Malware Monday: Regshot



Regshot is a dynamic malware analysis tool that allows an analyst to perform before and after snapshots of the Windows Registry. Typically, this is used to capture a snapshot of the system prior to executing malware and then immediately afterwards.

The goal is to identify any changes to the registry that the malware made. This may give more indication as to what the malware is capable of, if any additional files are dropped, or any other Indicators of Compromise (“IOCs”). In many cases, including my own, Regshot lives within its own Virtual Machine that is reserved for dynamic analysis.

Regshot is currently at version 1.9.0, and is available for download here. There are both 32- and 64-bit versions available.

Read more…