Skip to content

VlaBst6/SysAnalyzer

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

90 Commits
dependancy
dependancy
 
 
source
source
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
.todo.txt
.todo.txt
 
 
ShellExt.exe
ShellExt.exe
 
 
SysAnalyzer.pdb
SysAnalyzer.pdb
 
 
SysAnalyzer_help.chm
SysAnalyzer_help.chm
 
 
WinPcap_4_1_2.exe
WinPcap_4_1_2.exe
 
 
Win_Dump.exe
Win_Dump.exe
 
 
_ide_known_files.mdb
_ide_known_files.mdb
 
 
api_log.dll
api_log.dll
 
 
api_log.x64.dll
api_log.x64.dll
 
 
api_logger.exe
api_logger.exe
 
 
av_detections.txt
av_detections.txt
 
 
build_notes.txt
build_notes.txt
 
 
cfg.dat
cfg.dat
 
 
copy.bat
copy.bat
 
 
dir_watch.dll
dir_watch.dll
 
 
dirwatch_ui.exe
dirwatch_ui.exe
 
 
enumMutex.dll
enumMutex.dll
 
 
exploit_sigs.txt
exploit_sigs.txt
 
 
full_install_script.iss_
full_install_script.iss_
 
 
install_script.iss
install_script.iss
 
 
known_files.mdb
known_files.mdb
 
 
loadlib.exe
loadlib.exe
 
 
nosleep.dll
nosleep.dll
 
 
proc_watch.exe
proc_watch.exe
 
 
readme.txt
readme.txt
 
 
removals.txt
removals.txt
 
 
shellext.external.txt
shellext.external.txt
 
 
sniff_hit.exe
sniff_hit.exe
 
 
ssleay_hook.dll
ssleay_hook.dll
 
 
sysAnalyzer.exe
sysAnalyzer.exe
 
 
virustotal.exe
virustotal.exe
 
 
x64.dll
x64.dll
 
 
x64Helper.exe
x64Helper.exe
 
 
zlib.dll
zlib.dll
 
 

Repository files navigation


Copyright (C) 2005 iDefense, a Verisign Company 
Author: David Zimmer  dzzie@yahoo.com 

Videos:
-------------------------------
updates:          https://www.youtube.com/watch?v=4twR8xtVWPk
apiLogger:        https://www.youtube.com/watch?v=SqdGjihhDoU
original trainer: https://www.youtube.com/watch?v=OPXwKChdO4c
-------------------------------

Installer:  http://sandsprite.com/tools.php?id=13
Help File:  http://sandsprite.com/iDef/SysAnalyzer/

SysAnalyzer is an application that was designed to give malcode analysts an 
automated tool to quickly collect, compare, and report on the actions a 
binary took while running on the system. 

The main components of SysAnalyzer work off of comparing snapshots of the 
system over a user specified time interval. The reason a snapshot mechanism 
was used compared to a live logging implementation is to reduce the amount 
of data that analysts must wade through when conducting their analysis. By 
using a snapshot system, we can effectively present viewers with only the 
persistent changes found on the system since the application was first run. 

While this mechanism does help to eliminate allot of the possible noise 
caused by other applications, or inconsequential runtime nuances, it also 
opens up the possibility for missing key data. Because of this SysAnalyzer 
also gives the analyst the option to include several forms of live logging 
into the analysis procedure. 

Note: SysAnalyzer is not a sandboxing utility. Target executables are run 
in a fully live test on the system. If you are testing malicious code, you 
must realize you will be infecting your test system. 

SysAnalyzer's is designed to take snapshots of the following system 
attributes: 

* Running processes 
* Open ports and associated process 
* Dlls loaded into explorer.exe and Internet Explorer 
* System Drivers loaded into the kernel 
* Snapshots of certain registry keys 

For more information see the chm help file or videos.

About

Automated malcode analysis system - read more ->

sandsprite.com/iDef/SysAnalyzer/

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Visual Basic .NET 50.0%
  • C 31.1%
  • C++ 18.6%
  • Other 0.3%