Collaborate Disseminate
Can Cuckoo extract PE files from a memory dump or record the import table of the running process? I need to record the import table in PE not the called/executed API from the process.
There is Process-Dump which is able to extract PE from … Continue reading Cuckoo dump a PE file from a memory dump?
How is the malware file signature generated? Does it use a sequence of bytes in the beginning, size, PE (export, import, section), etc?
And can the MD5 or SHA256 be considered a file signature for a malware file?
Note: I know that there’s … Continue reading How malware file signature is generated?
Remnux provides a set of tools for Malware analysis
Is there any equivalent in Windows that contains the essential tools for malware analysis tasks?
Continue reading Windows malware analysis sandbox like Remnux