Labs – Incident Response

Xandora
An Online and offline dynamic trace environment, Xandora.net is a tool for analysing the behaviour of Windows PE-executables with special focus on the analysis of malware. Execution of xandora.net results in the generation of a report file that contains enough information to give a human user a very good impression about the purpose and the actions of the analyzed binary. The generated report includes detailed data about modifications made to the Windows registry or the file system or other processes and of course it logs all generated network traffic – http://home.xandora.net/