StreamArmor
April 1st, 2010
Description:
StreamArmor is the sophisticated tool for discovering hidden alternate data streams (ADS) as well as clean them completely from the system
Size:
1.3 MBLast Update:
April 1st, 2010Version:
1.0OS Support:
Windows 2000 / Xp / 2003 / Vista / 2008 / 7License/Program Type:
FreewarePublisher:
Rootkit AnalyticsPrice:
0Downloads:
6>> VIDEO TRAILER:
StreamArmor Video Trailer, ScreenshotsTags:
hacker rootkit ads ads scanner discover ads alternate data streams hidden ads detect ads find ads locate ads alternate data stream data stream
Editor`s Description
StreamArmor is a powerful, relaible and sophisticated tool for discovering hidden alternate data streams (ADS) as well as clean them completely from the system.
StreamArmor comes with advanced auto analysis coupled with online threat verification mechanism, being therefore probably the best tool available in the market for eradicating the evil streams.
Moreover, StreamArmor comes with fast multi threaded ADS scanner which can recursively scan over entire system and quickly uncover all hidden streams. All such discovered streams are represented using specific color patten based on threat level which makes it easy for human eye to distinguish between suspicious and normal streams.
Furthermore, the smart StreamArmor includes built-in advanced file type detection mechanism which examines the content of file to accurately detect the file type of stream. This makes it great tool in forensic analysis in uncovering hidden documents/images/audio/video/database/archive files within the alternate data streams.
StreamArmor is a standalone portable application which does not require any installation. It can be copied to any place in the system and executed directly.
Due to this hidden nature of ADS, hackers have been exploiting this method to secretly store their Rootkit components on the compromised system without being detected. For example, the infamous Rootkit named 'Mailbot.AZ' aka 'Backdoor.Rustock.A' used to hide its driver file into system32 folder (C:\Windows\system32) as a stream '18467'.
Main features:
- Fast, multi threaded ADS scanner to quickly and recursively scan entire computer or drive or just a folder.
- 'Snapshot View' for quick identification of selected stream and faster manual analysis.
- Option to 'Ignore Known and Zero Streams' which automatically ignores all known streams (such as Zone.Identifier) and streams with zero size, thus greatly reducing time and effort involved in manual analysis.
- Advanced stream file type detection which analyzes internal content of file to detect the real file type rather than just going by the file extension. Here is the list of some of the major file type categories detected by StreamArmor
+ Executable File Type (EXE, DLL, SYS, COM, MSI, CLASS)
+ Archive File Type (ZIP, RAR, TAR, GZ, COM)
+ Audio File Type (MP3, WAV, RA, RM, WMA, M3U)
+ Video File Type (WMV, AVI, MPEG, MP4, SWF, DIVX, FLV, DAT, VOB, MOV)
+ Database Type (MS ACCESS)
+ Document Type (PDF, XML, DOC, RTF, All MS Office old & new formats)
- Sophisticated 'Auto Threat Analysis' based on heuristic technology for identifying anomaly in the discovered streams based on the characteristics and patterns.
'Online Threat Verification' to check for presence of Virus or Rootkit in the suspicious stream using any of the following prominent online websites.
+ VirusTotal (www.VirusTotal.com)
+ ThreatExpert (www.ThreatExpert.com)
+ MalwareHash (www.MalwareHash.com)
- Representation of streams using color pattern based on threat level makes it easy and fast for human eye to distinguish between suspicious streams from normal ones.
- Parallel analysis of discovered streams during the scanning process, allows user to start with analysis immediately without waiting for entire scanning operation to be completed.
- View the entire content of selected stream using the configured third party application. In fact user can configure different applications for normal & executable stream file.
- Save the selected stream file content to a disk, or USB drive or DVD for further analysis.
- Delete the selected alternate data stream from its base file or folder.
- Execute/Run the selected executable stream file for analyzing its malicious nature in virtual environments such as VMWare.
- Dynamic performance tuning mechanism by adjusting the ADS scan thread count [only for advanced users].
