Your download link is at the very bottom of the page... always.



Processed through Paypal
No account required.


Donate Bitcoin to this wallet:
1KkUMXvQ2ko3xcJkzitB7WYgoW6m79WFfm
Donate Ethereum to this wallet:
0x40E56922F43637224935CDC35e2c96E0392A8505
Donate Litecoin to this wallet:
LLYAFEyqjH69gkyCEpRjXNyedRCWrVChfL

Buy our over-priced crap to help keep things running.



Join our Facebook groupFollow us on TwitterFollow us on InstagramOur RSS FeedJoin us on TikTokJoin us on LinkedIn




 Home » OlderGeeks.com Freeware Downloads » Anti-Virus, Anti-Malware, Security Utilities » Advanced Malware Tools   
Files
  File Name Rating Downloads
Last Update/Developer
AlternateStreamView 32bit v1.56
AlternateStreamView 32bit v1.56 AlternateStreamView is a small utility that allows you to scan your NTFS drive, and find all hidden alternate streams stored in the file system. After scanning and finding the alternate streams, you can extract these streams into the specified folder, delete unwanted streams, or save the streams list into text/html/csv/xml file. System Requirements This utility works on any version of Windows starting from Windows 2000 and up to Windows 10. Both 32-bit and 64-bit systems are supported. Known Issues It seems that starting from Windows 7, the standard 'Open With' dialog-box of Windows stopped working with alternate streams, and thus the 'Open Selected Stream With...' option provided by AlternateStreamView also doesn't work... Versions History Version 1.56: Added /RunAsAdmin command-line option for running AlternateStreamView as administrator. About Alternate Streams in NTFS File System NTFS system has a feature that allows you to add multiple streams in addition to the main file stream. When you open or view the file, only the main file stream is visible, while other additional streams are hidden from the user. Here's 3 examples of alternate streams usage in Windows operating system: Favorites of Internet Explorer: When You add a Web site link into your 'Favorites', a .url file containing the url and description is created. However, if the Web site also have an icon (favicon), the icon is saved as alternate stream for the same url file. The stream name of the icon is :favicon:$DATA Downloaded files of Internet Explorer: When you download and save a file with Internet Explorer, it automatically add a zone information for the saved file. This zone information is used for identifying the file as downloaded file from the Internet. The stream name in this case is :Zone.Identifier:$DATA Summary information of files: When ...
5/5 7,361 Nov 13, 2019
Nir Sofer
AlternateStreamView 64bit v1.56
AlternateStreamView 64bit v1.56 AlternateStreamView is a small utility that allows you to scan your NTFS drive, and find all hidden alternate streams stored in the file system. After scanning and finding the alternate streams, you can extract these streams into the specified folder, delete unwanted streams, or save the streams list into text/html/csv/xml file. System Requirements This utility works on any version of Windows starting from Windows 2000 and up to Windows 10. Both 32-bit and 64-bit systems are supported. Known Issues It seems that starting from Windows 7, the standard 'Open With' dialog-box of Windows stopped working with alternate streams, and thus the 'Open Selected Stream With...' option provided by AlternateStreamView also doesn't work... Versions History Version 1.56: Added /RunAsAdmin command-line option for running AlternateStreamView as administrator. About Alternate Streams in NTFS File System NTFS system has a feature that allows you to add multiple streams in addition to the main file stream. When you open or view the file, only the main file stream is visible, while other additional streams are hidden from the user. Here's 3 examples of alternate streams usage in Windows operating system: Favorites of Internet Explorer: When You add a Web site link into your 'Favorites', a .url file containing the url and description is created. However, if the Web site also have an icon (favicon), the icon is saved as alternate stream for the same url file. The stream name of the icon is :favicon:$DATA Downloaded files of Internet Explorer: When you download and save a file with Internet Explorer, it automatically add a zone information for the saved file. This zone information is used for identifying the file as downloaded file from the Internet. The stream name in this case is :Zone.Identifier:$DATA Summary information of files: When ...
