Advanced Process Analysis and Identification System

[MindlessGenius]

Just released a new version of my Advanced Process Analysis and Identification System Technician's Edition

A.P.A.I.S. is a live system analysis tool designed to take a single process, and inspect it thoroughly to provide field technicians full spectrum identification, and analysis capability.

It is similar to an anti-malware but without active protection or the ability to scan the entire system, as I designed it to perform tasks and interact with the user in ways impractical to ordinary anti-malware tools in order to accurately identify malicious live processes that may have somehow eluded active protection, and operate in live system memory...

http://hermes-computers.ca/downloads.php

 

[MindlessGenius]

- We are dedicated computer systems analysts, technicians, and programers specialized in malware identification and cleanup. Toronto, Ontario, Canada · http://hermes-computers.ca

 

[MindlessGenius]

Hi,

Here is a new version of A.P.A.I.S. V 1.0.0.3309

New Features like "Technician's Field Notes" and improved U.I. and re organized menus...

We hope technicians and system administrators will find the recent updates actually help improve analysis performance, and reduces their workload...

Get it here: http://hermes-computers.ca/downloads.php

Guy

 

[MindlessGenius]

Advanced Process Analysis and Identification System Technician's Edition

A new A.P.A.I.S. Version 1.0.0.3372 just released!

- improved Auditory Narration on [Internet Analysis] Several new auditory reports
- Improved Textual Reporting (GUI) on unknown / Unlisted report
- Added Internet Performance Diagnostics to [Technicians Toolkit]
- You now have the option to configure a default sender and a default recipient for your reports in Settings/smtp transmitter.
- You can now select to submit data to us on "Unknown" processes or files you analysed
- Fixed a lot of little annoyances on shared Reports modules
- You can now use the report engine to easily submit bug reports [Under File] (Requires SMTP Engine to be configured)
- Added Request New Feature [Under File] (Requires SMTP Engine to be configured)
- Added Report False Positives [Under File] (Requires SMTP Engine to be configured)
- Optimized code base
- Improvement to the voice narration system continues
- [Internet Analysis] Module now has individual voice narration specific to task
- Improved the [Live System Scan] engine Reporting source and destination
- It is now even easier to analyse the output of the Live System Scan report via Analysis Reports menus features.

Please do remember to properly configure the smtp report transmitter in [Settings] prior to sharing your reports.
This includes reports sent to one's own self for later analysis for those not using A.P.A.I.S. as a portable toolkit...

Here is the download link: http://hermes-computers.ca/downloads.php

Enjoy

 

[MindlessGenius]

Current Application Version is 1.0.0.3391 (08 July 2013)

New Signatures Updates 30 July 2013

Global White List

• A bunch of Nice clean applications now added...

Primary Malware database

• Some Malware = Trojans and a Worm

 

[MindlessGenius]

Advanced Process Analysis and Identification System Technician's Edition

Database Updates

New Signatures Updates 31 July 2013

Windows Component List

• Lots of missing entries added...

Global White List

• Multiple De listings... Some Corrections (Double Entries From Windows component list and Global White List Removed)

Primary Malware database

• New Trojans a few new Rogues, and a Rootkit

 

[MindlessGenius]

Advanced Process Analysis and Identification System Technician's Edition
http://hermes-computers.ca/apais_1.php

New Signatures Updates 02 August 2013
Global White List

• New Good Clean Applications listed!

Primary Malware database

• Trojans... lots of fresh Trojan's...

Secondary Malware database

• 2,824,828 Signatures...

Tertiary Malware database

• 2,748,144 Signatures...

Note:Brand New Books on Malware Identification and Cleanup! + one on Cyber War!
http://exploitability.blogspot.nl/2013/08/lectures-dete-malwares-cyber-war.html
Nice Work Paul!

Ces livre sont en francais!

Enjoy!

 

[MindlessGenius]

Advanced Process Analysis and Identification System Technician's Edition
http://hermes-computers.ca/apais_1.php

New Version Release: 1.0.0.3523
http://hermes-computers.ca/downloads.php

Highlights

Lots of Improvements
Some new features
A few fixes

change-log:

* NEW/IMPROVED:
- improved code security
- Improved Voice Narration
- Improved Internet Analysis Module
- Improved "Technician's Field Notes" modules (Registered)
- Improved Tactical Third Party Checksum Interrogation
- Added Persistent Checksum Tracker - You can now easily identify and compare file checksum changes temporally (Registered)
- Added Sha1 signature check via Virustotal.com
- Improved Report data and structure/layout
- Minor Improvement of accuracy of Live Process Behaviour Analysis
- Slight improvements to sequential logic
- It's now a lot easier to identify checksum impersonation attempts

* FIXED:
- fixed restart fail after signatures updates
- Fixed automatically "Open Report" after local Process Report created (Registered)

 

[MindlessGenius]

Advanced Process Analysis and Identification System Technician's Edition
http://hermes-computers.ca/apais_1.php

New Version Release: V.1.0.0.3601 (10 September 2013)
http://hermes-computers.ca/downloads.php

* NEW:

- Added a Secondary sound byte to Process, Drivers and Auto Startup Analysis requester

* IMPROVED:

- Minor code improvements

* FIXED:

- Sound bytes still on Even when disabling/Enabling menus centric settings while Voice Narration is set to OFF

 

[MindlessGenius]

Advanced Process Analysis and Identification System Technician's Edition
http://hermes-computers.ca/apais_1.php

