Processed through Paypal
No account required.


Donate Bitcoin to this wallet:
1KkUMXvQ2ko3xcJkzitB7WYgoW6m79WFfm
Donate Ethereum to this wallet:
0x40E56922F43637224935CDC35e2c96E0392A8505
Donate Litecoin to this wallet:
LLYAFEyqjH69gkyCEpRjXNyedRCWrVChfL

  Our merchandise, sold here, helps keep the site alive.  


Facebook Follow @GeekOnTheLoose




 Home » OlderGeeks.com Freeware Downloads » Anti-Virus, Anti-Malware, Security Utilities » Malware Diagnostic Tools   
Files
  File Name Rating Downloads
Last Update/Developer
AllThreadsView v1.00 32bit
AllThreadsView v1.00 32bit AllThreadsView is a simple tool for Windows that displays a list of all running threads from all processes on your system in one table. For every thread, the following information is displayed: Thread ID, Creation Time, Kernel Time, User Time, Duration, Start Address, Priority, Base Priority, Context Switch Count, Context Switch Change (Since the last refresh), Wait Reason, Process ID, Process Path. System Requirements This tool works on any version of Windows, starting from Windows XP and up to Windows 10. Both 32-bit and 64-bit versions of Windows are supported. On Windows Vista and later, if you want to view the full path of system processes , you have to run AllThreadsView as Administrator. Start Using AllThreadsView This utility doesn't require any installation process or additional DLL files. In order to start using it, simply run the executable file - AllThreadsView.exe After running AllThreadsView, the main window displays the list of all threads running on your system and the list is automatically refreshed. If you want to view only the active threads (Threads with change in the Context Switch Count), simply turn on the 'Show Only Active Threads' option. Command-Line Options /stext <Filename> Save the threads list into a simple text file. /stab <Filename> Save the threads list into a tab-delimited text file. /scomma <Filename> Save the threads list into a comma-delimited text file (csv). /shtml <Filename> Save the threads list into HTML file (Horizontal). /sverhtml <Filename> Save the threads list into HTML file (Vertical). /sxml <Filename> Save the threads list into XML file. /sjson <Filename> Save the threads list into JSON file. Translating AllThreadsView to other languages In order to translate AllThreadsView to other language, follow the instructions below: Run AllThreadsView with /savelangfile parameter: AllThreadsView.exe /savelangfile A file named AllThreadsView_lng.ini will be created in the folder of AllThreadsView utility. ...
5/5 386 Jan 06, 2020
Nir Sofer
AllThreadsView v1.00 64bit
AllThreadsView v1.00 64bit AllThreadsView is a simple tool for Windows that displays a list of all running threads from all processes on your system in one table. For every thread, the following information is displayed: Thread ID, Creation Time, Kernel Time, User Time, Duration, Start Address, Priority, Base Priority, Context Switch Count, Context Switch Change (Since the last refresh), Wait Reason, Process ID, Process Path. System Requirements This tool works on any version of Windows, starting from Windows XP and up to Windows 10. Both 32-bit and 64-bit versions of Windows are supported. On Windows Vista and later, if you want to view the full path of system processes , you have to run AllThreadsView as Administrator. Start Using AllThreadsView This utility doesn't require any installation process or additional DLL files. In order to start using it, simply run the executable file - AllThreadsView.exe After running AllThreadsView, the main window displays the list of all threads running on your system and the list is automatically refreshed. If you want to view only the active threads (Threads with change in the Context Switch Count), simply turn on the 'Show Only Active Threads' option. Command-Line Options /stext <Filename> Save the threads list into a simple text file. /stab <Filename> Save the threads list into a tab-delimited text file. /scomma <Filename> Save the threads list into a comma-delimited text file (csv). /shtml <Filename> Save the threads list into HTML file (Horizontal). /sverhtml <Filename> Save the threads list into HTML file (Vertical). /sxml <Filename> Save the threads list into XML file. /sjson <Filename> Save the threads list into JSON file. Translating AllThreadsView to other languages In order to translate AllThreadsView to other language, follow the instructions below: Run AllThreadsView with /savelangfile parameter: AllThreadsView.exe /savelangfile A file named AllThreadsView_lng.ini will be created in the folder of AllThreadsView utility. ...