5/5 7,543 Nov 13, 2019
Nir Sofer
Attack Surface Analyzer v2.3.285
Attack Surface Analyzer v2.3.285 A Microsoft developed open source security tool that analyzes the attack surface of a target system and reports on potential security vulnerabilities introduced during the installation of software or system misconfiguration. Attack Surface Analyzer 1.0 from Microsoft was released in 2012 and is no longer available. Attack Surface Analyzer 1.0 has been valuable to software developers and IT security personnel for years in helping detect key system changes that may occur from software installation. Attack Surface Analyzer 2 is a rewrite from the ground up on .NET Core and is an Open Source project managed by Microsoft. Scenarios 1) Attack Surface Analyzer can help identify potential security risks exposed through changes to services, user accounts, files, network ports, certificate stores, and the system registry. It also includes some support for “live” monitoring of certain system changes (i.e. file system and registry). 2) Another key use for the tool is in ensuring your software development process and products are following best practices for least privilege and reducing the attack surface for your customers by providing evidence, to your security and release teams, that your code does only what it claims. Maintaining customer trust is one reason why it is recommended from the Microsoft SDL Practices. Typical users of ASA: -DevOps Engineers - View changes to the system attack surface introduced when your software is installed. -IT Security Auditors - Evaluate risk presented when third-party software is installed. See How to Run Attack Surface Analyzer. System Requirements Operating System Support ASA is tested on Windows 11, Linux and MacOS systems. No installed pre-requisites or redistributables are required, beyond those of .NET Core. Additional OS compatibility for .NET Core is located here https://github.com/dotnet/core/blob/master/release-notes/3.1/3.1-supported-os.md. This download is for the Windows version. All other download assets are below: MacOS: ASA_macos_2.3.285.zip Linux: ASA_linux_2.3.285.zip NetCore: ASA_netcoreapp_2.3.285.zip Click here ...
5/5 2,788 Sep 21, 2022
Microsoft Corp.
Chainsaw v1.1.6
Chainsaw v1.1.6 Rapidly Search and Hunt through Windows Event Logs Chainsaw provides a powerful ‘first-response’ capability to quickly identify threats within Windows event logs. It offers a generic and fast method of searching through event logs for keywords, and by identifying threats using built-in detection logic and via support for Sigma detection rules. Features 🔍 Search and extract event log records by event IDs, string matching, and regex patterns 🎯 Hunt for threats using Sigma detection rules and custom built-in detection logic ⚡ Lightning fast, written in rust, wrapping the EVTX parser library by @OBenamram 🔥 Document tagging (detection logic matching) provided by the TAU Engine Library 📑 Output in an ASCII table format, CSV format, or JSON format Hunting Logic Sigma Rule Matching Using the --rules and --mapping parameters you can specify a directory containing a subset of SIGMA detection rules (or just the entire SIGMA git repo) and chainsaw will automatically load, convert and run these rules against the provided event logs. The mapping file tells chainsaw what event IDs to run the detection rules against, and what fields are relevant. By default the following event IDs are supported: Built-In Logic Extraction and parsing of Windows Defender, F-Secure, Sophos, and Kaspersky AV alerts Detection of key event logs being cleared, or the event log service being stopped Users being created or added to sensitive user groups Brute-force of local user accounts RDP Logins You can specify the --lateral-all flag to chainsaw to also parse and extract additional 4624 logon types (network logons, service, batch etc.) relating to potential lateral movement that may be interesting for investigations. Getting Started You can use the pre-compiled versions of chainsaw ...
5/5 634 Feb 27, 2022
F-Secure Countercept
Combofix v19.11.4.1
Combofix v19.11.4.1 ComboFix is a program, created by sUBs, that scans your computer for known malware, and when found, attempts to clean these infections automatically. In addition to being able to remove a large amount of the most common and current malware, ComboFix also displays a report that can be used by trained helpers to remove malware that is not automatically removed by the program. Please note that running this program without supervision can cause your computer to not operate correctly. Therefore only run this program at the request of an experienced helper. Windows XP/Vista/7/8 32-bit program. Can run on both a 32-bit and 64-bit OS This program works with Windows 8, but not Windows 8.1 at this time and still no Windows 10 support. :( Click here to visit the author's website.
5/5 9,327 Nov 13, 2019
sUBs
CrowdInspect v1.7.0.0
CrowdInspect v1.7.0.0 A free community tool for Microsoft Windows systems that helps alert you to the presence of potential malware on your network. It is a host-based process inspection tool utilizing multiple sources of information to detect untrusted or malicious process and network-active applications. Beyond simple network connections, CrowdInspect associates the connection entry with the process that is responsible for that activity. CrowdInspect captures process name, the entry’s process ID number, local port, local IP address, remote port, remote IP address and reverse resolved DNS name of the remote IP address. CrowdInspect records details of any entry that is associated with a remote IP address and maintains a chronological list of those accessed. You may click the “Live/History” toolbar button to switch between the regular live process window and the network history list window. Click here to visit the author's website.
