Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
List of filenames and Window ClassNames related to reverse engineering (which malware may look for)
Filename : ClassName - Program
Debuggers/Disassemblers:
---
OLLYDBG.exe : OllyDbg - OllyDbg
x32dbg.exe : (Qt5QWindowIcon) - x32Dbg
x64dbg.exe : (Qt5QWindowIcon) - x64Dbg
x96dbg.exe : (#32770) - x32/x64Dbg Launcher
idag.exe : TIdaWindow - IDA native Windows (deprecated)
idaw.exe : (ConsoleWindowClass) - IDA console
idaq.exe : (Qt5QWindowIcon) - IDA Qt
windbg.exe : WinDbgFrameClass - WinDbg
ImmunityDebugger.exe : ID - OllyDbg Fork (Immunity Debugger)
dnSpy.exe - dnSpy .Net Debugger
Hex-Editors:
---
HxD.exe : (TFormMain.UnicodeClass) - HxD
Memory-Dumping:
---
OllyDumpEx_SA32.exe : (#32770) - OllyDumpEx x32 Edition
OllyDumpEx_SA64.exe : (#32770) - OllyDumpEx x64 Edition
Scylla_x64.exe : (#32770) - Scylla x32 Edition
Scylla_x86.exe : (#32770) - Scylla x64 Edition
Monitoring:
---
procmon.exe : PROCMON_WINDOW_CLASS - Process Monitor
filemon.exe : FilemonClass - File Monitor (deprecated, now Process Monitor)
regmon.exe : RegmonClass - Registry Monitor (deprecated, now Process Monitor)
procexp.exe : PROCEXPL - Process Explorer
procexp64.exe : PROCEXPL - Process Explorer (x64)
Tcpview.exe : TCPViewClass - TCP View
wireshark.exe : (gdkWindowToplevel) - Wireshark (up tp v2)
: (Qt5QWindowIcon) - Wireshark (v2+)
smsniff.exe : SmartSniff - SmartSniffer
FakeNet.exe : (ConsoleWindowClass) - FakeNet
apimonitor-x64.exe : (999...0DF-x64) - API Monitor (x64)
apimonitor-x68.exe : (999...0D2-x86) - API Monitor (x86)
autoruns.exe : Autoruns - Autoruns - Autoruns
netmon.exe : CNetmonMainFrame - Microsoft Network Monitor
Regshot-x64-ANSI.exe : (#32770) - Regshot, ANSI, x64
Regshot-x64-Unicode.exe : (#32770) - Regshot, Unicode, x64
Regshot-x86-ANSI.exe : (#32770) - Regshot, ANSI, x86
Regshot-x64-Unicode.exe : (#32770) - Regshot, Unicode, x64
Analyzers:
---
PEiD.exe : (#32770) - PEiD
LordPE.exe : (#32770) - Lord PE
PE-bear.exe : (QWidget) - PE Bear
PPEE.exe : (WIN) - Professional PE Explorer
die.exe : (Qwidget) - Detect It Easy
diel.exe : (QWidget) - Detect It Easy Light Edition
pexplorer.exe : (TMainForm) - PE Explorer
depends.exe : (Afx:000...) - Dependency Walker
ResourceHacker.exe : (TMainForm) - Resource Hacker
FileAlyzer2.exe : TFormFileAlyzer2 - File Alyzer 2
Misc:
---
processhacker.exe : ProcessHacker - Process Hacker
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.