NoVirusThanks PE – Saving Executable As And When They Are Launched
Many malware analysts simply starts by logging the executable which are just launched on to a system. It is simple and starts with opening the document, launching the application, firing and using the scripting tools which then downloads and runs the major threat.
Here you can use the something similar like the Processor Monitor for recording what occurs. However, analyzing the logs is time consuming and even there are chances of the malware getting delete keys just before one can inspect them.
The NoVirusThanks PE Capture can simply the major process either by capturing and saving the PE executable images like drivers, EXEs, DLLS, and more especially when they are getting loaded, thereby making them quite supremely easy for analyzing.
Basically, the program is quite portable and one does not require to do a full installation. First you need to unzip it , then you have to launch the 64 or 32-bit EXE and this depends on the system that you are using. Temporary this tool would install the kernel driver and then it carries out the various captures.
All you have to watch is the display and as the process is running in the background, various relevant EXE or DLL gets logged. This happens within the execution time.
So, it is important that you test the system further. This is possible through launching some of the applications of yours and that too on your own. You can choose the Google Chrome and this is a perfect choice as various DLLs and EXE get fired up.
Execution logging and image capture is toggled off and on, any time. This is done by choosing the items present in the Option menu. Now as and when you are done, the given text log will gets displayed along with the time and date of each file that gets loaded. This is along with the MD5 hash.