A forum for reverse engineering, OS internals and malware analysis 

Forum for announcements and questions about tools and software.
 #20659  by CloneRanger
 Sat Aug 31, 2013 2:03 am
Did a search on here but didn't find it, so i'm presuming it's not been mentioned etc before. Anyway, i noticed it whilst looking for something else, as is often the case, so i thought you Pro's might like to evaluate it etc ;)
Announcing Noriben

Noriben is a Python-based script that works in conjunction with Sysinternals Procmon to automatically collect, analyze, and report on runtime indicators of malware. In a nutshell, it allows you to run your malware, hit a keypress, and get a simple text report of the sample's activities.

Noriben is an ideal solution for many unusual malware instances, such as those that would not run from within a standard sandbox environment. These files perhaps required command line arguments, or had VMware/OS detection that had to be actively debugged, or extremely long sleep cycles. These issues go away with Noriben. Simply run Noriben, then run your malware in a way that will make it work. If there is active protection, run it within OllyDbg/Immunity while Noriben is running and bypass any anti-analysis checks. If it has activity that changes over days, simply kick off Noriben and the malware for a long weekend and process your results when you return to work.

http://www.thebaskins.com/main/index.php