5/5 395 Jan 06, 2020
Nir Sofer
DDS
DDS DDS is a program that will scan your computer and create logs that can be used to display various startup, configuration, and file information from your computer. This program is used in security forums to provide a detailed overview of what programs are automatically starting when you start Windows. The program will also display information about the computer that will allow experts to quickly ascertain whether or not malware may be running on your computer. To use DDS, simply download the executable and save it to your desktop or other location on your computer. You should then double-click on the DDS.com icon to launch the program. DDS will then start to scan your computer and compile the information found into two log files. When DDS has finished it will launch the two Notepad windows that display the contents of these log files. The contents of these log files can then be attached to a reply in virus removal forums so that an expert can analyze them.
5/5 2,805 Nov 13, 2019
sUBs
Farbar Recovery Scan Tool 32bit v21.03.2020
Farbar Recovery Scan Tool 32bit v21.03.2020 Farbar Recovery Scan Tool, or FRST, is a portable application designed to run on Windows XP, Windows Vista, Windows 7 and Windows 8 in normal or safe mode to diagnose malware issues. It is also possible to run FRST in the Windows Recovery Environment in order to diagnose and fix boot issues. If you are using Windows XP and have boot issue, the system should boot to the Recovery Environment using a PE Boot CD and then you can run FRST This program will display detailed information about the Windows Registry loading points, services, driver services, Netsvcs entries, known DLLs, drives, and partition specifications. It will also list some important system files that could be patched by malware. Note: There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type. If you don't know which version matches your system, you may try both of them. Only one of them will run on your system. Click here to visit the author's website.
5/5 3,385 Mar 22, 2020
Farbar
Farbar Recovery Scan Tool 64bit v21.03.2020
Farbar Recovery Scan Tool 64bit v21.03.2020 Farbar Recovery Scan Tool, or FRST, is a portable application designed to run on Windows XP, Windows Vista, Windows 7 and Windows 8 in normal or safe mode to diagnose malware issues. It is also possible to run FRST in the Windows Recovery Environment in order to diagnose and fix boot issues. If you are using Windows XP and have boot issue, the system should boot to the Recovery Environment using a PE Boot CD and then you can run FRST This program will display detailed information about the Windows Registry loading points, services, driver services, Netsvcs entries, known DLLs, drives, and partition specifications. It will also list some important system files that could be patched by malware. Note: There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type. If you don't know which version matches your system, you may try both of them. Only one of them will run on your system. Click here to visit the author's website.
5/5 3,924 Mar 22, 2020
Farbar
Ghidra v9.1.2
Ghidra v9.1.2 A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission SHA-256: ebe3fa4e1afd7d97650990b27777bb78bd0427e8e70c1d0ee042aeb52decac61 ghidra_9.1.2_PUBLIC_20200212.zip Ghidra Software Reverse Engineering Framework Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, Mac OS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of process instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python. In support of NSA's Cybersecurity mission, Ghidra was built to solve scaling and teaming problems on complex SRE efforts, and to provide a customizable and extensible SRE research platform. NSA has applied Ghidra SRE capabilities to a variety of problems that involve analyzing malicious code and generating deep insights for SRE analysts who seek a better understanding of potential vulnerabilities in networks and systems. Ghidra Installation Guide Ghidra v9.1.2 (February 2020) Bugs Data Types. Improved PDB composite reconstruction to attempt pack(1) alignment if default alignment fails. (GT-3401) Data Types. Added missing support for multi-user merge of unions and structures containing bitfields or a trailing flexible array member. (GT-3479) Data Types. Corrected structure editor save button enablement issue when editing bitfields within an unaligned structure. (GT-3519, Issue #1297) Disassembly. Corrected potential infinite loop with disassembler caused by branch to self with invalid delay slot instruction. (GT-3511, Issue #1486) ...
5/5 1,159 May 20, 2020
NSA's Research Directorate
HijackThis 2.0.5
HijackThis 2.0.5 HijackThis is a free utility that generates an in depth report of registry and file settings from your computer. HijackThis makes no separation between safe and unsafe settings in its scan results giving you the ability to selectively remove items from your machine. In addition to this scan and remove capability HijackThis comes with several tools useful in manually removing malware from a computer. IMPORTANT: HijackThis does not determine what is good or bad. Do not make any changes to your computer settings unless you are an expert computer user. Advanced users can use HijackThis to remove unwanted settings or files.
