Didier Stevens

Thursday 20 December 2012

ListModules V0.0.0.1

Filed under: My Software — Didier Stevens @ 0:00

ListModules is a new tool to analyze PE files, like my AnalyzePESig tool. In stead of analyzing all files you point it to, it takes a snapshot of all processes, and analyses the modules (.exe, .dll, …) loaded in these processes. The output is very similar to AnalyzePESig’s output.

Sysinternal’s tool ListDLLs is a similar tool, but ListModules provides more info and is open source.

It helped me a couple of times to find malicious DLLs loaded inside processes that the AV would not catch.

ListModules_V0_0_0_1.zip (https)
MD5: 56D6BD9479915E6FF1C29A9D9F8F7950
SHA256: 43DFAD3F18C2F317E283BCDD453311BB17F6216C6748C25D102778DF63021069

1 Comment »

  1. Process Explorer also can display info about loaded DLLs, but it’s nowhere near yours.

    Comment by Grzechooo — Thursday 20 December 2012 @ 14:29


RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 227 other followers

%d bloggers like this: