SpyStudio v2.9.2

Do you like SpyStudio

  • Yes

    Votes: 9 64.3%

  • No

    Votes: 5 35.7%
  • Total voters
    14
  • Poll closed .
AtlBo

AtlBo

Level 28
Thread author
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Found SpyStudio recently and this app looks like it could be very good for analyzing the processor activities of an individual process, like process forensics. Maybe there is a better application I am not aware of out there, but this is something I have been hoping to find for a long time, so I was very happy to see how well this application actually works.

Really simple to use. Just highlight a running process (or any number of them), right click, and select Hook. To stop the capture look for the Analysis menu item->Stop all. Captures can be saved. Probably won't use SS much, but it's one thing I have been looking for, so I plan on keeping it in the toolbox.

Please try the app and post your impressions:

https://www.nektra.com/products/spystudio-api-monitor/download/
 
Last edited:
  • Like
Reactions: Behold Eck, conceptualclarity, harlan4096 and 10 others
WinXPert

WinXPert

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Jan 9, 2013
1,457
This makes malware analysis a lot easier. Thanks for sharing @AtlBo
Spy.jpg
 
  • Like
Reactions: CyberTech, conceptualclarity, AtlBo and 1 other person
AtlBo

AtlBo

Level 28
Thread author
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
WinXPert said:
This makes malware analysis a lot easier. Thanks for sharing @AtlBo
Click to expand...

No problem. Hope it really helps.

I didn't know if it would be detailed enough etc., but I see there are alot of parameters that can be selected. BTW, I noticed that Process Lasso has a "Suspend Process" option. I guess it would be great if SpyStudio had a way of adding child processes automatically to a capture, but I don't see that. So maybe right clicking on a process in Process Lasso->Less common actions->Suspend process could help when a new process starts off of an original malware process.

Don't have any experience testing so I don't know. I suppose if the child process' activity were paused (suspended in PL) quickly when it started and then hooked in the same data sequence with the parent in SpyStudio, then the cap could be restarted for both in the same data sequence (child then unsuspended)...that kind of thing. Kind of tricky choreograpghy to get it all in one capture if that is necessary. Haven't had time to test it yet very much. Maybe it already automatically auto adds child processes.

My plan for now is to look over commonly accepted clean software whenever I feel like it might be doing things in a sketchy way or slightly sketchy I kind of dig around to see how closely devs stick to solid practices when I have time :)

Looking forward to some test results. Pass em on...:D
 
Last edited:
  • Like
Reactions: askmark, frogboy, harlan4096 and 1 other person
You must log in or register to reply here.

Similar threads

Shadowra
    • +Reputation
    • Like
Malware News StopCrypt: Most widely distributed ransomware evolves to evade detection
Replies
3
Views
995
Security News
Victor M
Victor M
upnorth
    • +Reputation
    • Like
Security News Fake LastPass lookalike made it into Apple App Store
Replies
1
Views
894
Security News
Ink
Ink
Ink
    • Like
    • Thanks
New Update OpenMTP - An advanced Android File Transfer tool for macOS
Replies
0
Views
234
Cloud storage, file sharing and encryption
Ink
Ink

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top