PS: The silent banker also stays invisible:

 

C:\Python27\Scripts>python vol.py apihooks -f "D:\X-Ways-Images\Malware\silentbanker.vmem"

Volatile Systems Volatility Framework 2.0

Name                             Type     Target                                   Value

Finished after 115.231999874 seconds

 

Regards

Michael

 

Von: vol-users-bounces@volatilityfoundation.org [mailto:vol-users-bounces@volatilityfoundation.org] Im Auftrag von Michael Felber
Gesendet: Montag, 15. August 2011 12:48
An: 'Michael Hale Ligh'
Cc: vol-users@volatilityfoundation.org
Betreff: [Vol-users] Finding API-Hooks

 

Hey Michael,

 

trying to list the hooked API-calls in the zeus.vmem-image according page 666 of your “Cookbook”  with Volatility 2.0 and maware.py r97  I get the following result only:

 

C:\Python27\Scripts>python vol.py apihooks -f "D:\X-Ways-Images\Malware\zeus.vmem"

Volatile Systems Volatility Framework 2.0

Name                             Type     Target                                   Value

wuauclt.exe[468]@wuaueng.dll     iat      sfc.dll!*invalid*                        0x0 0x76c69828 (sfc_os.dll)

Finished after 383.752000093 seconds

 

Did I miss something or should I use an older version of Volatility and the malware-Plugin?

 

Kindest regards

 

Michael