RE: [Vol-users] Finding injected code
27 Feb
2013
27 Feb
'13
4:05 p.m.
On 2013-02-27 13:51, Ayers, Robert wrote:
By name alone I'd bet a beer that this is a
malicious executable
0x89152020 qegyas.exe 2364 2236 0 -------- 0
0 2013-02-27 15:08:35 2013-02-27 15:08:44
Thanks for the quick response. I believe that qegyas.exe is the
injector (according to my procmon at least). Also, that process has
exited, so I'm out of luck for taking a peak at it (in memory at
least...happily the malware left the file on the drive :))
James