Track modifications made by a program on your system
- Our rating
- Custom plans
- Malicious Indicators
- Dump created
- Automatic Updates
|File Size||24.32 MB|
|Operating System||Windows XP, Vista, 7, 8, 8.1, 10. 32/64 bits|
|Tags||analysis difference filesystem malware process registry research sandbox|
Adlice DiffView is a software used by researchers at Antivirus companies or CERT worldwide in order to perform dynamic malware analysis.
It's often complicated to know what a software is really doing on a machine. Some people rely on various software, like Process Monitor, Cuckoo, or even firewalls, to get a rough idea of its behavior. But such tools generate very big reports that are hard to analyze or are complicated to setup.
Adlice DiffView logs only relevant activity to help researchers making up their mind on a suspicious file. The software uses kernel level driver to monitor the system and heuristics engine to build indicators and malicious score.
DiffView is fully portable and doesn't require any server side installation, nor specific architecture or software requirements. Just run it on your favorite VM and that's it.
- Unlike "classic" sandboxes, DiffView does NOT block malicious actions. Do NOT analyze malware on production environments.
- DiffView is still in BETA version, and may contain bugs. Please use with caution and report them.
- Start analysis on a file
- Start analysis on a running process (pid)
- Start analysis on a command line
- Capture processes activity (creation/destruction)
- Capture filesystem modifications (files creation/write/...)
- Capture registry modifications (key or values creation/write/...)
- Dump files created in a folder your choice (Premium)
- Malicious score with indicators (Premium)
- Cherry pick analysis options for faster execution
- Generate a text report of each analysis (history available)
Please refer to the general documentation.