5/5 762 Nov 09, 2021
CrowdStrike
HiJackThis Fork v2.10.0.21
HiJackThis Fork v2.10.0.21 The resurrection of one of our favorite virus/malware removal tools of all time! HiJackThis Fork is a modification (fork) of Trend Micro HiJackThis by Alex Dragokas (Stanislav Polshyn) and the SafeZone.cc team, and is distributed under open source code under the original GNU GPLv2 license. HiJackThis Fork is a tool that is able to detect and fix changes in the most vulnerable parts of the operating system made by adware, spyware, malware and other unwanted programs. HiJackThis verification is not based on blacklists, specific programs or URLs, but only on the methods used by adware ("browser hijackers") to redirect you to their websites. Therefore, the program does not need constant updates. As a minus, both legitimate and malicious objects are displayed in its results. Therefore, you can not delete everything in a row. This is quite guaranteed to harm the system. The assessment of the harmfulness of objects in the report should be carried out by an information security specialist or an experienced user. Click here to visit the author's website.
5/5 281 Aug 30, 2022
Alex Dragokas
hollows_hunter v0.3.4
hollows_hunter v0.3.4 Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches). Hollows Hunter allows you to scan your full system, searching for potentially malicious implants, and extract them for further analysis. It is an application based on PE-sieve (DLL version), so there is a big overlap of the features between those two. They have a similar command-line interface, but while PE-sieve is an engine dedicated to scanning a single process, Hollows Hunter offers many additional features and filters on the top of this base. More information about similarities and differences described here. Start by familiarizing yourself with PE-sieve by reading the PE-sieve's Wiki. Changes: v0.3.4 2-10-22 Updated PE-sieve (v0.3.4): Supported changes in the implementation of /mignore Supported new PE-sieve param: /threads: enabling scan of the threads' callstack . This is another layer of shellcode detection, allowing to capture "sleeping beacons", and others, decrypted just before the execution. This download is for the 64bit version. If you need the 32bit version, download here. Click here to visit the author's website.
5/5 2,131 Feb 11, 2022
HASHEREZADE
ImHex v1.19.3
ImHex v1.19.3 A modern hex editor and reverse engineering tool written in pure C++20 using GLFW and Dear ImGui. Features Featureful hex view Byte patching Patch management Copy bytes as feature Bytes Hex string C, C++, C#, Rust, Python, Java & JavaScript array ASCII-Art hex view HTML self-contained div String and hex search Colorful highlighting Goto from start, end and current cursor position Custom C++-like pattern language for parsing highlighting a file's content Automatic loading based on MIME type arrays, pointers, structs, unions, enums, bitfields, namespaces, little and big endian support, conditionals and much more! Useful error messages, syntax highlighting and error marking Doesn't burn out your retinas when used in late-night sessions Dark mode by default, but a light mode is available as well Data importing Base64 files IPS and IPS32 patches Data exporting IPS and IPS32 patches ...
5/5 197 Jul 31, 2022
WerWolv
Metadefender Client v4.1.20.56
Metadefender Client v4.1.20.56 Metadefender Cloud Client is the most thorough free malware analysis tool available. By running data through Metadefender Cloud, Cloud Client performs a deep endpoint forensic analysis for malware using several unique methods. Look for threats and assess the security state of your endpoint if you think it may be compromised. Methods: Memory Module Multi-Scanning: process and dynamic link library (DLL) analysis using over 40 anti-malware engines Local Anti-malware Analysis: a unique and effective analysis of anti-malware log files Rogue IP Detection: ensuring there are no network connections to a rogue IP address using several IP reputation sources Memory Module Multi-Scanning Running over 40 anti-malware engines that use heuristic detection, Metadefender Cloud Client analyzes all running processes and loaded memory modules. It performs a deep scan, analyzing the DLLs accessed by these processes for malware as well. This results in a deeper analysis than that of other free tools like Process Explorer or VirusTotal. And it does all this quickly – in just a few minutes. When you run it, Metadefender Cloud Client begins scanning all processes and DLL files for any threat. Once the analysis is complete, you’ll see a summary at the top of the window of how many potential threats of all kinds were identified. You’re able to click on each individual result and see the specific processes and DLLs that may be infected. Cloud Client is unique in allowing you to review the results on such a granular level. Highlight a process to see the results of the analysis. Click the arrow next to it in order to see the libraries accessed by the application while it runs. Then, click on individual DLL files to see the threats identified, and which specific anti-malware engines identified them. You can also see a list of potentially infected ...