5/5 5,649 Nov 13, 2019
TrendMicro
Mitec Certificate Information v1.0
Mitec Certificate Information v1.0 Tool for extracting and browsing certificates from signed files and certificates files. It has capability to export displayed certificate to PEM format. Here are supported file types: All Portable Executables (e.g. *.exe;*.dll;*.sys;*.ocx;*.acm;*.ax;*.cpl;*.scr;*.drv;*.tsp;*.rll;*.rs;*.tlb) All Structured Storage files (e.g. *.msi) All Certificate files (*.pem;*.crt;*.cer;*.p7b;*.p7c;*.der;*.pfx;*.p12) Target platforms Windows XP Windows 2003 Windows Vista Windows 7 Windows Server 2008 Windows 8 Windows 8.1 Windows Server 2012 Windows Server 2012 R2 Windows 10 Windows Server 2016 Licence Free to use for private, educational and non-commercial purposes. Click here to visit the author's website.
5/5 562 Nov 13, 2019
MiTeC
Mitec EXE Explorer v2.5.5.0
Mitec EXE Explorer v2.5.5.0 Executable File Explorer for OS/2, NE, PE32, PE32+ and VxD file types. This application is based on MiTeC Portable Executable Reader. It reads and displays executable file properties and structure. It is compatible with PE32 (Portable Executable), PE32+ (64bit), NE (Windows 3.x New Executable) and VxD (Windows 9x Virtual Device Driver) file types. .NET executables are supported too. It enumerates introduced classes, used units and forms for files compiled by Borland compilers. It contains powerfull Resource Viewer that is able to abalyze and display al basic resouce types and some extra ones as JPEG, PNG, GIF, AVI, REGISTRY. It contains excellent Type Library viewer that enumerates all objects and creates import interface unit in Object Pascal language. Every type of resource can be saved to file. EXE Explorer produces text report with all important information about selected file. Searching capability is also available. It searches all resources that can be interpreted as text. Here are enumerated structures that are evaluated: DOS, File, Optional, Rich and CLR headers CLR Metadata streams Sections Directories Imports Exports Resources ASCII and Unicode Strings .NET Metadata Load Config Debug Thread Local Storage Exceptions Units Forms Packages Classes Certificates Package Flags Version Info Hexadecimal File Content View TypeLib Viewer Form Preview VirusTotal scan report Compiler and installer/packer/protector identification Target platforms Windows XP Windows 2003 Windows Vista Windows 7 Windows Server 2008 Windows Server 2008 R2 Windows 8.x Windows Server 2012 Windows Server ...
5/5 547 Feb 03, 2020
MiTeC
OTL 3.2.69.0
OTL 3.2.69.0 OTL, or OldTimer ListIt, is a tool that is used to diagnose a computer for a possible malware presence and to provide system diagnostics information that can by someone working on a computer. When run, OTL will scan your computer for a variety of information and then generate a report with a tremendous amount of information about your computer's hardware, programs, files, and running environment.
5/5 3,246 Nov 13, 2019
OldTimer
PE Anatomist v0.1.15
PE Anatomist v0.1.15 PE Anatomist shows almost all known data structures inside a PE file and makes some analytics. Headers and data structures parsing IMAGE_DOS_HEADER, IMAGE_FILE_HEADER, IMAGE_OPTIONAL_HEADER, IMAGE_OPTIONAL_HEADER64 and the DataDirectories List with additional information about some fields Table of COFF symbols Sections table, supporting long section names (via symbols table) and entropy calculating Import table (supports MS-styled names demangling) Bound Import Table Delayed Import Table Export Table with additional info Resource Table with additional info about different resource types and detailed view for all types Base Relocation Table. Target address determining and interpretation available for all supporting architectures. It detects imports, delayed imports, exports, tables from loadconfig directory, ANSI and UNICODE strings. Brief info about PE Authenticode Signature LoadConfig Directory with SEH, GFID, decoded CFG bitmap, GIAT, Guard LongJumps, CHPE Metadata, Dynamic Value Reloc Table, Enclave Configuration, Volatile Metadata tables parsing and additional information about some fields Debug Directory. It parses contents of CODEVIEW, POGO, VC FEATURE, REPRO, FPO, EXDLL CHARACTERISTICS, SPGO debug types TLS config and callbacks table with additional information about some fields Exceptions Data Table. x64 (including version 2 with EPILOG unwind codes), arm, arm64, ia64 architectures are support, as well as chain of unwind data for x64, language-specific handler data (C Scope, C++ FuncInfo, C++ EH4, C++ DWARF LSDA) and hexadecimal view of unwind data Partial .NET directory pasring: IMAGE_COR20_HEADER, CORCOMPILE_HEADER, READYTORUN_HEADER with additional information about some fields Decode Rich signature indicating the tool used, the action being taken, the full version of the tool, and the version ...
