mirror of
https://github.com/pe3zx/my-infosec-awesome.git
synced 2025-01-07 05:47:55 -05:00
[Tools][Malware Analysis] glmcdona/Process-Dump
Process Dump is a Windows reverse-engineering command-line tool to dump malware memory components back to disk for analysis. Often malware files are packed and obfuscated before they are executed in order to avoid AV scanners, however when these files are executed they will often unpack or inject a clean version of the malware code in memory. A common task for malware researchers when analyzing malware is to dump this unpacked code back from memory to disk for scanning with AV products or for analysis with static analysis tools such as IDA.
This commit is contained in:
parent
2da6298064
commit
04613bd524
@ -1131,6 +1131,10 @@ My curated list of awesome links, resources and tools
|
||||
<td><a href="https://certsocietegenerale.github.io/fame/">FAME</a></td>
|
||||
<td>FAME Automates Malware Evaluation</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><a href="https://github.com/glmcdona/Process-Dump">glmcdona/Process-Dump</a></td>
|
||||
<td>Windows tool for dumping malware PE files from memory back to disk for analysis.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><a href="https://github.com/hasherezade/libpeconv/tree/master/run_pe">hasherezade/libpeconv/runpe</a></td>
|
||||
<td>RunPE (aka Process Hollowing) is a well known technique allowing to injecting a new PE into a remote processes, imprersonating this process. The given implementation works for PE 32bit as well as 64bit.</td>
|
||||
|
Loading…
Reference in New Issue
Block a user