Coldblackice
[H]ard|Gawd
- Joined
- Aug 14, 2010
- Messages
- 1,152
Anyone know of any scanner-type tools that can look at a program (on disk or running in memory) and report what type of base behaviors/abilities it's able to employ?
For example, reporting that an .exe has the ability and is set up for reading/writing to the registry, or that it's set up for network access (and to access X/Y/Z IP's), or that it can modify files on disk, or that it's able and likely to autostart itself with Windows via X/Y/Z path, etc.
So, basically a sandbox-type program like Sandboxie, but which leans more in the scanner-type direction of actively dissecting and reporting what a program can/may/will do?
Currently, I use a Windows explorer shell extension that is able to submit file hashes to VirusTotal for analysis with two clicks of the mouse -- giving an overview of the file according to many different companies' scanners. But it'd be great to have a tool that can scan and look at the behavior of a program to see what it can/may do, and particularly, behaviors that are red flags, like autostarting itself, modifying certain areas or keys of the registry, attempting to access anything on disk other than its own folder, etc.
For example, reporting that an .exe has the ability and is set up for reading/writing to the registry, or that it's set up for network access (and to access X/Y/Z IP's), or that it can modify files on disk, or that it's able and likely to autostart itself with Windows via X/Y/Z path, etc.
So, basically a sandbox-type program like Sandboxie, but which leans more in the scanner-type direction of actively dissecting and reporting what a program can/may/will do?
Currently, I use a Windows explorer shell extension that is able to submit file hashes to VirusTotal for analysis with two clicks of the mouse -- giving an overview of the file according to many different companies' scanners. But it'd be great to have a tool that can scan and look at the behavior of a program to see what it can/may do, and particularly, behaviors that are red flags, like autostarting itself, modifying certain areas or keys of the registry, attempting to access anything on disk other than its own folder, etc.