Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
BSD 2-Clause "Simplified" License
3.01k
stars
421
forks
source link
Crash during scan #24
Closed
hasherezade closed 5 years ago
Test case
4c85fce4f7630dda213bafc2f842dd131dfc5f087be7c6a75f4ad2ca378904d0
Problem
Crash happens during scanning the main module:
Comment
The layout of sections in this sample is atypical - it can possibly be the reason of invalid parsing: