I found this tool in my catchall, having developed it years before. It is useful for simulating processes, along with their respective form names, and also uses a wildcard text box. It helped me analyze various banking malware, as I managed to make them believe that I had my browser open and that I was visiting pages that are used to make bank transfers. In this way, the malware launches the injections for each bank, it also simulates Antivirus applications, Firewalls, Sandboxes, Virtual Machines, Debuggers and Hacking Tools (to force the malware to change its execution modes in the environment), all this is configurable by the user from the configuration button. It simulates MDI applications, applications with standard forms, and also has a console mode to facilitate automatic execution in sandbox environments. Finally, the tool also has mock function libraries loaded automatically by some Google Chrome, Opera, Firefox, Internet Explorer, Safari and Microsoft Edge browsers and debuggers via the following process names:
- chrome.exe
- opera.exe
- firefox.exe
- iexplore.exe
- safari.exe
- microsoftedge.exe
Library simulation:
No hay comentarios:
Publicar un comentario