Update NoVirusThanks Unloaded Module Viewer

NoVirusThanks

From NoVirusThanks
Developer
Joined
Aug 23, 2012
Messages
164
OS
Windows 10
#1
We've released a new tool useful for malware analysis:

Unloaded Module Viewer v1.0

Unloaded Module Viewer (UMV) is a standalone GUI tool designed to enumerate and list Portable Executable (PE) modules (.DLL, .CPL, .EXE etc.) that have been dynamically unloaded throughout the life of a process. When a module is unloaded by the Windows PE loader (with APIs such as FreeLibrary/LdrUnloadDll) certain module information is cached as a snapshot by NTDLL inside the respective process address space which can be useful come investigation time. This internal and private cache consists of the last 64 modules that have been
unloaded and it provides relevant information such as the module name, load address,
module size, timestamp and checksum.

unloaded-module-viewer-screenshot-1.png


Unloaded Module Viewer can be especially useful to developers, security researchers and reverse engineers looking to analyze run-time module
unloading behavior inside a process of interest.
More info & download:
Analyze Unloaded Modules with Unloaded Module Viewer | NoVirusThanks
 

Latest Posts

Latest Threads