Malware Dynamic Analysis with GMER

GMER is a rootkit detection tool let you view the hooking executable and the hooked function inside the system.

GMER can give us details about the name of the executable that performs the hooking and the module it hooks.

In our sample, GMER detects a Win32.AgentTesla.exe[2820] hooks user32.dll’s GetKeyboardState API.

Agent Tesla is a known variant of information-stealing malware.