Hook Analyser 1.4

Forum for announcements and questions about tools and software.

Hook Analyser 1.4

Postby beenu » Sun Apr 15, 2012 12:03 pm

Thought of sharing this tool with the group.

It was developed for some exploit dev and generic malware analysis stuff. Works on Ring3, so this has some inherent limitations.

Video - http://www.youtube.com/watch?v=sdnRP90w ... r_embedded

Site : http://hookanalyser.com

Download --> http://beenuarora.com/HookAnalyser1.4.zip
beenu
 
Posts: 11
Joined: Fri Feb 25, 2011 11:39 pm
Reputation point: 1

Re: Hook Analyser 1.4

Postby beenu » Sat Jul 28, 2012 12:43 am

Here is the new version of Hook Analyser 2.0. There are many changes in the design and functionality. Let me know if anyone has any feedback or improvement suggestion.

Link - http://hookanalyser.blogspot.com.au/2012/06/hook-analyser-20-release.html
beenu
 
Posts: 11
Joined: Fri Feb 25, 2011 11:39 pm
Reputation point: 1

Hook Analyser 2.2

Postby beenu » Fri Dec 28, 2012 5:13 am

Mates - Just wanted to update about the new release (v 2.2).

Please feel free to write me back directly if you've any thoughts about the project.

Link - http://hookanalyser.blogspot.com.au/2012/12/hook-analyser-22-release.html
beenu
 
Posts: 11
Joined: Fri Feb 25, 2011 11:39 pm
Reputation point: 1

Hook Analyser 2.4 - Preview

Postby beenu » Thu Feb 28, 2013 12:17 pm

Team,

Thought of sharing some recent updates on the project.

Hook Analyser 2.4 - http://hookanalyser.blogspot.com.au/
beenu
 
Posts: 11
Joined: Fri Feb 25, 2011 11:39 pm
Reputation point: 1

Hook Analyser 2.4 Released

Postby beenu » Sat Mar 02, 2013 9:54 am

Mates - thought of letting you now that the new version is out for download. Please feel free to give any feedback directly to me - http://hookanalyser.blogspot.com.au/201 ... eased.html
beenu
 
Posts: 11
Joined: Fri Feb 25, 2011 11:39 pm
Reputation point: 1

Hook Analyser 2.5 released

Postby beenu » Mon May 13, 2013 11:39 pm

Pals - Made few updates on the project, and is available for download.

Please feel free to give me a buzz on beenudel1986@gmail.com if you've specific query or feedback.

Link - http://hookanalyser.blogspot.com.au/201 ... eased.html
beenu
 
Posts: 11
Joined: Fri Feb 25, 2011 11:39 pm
Reputation point: 1

Hook Analyser 2.6 released

Postby beenu » Sat Sep 21, 2013 6:21 am

I'm glad to announce release of the Hook Analyser v2.6.

Following is the change log -

Added new signatures (and removed redundant ones)
Bug fixes - Many thanks for community users to reporting them.
Fixed start-up error.

Link -http://hookanalyser.blogspot.com.au/2013/09/hook-analyser-26-released.html
beenu
 
Posts: 11
Joined: Fri Feb 25, 2011 11:39 pm
Reputation point: 1

Hook Analyser 3.0 (with Cyber Threat Intelligence)

Postby beenu » Tue Jan 07, 2014 7:54 pm

Hi Friends,

Here is the updated version of the project.

Project home - http://hookanalyser.blogspot.in/2013/12/hook-analyser-30-with-cyber-threat.html


Change Summary -

In terms of improvements, a new module has been added - Cyber Threat Intelligence. Threat Intel module is being created to gather and analyse information related to Cyber Threats and vulnerabilities. The module can be run using HookAnalyser.exe (via Option 6 ), or can be run directly.

The module present information on a web browser (with dashboard alike representation) with the following sections -


Threat Vectors - by (%) Country
Threat Vectors - by Geography
Malware Intelligence (Beta) 2013
Vulnerability / Threat Feed.
beenu
 
Posts: 11
Joined: Fri Feb 25, 2011 11:39 pm
Reputation point: 1

Hook Analyser 3.3 released

Postby beenu » Wed Mar 23, 2016 4:05 am

For those who're following this project, the new version has been released.

Key features added -

- ThreatIntel module can now parse pdf files as well (along with text and pcap files) for extracting IOCs, and can then perform keyboard-based intelligence on it
- Several bug-fixes and improved stability

link: http://www.hookanalyser.com/2016/03/hoo ... -news.html

For those who are interested to understand the project roadmap, and interested to understand how would threat intel, malware analysis module and a "new" probe module will work together and the relevant use cases it'd addresses - http://www.hookanalyser.com/2016/03/upd ... oject.html
beenu
 
Posts: 11
Joined: Fri Feb 25, 2011 11:39 pm
Reputation point: 1

Re: Hook Analyser 1.4

Postby Microwave89 » Wed Mar 23, 2016 10:11 am

Hey, seems that your Hook Analyzer 3.3 process is not x86-64 aware when opening the respective image files for a process.

I externally opened notepad.exe, then choose to open and hook into a process (I pressed "2" on the welcome screen of Hook Analyzer) and entered the notepad.exe PID as told.
Next I got some extensive analysis results. However, the shown base address of the notepad.exe file did not seem to be the standard one for PE32+ (0x140000000).

Then I did a test and renamed the notepad.exe file in the \SystemRoot\SysWoW64\ directory.
I fired up Hook Analyzer 3.3 again and retried to open and hook into the newly started 64-bits notepad.exe.
This is what I got while the 64-bits notepad.exe was running perfectly fine:

Code: Select all
[*] Welcome to interactive mode
[!] Displaying Modules for the process - 15292
[*] Process path is :c:\windows\system32\notepad.exe[+] Parsing the log files for high level summary
[!] Program exited
[+] Parsing the log files for high level summary
[+] Extracting any potential IP address


In the log wasn't written more information.
You are likely redirected to SysWow64 directory.

Test system was a Windows 10 10586.103, x64 machine. The same test was conducted with another file in x64 mode.
I tested another file copied to the native System32\ as well, and the result was the same.
The analysis was completing successfully if the process image file was not located in the native \SystemRoot\System32\ directory.

The option to spawn and hook into a process (pressing "1") does only open the correct file if I enter "C:\Windows\sysnative\notepad.exe".

Kind regards,
Microwave89
Microwave89
 
Posts: 52
Joined: Sat Dec 01, 2012 11:28 am
Reputation point: 12


Return to Tools/Software

Who is online

Users browsing this forum: No registered users and 4 guests