unpacking Archives - The Volatility Foundation - Promoting Accessible Memory Analysis Tools Within the Memory Forensics Community

Guest Post: Martin Korman (VolatilityBot – An Automated Malicious Code Dumper)

by Volatility | Nov 30, 2015 | code injection, malware, unpacking, volatilitybot

This is a guest post from Martin Korman, author of VolatilityBot. Lately, I’ve found myself manually unpacking different versions of the same malware in order to perform static analysis with IDA and BinDiff. Therefore, I’ve decided to write a small system...

HowTo: Extract “Hidden” API-Hooking BHO DLLs

by Volatility | Jan 23, 2013 | code injection, malware, unpacking, volatility, windows

A Twitter user recently asked a question to the @volatility account: “can you please tell me how to extract SilentBanker [from memory]”? We like to encourage people to work through problems on their own, so our initial advice was short and sweet:...

Unpacking Dexter POS “Memory Dump Parsing” Malware

by Volatility | Dec 12, 2012 | malware, unpacking, volatility, windows

I’m a big fan of Dexter. As I recently mentioned during an impromptu discussion with our first group of memory analysis training attendees, if there are only a few minutes left in an episode and he hasn’t killed anyone yet, I start getting nervous. So when...

Guest Post: Martin Korman (VolatilityBot – An Automated Malicious Code Dumper)

HowTo: Extract “Hidden” API-Hooking BHO DLLs

Unpacking Dexter POS “Memory Dump Parsing” Malware

Volatility Blog Archive

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012