We know SysInternals has a wonderful set of free tools.
The following two links show how to use two of them along with VirusTotal
Autoruns:
Shows you what programs are configured to run during system bootup or login, and when you start various built-in Windows applications like Internet Explorer, Explorer and media players. These programs and drivers include ones in your startup folder, Run, RunOnce, and other Registry keys.
Sigcheck:
Shows file version number, timestamp information, and digital signature details, including certificate chains
How-To links from SANS:
No comments:
Post a Comment