L
LabZero
Thread author
Hello to all
I want to introduce another process monitor tool :
Process Threads View by Nirsoft http://www.nirsoft.net/utils/process_threads_view.html
Now I will try to analyse the process created by av.exe malware from Hub (thanks Kram7750).
It is a rogue downloader, which connects to download main application.
Select the malicious process and open the second screen of the software
Here we can find all the information about the process and threads
The selection of a thread in the upper half of the window displays its stack data information in the lower half.
Displayed in particular are strings found in the stack,stack modules adress, call stack and processor registers.
This is a simplification, but it is useful to see what is actually a malware in the background.
I want to introduce another process monitor tool :
Process Threads View by Nirsoft http://www.nirsoft.net/utils/process_threads_view.html
Now I will try to analyse the process created by av.exe malware from Hub (thanks Kram7750).
It is a rogue downloader, which connects to download main application.
Select the malicious process and open the second screen of the software
Here we can find all the information about the process and threads
The selection of a thread in the upper half of the window displays its stack data information in the lower half.
Displayed in particular are strings found in the stack,stack modules adress, call stack and processor registers.
This is a simplification, but it is useful to see what is actually a malware in the background.
Last edited by a moderator:
