Malware Domain List

Malware Related => Malware Analysis => Topic started by: SysAdMini on November 04, 2008, 01:49:10 pm

Title: Hidden DLLs
Post by: SysAdMini on November 04, 2008, 01:49:10 pm

Locating Hidden Clampi DLLs (VAD-style)
http://mnin.blogspot.com/2008/11/locating-hidden-clampi-dlls-vad-style.html (http://mnin.blogspot.com/2008/11/locating-hidden-clampi-dlls-vad-style.html)

Title: Re: Hidden DLLs
Post by: pnuemo on November 05, 2008, 06:18:25 am

that's a good read.  thanks for sharing.

Title: Re: Hidden DLLs
Post by: SysAdMini on November 13, 2008, 06:13:03 pm

Recovering CoreFlood Binaries with Volatility
http://mnin.blogspot.com/2008/11/recovering-coreflood-binaries-with.html (http://mnin.blogspot.com/2008/11/recovering-coreflood-binaries-with.html)

Title: Re: Hidden DLLs
Post by: SysAdMini on January 07, 2009, 06:56:23 pm

Malfind Volatility Plug-In
http://mnin.blogspot.com/2009/01/malfind-volatility-plug-in.html

Quote

Malfind.py is a Volatility plug-in to find and extract hidden and/or injected code from physical memory dumps. It basically streamlines the multiple steps described in the two previous posts (Recovering CoreFlood Binaries with Volatility and Locating Hidden Clampi DLLs VAD-Style).