5/5 3,835 Nov 15, 2019
OPSWAT, Inc.
Phrozen ADS (Alternate Data Stream) Revealer v1.0.5642
Phrozen ADS (Alternate Data Stream) Revealer v1.0.5642 Phrozen ADS (Alternate Data Stream) Revealer is a Microsoft Windows program, especially designed to reveal possible malicious ADS files in your file system. Since the Alternate Data Stream functionality is only available for NTFS (New Technology File System), the program is able to scan and detect this kind of files only for this type of file system (Physical Hard Drive/Virtual Hard Drive/Physical Removable Device/Virtual Removable Device). If some ADS Files are detected during the scan you then can decide wether or not you want to keep them or to back them up. You can also have a content preview to detect in one glance if it looks legitemate or not. Phrozen ADS Revealer is the perfect tool to sanitize your NTFS file systems against bloated content or hidden malwares. Another great tool to put in your collection and 100% free. What are Alternate Data Stream Alternate data streams allow more than one data stream to be associated with a filename, using the format "filename:streamname" (e.g., "text.txt:extrastream"). NTFS Streams were introduced in Windows NT 3.1, to enable Services for Macintosh (SFM) to store resource forks. Although current versions of Windows Server no longer include SFM, third-party Apple Filing Protocol (AFP) products (such as GroupLogic's ExtremeZ-IP) still use this feature of the file system. Very small ADS (called Zone.Identifier) are added by Internet Explorer and recently by other browsers to mark files downloaded from external sites as possibly unsafe to run; the local shell would then require user confirmation before opening them.[21] When the user indicates that they no longer want this confirmation dialog, this ADS is deleted. Alternate streams are not listed in Windows Explorer, and their size is not included in the file's size. They are ignored when the file is copied or moved ...
5/5 4,391 Nov 15, 2019
PHROZEN SAS
RunPE Detector v2.0
RunPE Detector v2.0 Phrozen RunPE Detector is a security program, especially designed to detect and defeat some suspicious processes using a generic method. We at Phrozen Software do things differently, more creatively. So, when we set ourselves the task of creating a novel way of detecting, disabling and removing RATs, we didn't want to take the route every other anti-virus company has done before us. Phrozen Software studied the behaviour of RATs and discovered that hackers virtually always use a technique called RunPE. This technique spawns a legitimate process – often the default browser or a Microsoft system process – and replace it with a malicious program code directly in memory. Your computer is thus tricked and treats the malicious code as a legitimate process. The user and his anti-virus program have no idea that his default browser is effectively turned into a virus. RunPE is a technique that is used in several malicious ways. The two most common are : [1] FWB (Firewall Bypass): As its name suggests, this technique is implemented to bypass or disable the Application Firewall or the Firewall rules. Since most malware needs to connect to a remote Command-and-Control (C&C) Server, it needs to connect to the Internet via the Firewall. Since most users are connected to the Internet at home, normally the installed Firewall would prevent the malware from connecting to the Internet. Using the RunPE technique to hijack a legitimate process that is authorized to reach Internet, any malware could subsequently connect to the C&C without being detected by the Firewall. [2] Malware Packer or Crypter: Generally script kiddies – immature hackers - use a well-known type of malware that is already detected by most anti-virus programs. They then try the obfuscate this malware to evade ...