New Version Release: V.1.0.0.3652 (25 September 2013)
http://hermes-computers.ca/downloads.php

* NEW:
- Sha256 sha-384 and sha-512 checksum Signature generators
- You can now analyze sha256 signatures via Virustotal.com (Internet Analysis Module)
- New Sound byte to sha256 Analysis via virustotal.com
- New sound byte to Checksum signature calculation
- Info Button now gives you MD5, Sha1, Sha256, sha-384 and sha-512 in addition to displaying file integrated data
- Tracker now also documents Sha-256, sha-384 and sha-512 checksum at each pass
- Technician's field notes now also include Sha-1 Sha-256, sha-384 and sha-512 checksum in the file note

* Improved:
- E-mail and local reports, now also provide Sha-256, sha-384 and sha-512 checksum Signatures
- corrected typos, in Gui's
- removed lots of redundant code documentation
- deleted several deprecated or rewritten functions
- Re organized some of the Constants and variables for optimal performance
- Now Internet Analysis - specific search page labels are correctly representing actual function instead of generic ones.

* FIXED:
- Resolved Condition where manually selecting a static file would sometimes crash A.P.A.I.S.
- Attempting to report malware in Unregistered version (Free) would crash the application
- Fixed sound bytes for Sha1 Verifications (Internet Analysis) module plays MD5 check sound clip in error
- Fixed Report Suspicious File Crash A.P.A.I.S. when unregistered users tried to report malware using it.

 

[MindlessGenius]

Advanced Process Analysis and Identification System Technician's Edition
http://hermes-computers.ca/apais_1.php

New Version Release: V.1.0.0.3713 (02 October 2013)
http://hermes-computers.ca/downloads.php

* NEW:
- Added Sha256, sha-384 and sha-512 signatures to the Optional "Report Unknown" to developer report module
- You can now Skipp lengthy Identification sequences of Known hostiles if file is a known part of Windows or is already Globally white listed
- Setup now allows the user to skip creation of program shortcuts (Useful for Portable USB edition)

* Improved:
- More work was done to further improve easy Check-sum Impersonation, and collisions identification
- implemented a few minor code based Performance enhancements
- Menus "Settings" now display a nice blue tick/check mark on all user selected options (suggested by BoerenkoolMetWorst @ Wilderssecurityforum.com)
- Re engineered optional trade off between speed, and features: When you disable sound + Discontinue scans if file = part of Windows List or Global White List and you select Skipp Known Hostiles List scans:Black List/Primary/Secondary/Tertiary Malware databases = up to 82% faster scans when right condition is trigger.

* FIXED:
- Improper format output from Info button resolved...

 

[MindlessGenius]

Advanced Process Analysis and Identification System Technician's Edition
Database Updates


New Signatures Updates 04 October 2013
Between Yesterday and today's updates you now have new:

Global Whitelist
Primary Malware Database


Happy Hunting!

On a side note:
Would users prefer the "Insecure/Vulnerable" database to be global or do you wish to continue full control manually as it currently exists?

Let me know your preference, what you need in the field is always paramount to me.

GD

 

[MindlessGenius]

Advanced Process Analysis and Identification System Technician's Edition
http://hermes-computers.ca/apais_1.php

New Version Release: V.1.0.0.3723 (17 October 2013)
http://hermes-computers.ca/downloads.php

* NEW:
- UNLOCKED A FEATURE: You can now scan for and analyze/Identify Drivers in the Free Unregistered version!

* Improved:
- Sound controls are now fully functional in all cross modular interactive functions
- Bottom visibar activity tracker text labels now flashes text to green when functions perform tasks

 

[Ink]

Hello MindlessGenius, in what situation would one use APAIS, and how does it benefit it over other solutions?

 

[MindlessGenius]

Hello Earth,

For many years I tried to find a tool that offered me what this can do in a single package. It did not exist.
Some good tools do exist but I always need to use too many of them, too many downloads, and too much trouble each time I need to analyze a system. This can lead to waist of time which clients can resent. So I built this system to answer all my own needs. I already spent many years working on it, and it's not even close to be completed.

The real benefit (at least in my case) is where it basically allows me to find everything missed by users installed antivirus products. Essentially if it can see it in live memory it can analyze it and thoroughly identify it. I designed it to help me find whatever falls through the cracks of existing solutions.

From the ground up it was never designed as protection but as a tool for administrators and field technical service personal to quickly identify previously unidentified spyware, trojans, and other types of malware.

By design it does not protect or scan the entire file system. It is designed to operate on the live system, and a single live process and thoroughly analyze and perform as thorough an identification of the process as can currently be done...

While it can scan a static file (on disk) it is designed to analyze live ones.

The registered version is where A.P.A.I.S. really shines. The Free is basically just a simple easy to use single process scanner with some powerful capabilities, but the registered version is entirely designed to cater to technicians and contains a lot of goodies...

It's still under active development, so user input is greatly appreciated. Essentially whatever you need in the field in your search and destroy mission, you let me know and I'll try and implement it...

This thing is full of experimental methodologies, and ideas, I'm working on. I'm trying to push the limits of what can be done giving my current technical skills, and expertise. However I think I did a pretty good job although like I said it still needs work.

For more information I would recommend you read the introduction to it on my web site:
https://hermes-computers.ca//apais_1.php

And please do not be afraid to register this thing, This is a single man project without funding or budget so I could really use the few dollars this would bring and it will help me keep it available to everyone...

I hope this helps

All the best!

 

[Ink]

Cheers for the explanation, will read up more information on your site.