- Sort feature to arrange the scanned streams based on its name/threat level/content type/size.
- Export the entire list of discovered streams to a disk file in HTML format for offline analysis.
StreamArmor comes with advanced auto analysis coupled with online threat verification mechanism, being therefore probably the best tool available in the market for eradicating the evil streams.
Moreover, StreamArmor comes with fast multi threaded ADS scanner which can recursively scan over entire system and quickly uncover all hidden streams. All such discovered streams are represented using specific color patten based on threat level which makes it easy for human eye to distinguish between suspicious and normal streams.
Furthermore, the smart StreamArmor includes built-in advanced file type detection mechanism which examines the content of file to accurately detect the file type of stream. This makes it great tool in forensic analysis in uncovering hidden documents/images/audio/video/database/archive files within the alternate data streams.
StreamArmor is a standalone portable application which does not require any installation. It can be copied to any place in the system and executed directly.
Due to this hidden nature of ADS, hackers have been exploiting this method to secretly store their Rootkit components on the compromised system without being detected. For example, the infamous Rootkit named 'Mailbot.AZ' aka 'Backdoor.Rustock.A' used to hide its driver file into system32 folder (C:\Windows\system32) as a stream '18467'.
Main features:
- Fast, multi threaded ADS scanner to quickly and recursively scan entire computer or drive or just a folder.
- 'Snapshot View' for quick identification of selected stream and faster manual analysis.
- Option to 'Ignore Known and Zero Streams' which automatically ignores all known streams (such as Zone.Identifier) and streams with zero size, thus greatly reducing time and effort involved in manual analysis.
- Advanced stream file type detection which analyzes internal content of file to detect the real file type rather than just going by the file extension. Here is the list of some of the major file type categories detected by StreamArmor
+ Executable File Type (EXE, DLL, SYS, COM, MSI, CLASS)
+ Archive File Type (ZIP, RAR, TAR, GZ, COM)
+ Audio File Type (MP3, WAV, RA, RM, WMA, M3U)
+ Video File Type (WMV, AVI, MPEG, MP4, SWF, DIVX, FLV, DAT, VOB, MOV)
+ Database Type (MS ACCESS)
+ Document Type (PDF, XML, DOC, RTF, All MS Office old & new formats)
- Sophisticated 'Auto Threat Analysis' based on heuristic technology for identifying anomaly in the discovered streams based on the characteristics and patterns.
'Online Threat Verification' to check for presence of Virus or Rootkit in the suspicious stream using any of the following prominent online websites.
+ VirusTotal (www.VirusTotal.com)
+ ThreatExpert (www.ThreatExpert.com)
+ MalwareHash (www.MalwareHash.com)
- Representation of streams using color pattern based on threat level makes it easy and fast for human eye to distinguish between suspicious streams from normal ones.
- Parallel analysis of discovered streams during the scanning process, allows user to start with analysis immediately without waiting for entire scanning operation to be completed.
- View the entire content of selected stream using the configured third party application. In fact user can configure different applications for normal & executable stream file.
- Save the selected stream file content to a disk, or USB drive or DVD for further analysis.
- Delete the selected alternate data stream from its base file or folder.
- Execute/Run the selected executable stream file for analyzing its malicious nature in virtual environments such as VMWare.
- Dynamic performance tuning mechanism by adjusting the ADS scan thread count [only for advanced users].
- Sort feature to arrange the scanned streams based on its name/threat level/content type/size.
- Export the entire list of discovered streams to a disk file in HTML format for offline analysis.
