volatility-browserhooks
October 3, 2017 · View on GitHub
Volatility-browserhooks is a http://www.volatilityfoundation.org[Volatility Framework] plugin to detect various types of hooks as performed by recent banking Trojans.
Usage
- Move
browserhooks.pytovolatility/plugins/malwarein the Volatilty Framework path. - Run:
python vol.py -f dump_from_compromised_windows_system.vmem --profile=Win7SP1x64 browserhooks (-D _store_mods)
Authors
- Peter Kálnai <peter.kalnai @_eset.cz>
- Michal Poslušný <michal.poslusny @_eset.cz>