5/5 408 May 31, 2020
RamMerLabs
PE-sieve v0.1.6 32bit
PE-sieve v0.1.6 32bit PE-sieve is a light-weitht tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis. Recognizes and dumps variety of implants within the scanned process: replaced/injected PEs, shellcodes, hooks, and other in-memory patches. Detects inline hooks, Process Hollowing, Process Doppelgänging, Reflective DLL Injection, etc. Usage It has a simple, commandline interface. When run without parameters, it displays info about the version and required arguments: When you run it giving a PID of the running process, it scans all the PE modules in its memory (the main executable, but also all the loaded DLLs). At the end, you can see the summary of how many anomalies have been detected of which type. In case if some modified modules has been detected, they are dumped into a folder of a given process, for example: JSON report specifies where the implants were found: Detailed characteristics of the suspicious indicators are given in the JSON report, that is dumped into the same folder. Short history &amp; features from the author Detecting inline hooks and patches I started creating it for the purpose of searching and examining inline hooks. You can see its initial version here: With time its precision and abilities significantly improved, and hooking detection is only one of many features of this tool. In case if the code of the original executable was patched in memory, additionally to the main JSON report, PE-sieve generates a TAG file. Its purpose is to describe at which offset a patch has been found, and of what type (either a patch, or a hook/redirection). We can easily see what function has been hooked and where the redirection leads to. The file that was patched is also dumped on the disk, so that we can examine it more closely under a dissembler. The TAG file can ...
5/5 1,422 Nov 13, 2019
Hasherezade
PE-sieve v0.1.6 64bit
PE-sieve v0.1.6 64bit PE-sieve is a light-weitht tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis. Recognizes and dumps variety of implants within the scanned process: replaced/injected PEs, shellcodes, hooks, and other in-memory patches. Detects inline hooks, Process Hollowing, Process Doppelgänging, Reflective DLL Injection, etc. Usage It has a simple, commandline interface. When run without parameters, it displays info about the version and required arguments: When you run it giving a PID of the running process, it scans all the PE modules in its memory (the main executable, but also all the loaded DLLs). At the end, you can see the summary of how many anomalies have been detected of which type. In case if some modified modules has been detected, they are dumped into a folder of a given process, for example: JSON report specifies where the implants were found: Detailed characteristics of the suspicious indicators are given in the JSON report, that is dumped into the same folder. Short history &amp; features from the author Detecting inline hooks and patches I started creating it for the purpose of searching and examining inline hooks. You can see its initial version here: With time its precision and abilities significantly improved, and hooking detection is only one of many features of this tool. In case if the code of the original executable was patched in memory, additionally to the main JSON report, PE-sieve generates a TAG file. Its purpose is to describe at which offset a patch has been found, and of what type (either a patch, or a hook/redirection). We can easily see what function has been hooked and where the redirection leads to. The file that was patched is also dumped on the disk, so that we can examine it more closely under a dissembler. The TAG file can ...
5/5 1,451 Nov 13, 2019
Hasherezade
PeStudio Basic v9.05
PeStudio Basic v9.05 pestudio is used by many Cyber Emergency Response Teams (CERT) worldwide in order to perform malware initial assessments. Malicious software often attempts to hide its intents in order to evade early detection and static analysis. In doing so, it often leaves suspicious patterns, unexpected metadata, anomalies and other indicators. The goal of pestudio is to spot these artifacts in order to ease and accelerate Malware Initial Assessment. The tool uses a powerful parser and a flexible set of configuration files that are used to detect various types of indicators and determine thresholds. Since the file being analyzed is never started, you can inspect unknown or malicious executable file, trojan and ransomware without any risk of infection. features pestudio implements a rich set of features that is especially designed to retrieve every single detail of any executable file. Results are checked against the Microsoft specification. Additionally, the content of the file being analyzed is checked against several white and black lists and thresholds. pestudio can query Antivirus engines hosted by Virustotal. Only the MD5 of the file being analyzed is sent. This feature can be switched ON or OFF using an XML file included with pestudio. Even a suspicious binary file must interact with the operating system in order to perform its activity. pestudio retrieves the libraries and the functions referenced. Several XML files are used to blacklist functions (e.g. Registry, Process, Thread, File, etc). Blacklist files can be customized and extended according to your own needs. pestudio brings out the intent and purpose of the application analyzed. Resources sections are commonly used by malware to host payload. pestudio detects many embedded file types (e.g. EXE, DLL, SYS, PDF, CAB, ZIP, JAR, etc ). Detected items can be saved to a file, allowing therefore the possibility of further analysis. The goal of ...