Final Note
StreamArmor - smart, powerful and reliable free security software that detects and removes hidden alternate data streams (ADS).
|
|
| StreamArmor Antivirus Scan Report done by Softoxi.com | |
|
|
| StreamArmor Video Tutorial done by Softoxi.com | |
StreamArmor Scan reports
avast! 4.8 Scan Report:
*
* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on Tuesday, March 30, 2010 12:14:34 PM
* VPS: 100329-2, 29/03/2010
*
C:\Softoxi\StreamArmor_v1.zip\StreamArmor.exe [+] is OK
C:\Softoxi\StreamArmor_v1.zip [+] is OK
Infected files: 0
Total files: 2
Total folders: 1
Total size: 3.5 MB
*
* Task stopped: Tuesday, March 30, 2010 12:14:34 PM
* Run-time was 0 second(s)
*
Kaspersky IS 7 Scan Report:
Scan : completed
----------------
Scanned: 2
Detected: 0
Untreated: 0
Start time: 30/03/2010 12:14:37 PM
Duration: unknown
Finish time: 30/03/2010 12:14:37 PM
Detected
--------
Status Object
------ ------
Events
------
Time Name Status Reason
---- ---- ------ ------
30/03/2010 12:14:37 PM File: C:\Softoxi\StreamArmor_v1.zip archive ZIP
30/03/2010 12:14:37 PM File: C:\Softoxi\StreamArmor_v1.zip/StreamArmor.exe ok scanned
30/03/2010 12:14:37 PM File: C:\Softoxi\StreamArmor_v1.zip ok scanned
Statistics
----------
Object Scanned Dangerous objects Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- ----------------- --------- ------- ------------------- -------- ------------ ------------------ ---------
Settings
--------
Parameter Value
--------- -----
Security Level Custom
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives all
Scan embedded OLE objects all
Do not scan archives larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives Yes
Use iChecker technology No
Use iSwift technology No
Register information about dangerous objects in application statistics Yes
Rootkit scan Yes
Extended rootkit scan Yes
Use heuristic analyser Yes
Heuristic analyser level 10
*
* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on Tuesday, March 30, 2010 12:14:34 PM
* VPS: 100329-2, 29/03/2010
*
C:\Softoxi\StreamArmor_v1.zip\StreamArmor.exe [+] is OK
C:\Softoxi\StreamArmor_v1.zip [+] is OK
Infected files: 0
Total files: 2
Total folders: 1
Total size: 3.5 MB
*
* Task stopped: Tuesday, March 30, 2010 12:14:34 PM
* Run-time was 0 second(s)
*
Kaspersky IS 7 Scan Report:
Scan : completed
----------------
Scanned: 2
Detected: 0
Untreated: 0
Start time: 30/03/2010 12:14:37 PM
Duration: unknown
Finish time: 30/03/2010 12:14:37 PM
Detected
--------
Status Object
------ ------
Events
------
Time Name Status Reason
---- ---- ------ ------
30/03/2010 12:14:37 PM File: C:\Softoxi\StreamArmor_v1.zip archive ZIP
30/03/2010 12:14:37 PM File: C:\Softoxi\StreamArmor_v1.zip/StreamArmor.exe ok scanned
30/03/2010 12:14:37 PM File: C:\Softoxi\StreamArmor_v1.zip ok scanned
Statistics
----------
Object Scanned Dangerous objects Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- ----------------- --------- ------- ------------------- -------- ------------ ------------------ ---------
Settings
--------
Parameter Value
--------- -----
Security Level Custom
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives all
Scan embedded OLE objects all
Do not scan archives larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives Yes
Use iChecker technology No
Use iSwift technology No
Register information about dangerous objects in application statistics Yes
Rootkit scan Yes
Extended rootkit scan Yes
Use heuristic analyser Yes
Heuristic analyser level 10
Related software
Safe Returner
Safe Returner is an impressive anti-malware tool which aids in the removal of Malware - Trojan Horses, Worms, Adware, Spyware.
Date added:
August 5th, 2010
| Downloads:
38
| Licence:
Trial
Threat Killer
Scriptable malware remover engine that can remove any malware running custom scripts.
Date added:
April 26th, 2010
| Downloads:
6
| Licence:
Freeware
Zeus Trojan Remover
Application designed to detect and remove all known variants of the very dangerous Zeus Trojan (also known as ZBot or Wsnpoem).
Date added:
April 26th, 2010
| Downloads:
33
| Licence:
Freeware
Top Downloads
Latest Video Trailers
New Windows Releases
New Linux Releases
New Mac Releases
New Mobile Releases
