Re: [Vol-users] Option 2 for injected malware extraction
24 Jun
2012
24 Jun
'12
4:54 p.m.
On Sun, Jun 24, 2012 at 4:46 PM, Mike Lambert <dragonforen(a)hotmail.com> wrote:
I am looking at a sample of the Pilleuz worm that
infects USB.
I ran malfind and was not successful extracting a sample
Is there another option for extracting injected code?
It depends. How is the code injected?
Is there a way to dump threads?
You mean like the threads command?
Thanks,
Mike
_______________________________________________
Vol-users mailing list
Vol-users(a)volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users