Guest Post: Martin Korman (VolatilityBot – An Automated Malicious Code Dumper)
by Volatility | Nov 30, 2015 | code injection, malware, unpacking, volatilitybot
This is a guest post from Martin Korman, author of VolatilityBot. Lately, I’ve found myself manually unpacking different versions of the same malware in order to perform static analysis with IDA and BinDiff. Therefore, I’ve decided to write a small system...PlugX: Memory Forensics Lifecycle with Volatility
by Volatility | Nov 6, 2015 | anti-forensics, code injection, contest, impscan, malfind, osdfcon, plugx, rootkits, volatility
At OSDFCon last week, we discussed a case study showing how we identified manipulated memory artifacts in an infected environment. We were then able to rapidly introduce new capabilities to Volatility that could be used proactively in other environments. The...HowTo: Extract “Hidden” API-Hooking BHO DLLs
by Volatility | Jan 23, 2013 | code injection, malware, unpacking, volatility, windows
A Twitter user recently asked a question to the @volatility account: “can you please tell me how to extract SilentBanker [from memory]”? We like to encourage people to work through problems on their own, so our initial advice was short and sweet:...Slides and Video of Analyzing Malware in Memory Webinar
by Volatility | Jan 4, 2013 | code injection, forensics, kernel, malware, volatility, windows
I recently presented a Hacker Academy Deep Dive ( X thehackeracademy.com/tha-deep-dive-analyzing-malware-in-memory/) webinar on ‘Analyzing Malware in Memory’. The purpose of this presentation was to show how in-depth malware analysis can performed on...What do Upclicker, Poison Ivy, Cuckoo, and Volatility Have in Common?
by Volatility | Dec 21, 2012 | code injection, forensics, malware, poison ivy, volatility, windows
Earlier this month, FireEye researchers Abhishek Singh and Yasir Khalid introduced Trojan Upclicker – malware that detects automated sandboxes by hooking mouse movements. If these user interactions never occur, the malware stays dormant, but as soon as someone...
You must be logged in to post a comment.