1 Introduction
Make a record, the official download address:
https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite
It includes commonly used tools for windows malware analysis
- Autoruns.exe: View the auto-start configuration of each software
- procdump.exe: dynamic unpacking (dump exe directly from memory)
- procexp.exe: view (and end) the details of the process, and also directly view the strings of the process in memory
- tcpview.exe: view information about TCP communication
A brief introduction to more tools is given in Reference 1.
2. Reference
-
- https://blog.51cto.com/zhaoqingqing/3146707