A tiny tool i've made for save my time about reversing directly running process.
That make me bored to unpack vb packer or find a way for remove the topmost
I've coded that long time ago for reverse the "Lock Em All" ransomware finaly.. public...
Overlay/ontop manager and a feature for move all windows (except gdi)
Ctrl+F in the ransomware for lock it then you move it and Ctrl+F again for unlock...
For exemple: xxx_video_5842whatever.avi.exe moved:
Video here: http://www.youtube.com/watch?v=DNM7Ru8HjNw
My second tool is just a simple bot...
Every X time it will download your file in a folder called "Malware"
He write a file "Information.txt" where you can find what's he have done (Date, Time, Name of the File, MD5 of the file)
With that you can see if the malware have changed on the server or not
Exemple of a 48 Hours HomoBlocker tracking:
I've made it in simple version, and in multi version:
With an option for load/save (malcode.txt) a list of malwares.
The information file include on this version the url of downloaded sample
So if you want try:
Malware Auto-Downloader v1.0 & 1.1b