Last active
March 29, 2021 15:55
-
-
Save atar-axis/b3e16ccf75852f7cb59a7e169be230b1 to your computer and use it in GitHub Desktop.
List of filenames and Window ClassNames related to reverse engineering (which malware may look for)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Filename : ClassName - Program | |
| Debuggers/Disassemblers: | |
| --- | |
| OLLYDBG.exe : OllyDbg - OllyDbg | |
| x32dbg.exe : (Qt5QWindowIcon) - x32Dbg | |
| x64dbg.exe : (Qt5QWindowIcon) - x64Dbg | |
| x96dbg.exe : (#32770) - x32/x64Dbg Launcher | |
| idag.exe : TIdaWindow - IDA native Windows (deprecated) | |
| idaw.exe : (ConsoleWindowClass) - IDA console | |
| idaq.exe : (Qt5QWindowIcon) - IDA Qt | |
| windbg.exe : WinDbgFrameClass - WinDbg | |
| ImmunityDebugger.exe : ID - OllyDbg Fork (Immunity Debugger) | |
| dnSpy.exe - dnSpy .Net Debugger | |
| Hex-Editors: | |
| --- | |
| HxD.exe : (TFormMain.UnicodeClass) - HxD | |
| Memory-Dumping: | |
| --- | |
| OllyDumpEx_SA32.exe : (#32770) - OllyDumpEx x32 Edition | |
| OllyDumpEx_SA64.exe : (#32770) - OllyDumpEx x64 Edition | |
| Scylla_x64.exe : (#32770) - Scylla x32 Edition | |
| Scylla_x86.exe : (#32770) - Scylla x64 Edition | |
| Monitoring: | |
| --- | |
| procmon.exe : PROCMON_WINDOW_CLASS - Process Monitor | |
| filemon.exe : FilemonClass - File Monitor (deprecated, now Process Monitor) | |
| regmon.exe : RegmonClass - Registry Monitor (deprecated, now Process Monitor) | |
| procexp.exe : PROCEXPL - Process Explorer | |
| procexp64.exe : PROCEXPL - Process Explorer (x64) | |
| Tcpview.exe : TCPViewClass - TCP View | |
| wireshark.exe : (gdkWindowToplevel) - Wireshark (up tp v2) | |
| : (Qt5QWindowIcon) - Wireshark (v2+) | |
| smsniff.exe : SmartSniff - SmartSniffer | |
| FakeNet.exe : (ConsoleWindowClass) - FakeNet | |
| apimonitor-x64.exe : (999...0DF-x64) - API Monitor (x64) | |
| apimonitor-x68.exe : (999...0D2-x86) - API Monitor (x86) | |
| autoruns.exe : Autoruns - Autoruns - Autoruns | |
| netmon.exe : CNetmonMainFrame - Microsoft Network Monitor | |
| Regshot-x64-ANSI.exe : (#32770) - Regshot, ANSI, x64 | |
| Regshot-x64-Unicode.exe : (#32770) - Regshot, Unicode, x64 | |
| Regshot-x86-ANSI.exe : (#32770) - Regshot, ANSI, x86 | |
| Regshot-x64-Unicode.exe : (#32770) - Regshot, Unicode, x64 | |
| Analyzers: | |
| --- | |
| PEiD.exe : (#32770) - PEiD | |
| LordPE.exe : (#32770) - Lord PE | |
| PE-bear.exe : (QWidget) - PE Bear | |
| PPEE.exe : (WIN) - Professional PE Explorer | |
| die.exe : (Qwidget) - Detect It Easy | |
| diel.exe : (QWidget) - Detect It Easy Light Edition | |
| pexplorer.exe : (TMainForm) - PE Explorer | |
| depends.exe : (Afx:000...) - Dependency Walker | |
| ResourceHacker.exe : (TMainForm) - Resource Hacker | |
| FileAlyzer2.exe : TFormFileAlyzer2 - File Alyzer 2 | |
| Misc: | |
| --- | |
| processhacker.exe : ProcessHacker - Process Hacker | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment