Jump to content
u0m3

Process-Dump: Windows tool for dumping malware PE files from memory back to disk for analysis

Recommended Posts

Posted

Synopsis:

Process Dump is a Windows reverse-engineering command-line tool to dump malware memory components back to disk for analysis. Often malware files are packed and obfuscated before they are executed in order to avoid AV scanners, however when these files are executed they will often unpack or inject a clean version of the malware code in memory. A common task for malware researchers when analyzing malware is to dump this unpacked code back from memory to disk for scanning with AV products or for analysis with static analysis tools such as IDA.

 

Sourcehttp://split-code.com/processdump.html (side-note: unul dintre cele mai interesante website-uri din punc de vedere al design-ului)

GitHub Repositoryhttps://github.com/glmcdona/Process-Dump

Via:

 

  • Thanks 1
  • Upvote 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...