ADDING EVERY 5 HOURS.TOTALLY UNTRACEABLE!!!!!!!!!!!!!!!!!!!!!!
    So Download the Tool......
    Paypal Account Hack
    Paypal Money Adder
    Paypal Money Generate
    Paypal Money Hack

    ReplyDelete

Open source Tools for Live Meeting(Web Conferencing)

posts. Guys the most of you find these posts a valuable resource for the e-Learning community. As a result, the following post is Free and Open Source Web Conferencing (Online Meetings, Webinars) Tools for e-Learning.




The following list contains free and open source Web Conferencing tools that are n't in particular order.



Also, you should be sure that the e-Learning community will highly appreciate:

  1. if you post a comment with your experience with these tools and/or,

  2. if you post a comment with a link to any other free and open source Web Conferencing tool.

We support Free eLearning! Do you?



I support Free eLearning




BigBluebutton* is built for Higher Education. It enables universities and colleges to deliver a high-quality learning experience to remote students. BigBlueButton is an active open source project that focuses on usability, modularity, and clean design -- both for the user and the developer. The project is hosted at Google Code. BigBlueButton is built by combining over fourteen open source components.



*note: Epignosis has created a module that provides integration of BigBlueButton conferencing in eFront Open Source Learning Management System. BigBlueButton is a free web-conferencing tool with text chat, audio and video capabilites, a virtual whiteboard and many more presentation and conferencing features.




OpenMeetings is a free browser-based software that allows you to set up instantly a conference in the Web. You can use your microphone or webcam, share documents on a white board, share your screen or record meetings. It is available as hosted service or you download and install a package on your server with no limitations in usage or users.



OpenMeetings Key Features Mini Demo





Mikogo is a free desktop sharing tool full of features to assist you in conducting the perfect online meeting or web conference. Take advantage of the opportunity to share any screen content or application over the Internet in true color quality with up to 10 participants simultaneously, while still sitting at your desk.












Yugma free web conferencing allows anyone, anywhere to instantly share their desktop and ideas online with others. To start hosting your own meetings you have to sign up for FREE. Your Yugma Free web conferencing account allows you to invite up to 20 attendees







Using WebHuddle, you have options and flexibility. Meetings can be conducted either in conjunction with an enterprise’s existing teleconferencing service, or utilizing WebHuddle’s optional voice over IP. WebHuddle also offers recording capabilities -- presentations can easily be recorded for playback over any web browser for those who missed the live meeting.










With Vyew you can give a presentation to a hundred people online or post a document you've been working on for review by your colleagues at the convenience. Vyew is extremely flexible alloying you to bring online collaboration and conferencing into your workflow on your terms.









Dimdim delivers synchronized live presentations, whiteboards and web pages while sharing your voice and video over the Internet - with no download. With the Free edition you can get 10 person meetings, 1 way video, standard support, Dimdim branded rooms, and public meetings.



*note: Epignosis has created a module that provides integration of Dimdim conferencing in eFront  Open Source Learning Management System.




Adobe® ConnectNow is a great way to share ideas, discuss details, and complete work with others all online. Reduce travel costs, save time, and increase productivity with a web conferencing solution that's easy to access and simple to use. ConnectNow operates inside a web browser. There's no installation required, so getting started is easy and Free