5/5 4,536 Nov 15, 2019
PHROZEN SAS
SecureMyBit Deny v1.4
SecureMyBit Deny v1.4 SecureMyBit Deny is a simple, light and freeware security tool that permits you to deny execution of scripts that rely on Windows Script Host, perform impairment indicators analysis to detect possible malicious behaviours in analyzed executables, type your text safely against keyloggers, mouseloggers, screenloggers, etc. Then you can monitor your file system for changes and new files, detect processes that are connected to ports commonly used by malware and optimize security settings. (Please note that some antivirus or antimalware programs can detect SecureMyBit Deny as malware, we want to specify that this is a false positive, you can add SecureMyBit Deny to the exclusion list of your antivirus/antimalware). What’s new? Fixed heuristic engine false positive of EXE Analyzer (SecureMyBit Deny.exe) Changed ON/OFF text of File System Monitor button (Thanks @ticklemefeet for the suggestion) Fixed bug in Security Ports Scan Fixed critical bug of Text Editor Anti-Logger Fixed bug in File System Monitor Heuristic engine updated to improve ransomware detection, hash computing, decryption code and registry usage of analyzed EXE Added “Clear log” button to File System Monitor Key Features: Deny scripts execution Make USB read-only Text Editor Anti-Logger Perform EXE analysis Security Ports Scan Monitor File System easily Optimize security settings Terms & Conditions: WE AREN’T ABSOLUTELY RESPONSIBLE FOR ANY KIND OF PROBLEMS, DAMAGES, LOSS OF DATA, LOSS OF FILES OR ANY OTHER KINDS OF PROBLEMS. THE SOFTWARE IS PUBLISHED “AS IS”. THERE MAY BE FALSE POSITIVES IN EXE ANALYZER REPORT(S) BECAUSE OF THE HEURISTIC ANALYSIS. Thank you. SecureMyBit Development Team Compatibility Windows Vista Windows 7 Windows 8/8.1 Windows 10 Special Requirement: Microsoft .NET Framework 4.5 Languages: English SecureMyBit Deny Test:
5/5 3,331 Nov 13, 2019
JM Security
SigcheckGUI v1.1.3
SigcheckGUI v1.1.3 GUI front-end for sigcheck.exe from Sysinternals. Scans for fake Root Certificates in Windows that malware uses to infect a computer. Supports: Win7 x32,Win7 x64,Win98,WinVista,WinVista x64,WinXP v1.1.3 - 2016-11-04 + SigcheckGUI now handles passed files and folders. (Thanks, zxhtrzdg) + Added "Clear unknown" to the Clear menu. * Changed/added some icons. * Verified SigcheckGUI works with sigcheck.exe v2.54. Click here to visit the author's website.
5/5 3,643 Nov 15, 2019
Jody Holmes
Simple Software-restriction Policy v2.20
Simple Software-restriction Policy v2.20 A software policy makes a powerful addition to Microsoft Windows' malware protection. In particular, it is more effective against ransomware than traditional approaches to security. If you know about the Linux 'execute permission' bit then you'll understand what this is for. The mode of operation is somewhat different in that execute permission is granted to folders and subfolders rather than individual files, but the intention is the same, to stop undesirable or unknown software from launching unless you OK it. Additionally, it is possible to specify that certain executables (typically browsers and email clients) are run with reduced rights. This is a valuable damage-limitation measure against browser plugin vulns, etc. The protection can be turned off without a reboot whilst installing legitimate software, and will automatically reactivate after a specified time Click here to visit the author's website.
5/5 3,899 Nov 15, 2019
IWR Consultancy
Tron Script v12.0.1
Tron Script v12.0.1 A free collection of programs, tools, utilities, and Windows functions that are scripted together. It is designed to remove malware and bloatware, repair damaged operating systems, update old versions of very common applications, free up drive space by clearing out caches, and more. By consolidating and automating these tasks into a single execution it saves a lot of time and makes the whole process a more efficient. Tron's intended goal is to take a badly-running Windows PC (bloated, infected with malware, neglected, etc) and automate about 85% of the work involved in getting it to run well again. There is nothing Tron does which you couldn't do on your own without it. Tron's real power is in its automation and the breadth of tools that it uses to achieve its intended goal. While Tron can do a lot of good things for an affected PC, it is important to know that Tron is not a miracle cure-all. Tron is not a data recovery tool. It cannot recover files that were deleted or otherwise lost due to system failure or hardware failure. Tron is not a decryption tool. It cannot recover encrypted data such as files from an encrypted hard drive where you forgot the key, or if your computer was affected with ransomware. (Tron CAN remove the ransomware from your computer, but once your files have been encrypted the damage will have already been done.) Tron cannot solve bottlenecks that are inherent to your computer's hardware configuration. If your hardware is old, slow, or damaged, Tron cannot fix that. Tron is not a routine or preventative maintenance tool. As stated, the purpose of Tron is to automate a number of processes in order to get a badly ...
5/5 6,896 Dec 03, 2021
vocatus
   
 
Showing rows 1 to 16 of 16 Showing Page 1 of 1  1 


OlderGeeks.com Copyright (c) 2022


Tweets by @GeekOnTheLoose