Didier Stevens

Thursday 20 December 2012

ListModules V0.0.0.1

Filed under: My Software — Didier Stevens @ 0:00

ListModules is a new tool to analyze PE files, like my AnalyzePESig tool. In stead of analyzing all files you point it to, it takes a snapshot of all processes, and analyses the modules (.exe, .dll, …) loaded in these processes. The output is very similar to AnalyzePESig’s output.

Sysinternal’s tool ListDLLs is a similar tool, but ListModules provides more info and is open source.

It helped me a couple of times to find malicious DLLs loaded inside processes that the AV would not catch.

ListModules_V0_0_0_1.zip (https)
MD5: 56D6BD9479915E6FF1C29A9D9F8F7950
SHA256: 43DFAD3F18C2F317E283BCDD453311BB17F6216C6748C25D102778DF63021069

Blog at WordPress.com.