AW: [Vol-users] Finding API-Hooks

PS: The silent banker also stays invisible: C:\Python27\Scripts>python vol.py apihooks -f "D:\X-Ways-Images\Malware\silentbanker.vmem" Volatile Systems Volatility Framework 2.0 Name Type Target Value Finished after 115.231999874 seconds Regards Michael Von: vol-users-bounces(a)volatilityfoundation.org [mailto:vol-users-bounces@volatilityfoundation.org] Im Auftrag von Michael Felber Gesendet: Montag, 15. August 2011 12:48 An: 'Michael Hale Ligh' Cc: vol-users(a)volatilityfoundation.org Betreff: [Vol-users] Finding API-Hooks Hey Michael, trying to list the hooked API-calls in the zeus.vmem-image according page 666 of your "Cookbook" with Volatility 2.0 and maware.py r97 I get the following result only: C:\Python27\Scripts>python vol.py apihooks -f "D:\X-Ways-Images\Malware\zeus.vmem" Volatile Systems Volatility Framework 2.0 Name Type Target Value wuauclt.exe[468](a)wuaueng.dll iat sfc.dll!*invalid* 0x0 0x76c69828 (sfc_os.dll) Finished after 383.752000093 seconds Did I miss something or should I use an older version of Volatility and the malware-Plugin? Kindest regards Michael