5/5 5,838 Apr 20, 2020
Marc Ochsenmeier
PPEE (puppy) v1.12
PPEE (puppy) v1.12 PPEE (puppy) is a Professional PE file Explorer for reversers, malware researchers and those who want to statically inspect PE files in more details Puppy is free and tries to be small, fast, nimble and friendly as your puppy! Visual C++ 2010 Redistributable Package required Features Puppy is robust against malformed and crafted PE files which makes it handy for reversers, malware researchers and those who want to inspect PE files in more details. All directories in a PE file including Export, Import, Resource, Exception, Certificate(Relies on Windows API), Base Relocation, Debug, TLS, Load Config, Bound Import, IAT, Delay Import and CLR are supported. Both PE32 and PE64 support Examine YARA rules against opened file Virustotal and OPSWAT's Metadefender query report Statically analyze windows native and .Net executables Robust Parsing of exe, dll, sys, scr, drv, cpl, ocx and more Edit almost every data structure Easily dump sections, resources and .Net assembly directories Entropy and MD5 calculation of the sections and resource items View strings including URL, Registry, Suspicious, ... embedded in files Detect common resource types Extract artifacts remained in PE file Anomaly detection Right-click for Copy, Search in web, Whois and dump Built in hex editor Explorer context menu integration Descriptive information for data members Refresh, Save and Save as menu commands Drag and drop support List view columns can sort data in an appropriate way Open file from command line Checksum validation Plugin enabled About ...
5/5 1,920 Nov 29, 2019
Zaderostam
VirusTotal Scanner v7.5
VirusTotal Scanner v7.5 VirusTotal Scanner is the desktop tool to quickly perform Anti-virus scan using VirusTotal.com VirusTotal.com is a free online scan service that analyzes suspicious files using 40+ Anti-virus applications. It facilitates the quick detection of viruses, worms, trojans, all kinds of malware and provides reliable results preventing any False Positive cases. 'VirusTotal Scanner' is the desktop tool which helps you to quickly scan your file using VirusTotal without actually uploading the file. It performs direct Hash based scan on VirusTotal thus reducing the time taken to upload the file. It comes with attractive &amp; user friendly interface making the VirusTotal scanning process simpler and quicker. You can simply right click on your file and start the scan. VirusTotal Scanner is fully portable tool but also comes with Installer for local installation &amp; un-installation. It works on wide range of platforms starting from Windows XP to new Windows 10 version. Features Easily &amp; Quickly perform VirusTotal scan of your file. Performs Hash based scan without uploading the file. Right click context menu to launch it directly by simply right clicking on the file. 'Drag &amp; Drop' feature to quickly choose the file Displays detailed VirusTotal Scan report Very easy to use with attractive interface Completely Portable Tool and can be run directly Includes optional Installer for local Installation &amp; Uninstallation. Installation &amp; Uninstallation Though VirusTotalScanner is a Portable tool, it comes with Installer so that you can install it locally on your system for regular usage. It has intuitive setup wizard which guides you through series of steps in completion of installation. At any point of time, you can uninstall the product using the Uninstaller located at following location (by default) [Windows 32 bit] C:\Program ...
5/5 1,857 Nov 13, 2019
SecurityXploded
WinPatrol v35.5.2017.8
WinPatrol v35.5.2017.8 WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. WinPatrol was the pioneer in using a heuristic behavioral approach to detecting attacks and violations of your computing environment. Now, using our "Cloud" technology you can benefit from the experience of other WinPatrol users. WinPatrol continues to be the most powerful system monitor for its small memory footprint. WinPatrol's easy tabbed interface allows you to explore deep inside your computer without having to be a computer expert. A one-time investment in WinPatrol PLUS provides a unique experience you won't find in any other software. WinPatrol PLUS is a great investment! One Time fee includes for ALL future WinPatrol versions. No Hidden or Reoccurring Subscription Fees. Single License valid on all your personal desktops and laptops! No Toolbars or other unwanted software WinPatrol PLUS is quicker and faster. Upgrade Now with No Additional Download What's new in V35.5.2017.8 (May 7, 2017) Fixed addition of Startup programs to be compatible with recent changes to Windows 10. Fixed removal of Startup programs to be compatible with recent changes to Windows 10. Disabled and removed checkbox for “Allow PLUS info data collection” because recent changes in allowed URL length resulting in no data being returned for customers.
5/5 5,652 Nov 13, 2019
BillP Studios
   
 
Showing rows 1 to 17 of 17 Showing Page 1 of 1  1 


Copyright (c) 2020


Tweets by @GeekOnTheLoose