Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
BSD 2-Clause "Simplified" License
3.06k
stars
425
forks
source link
Crash on import reconstruction #84
Closed
hasherezade closed 3 years ago
Sample: d578128922e3990112b2275f3cd7b6c0b4f6df4b4d6c9c98959fa1c9862e7db0 - Dridex
run by:
The crash occurs during the scan by PE-sieve/HH with an option
/imp
.