Finding stealth injected DLLs
Last Updated: 2008-11-17 21:51:32 UTC
by Jim Clausing (Version: 1)
I've mentioned Volatility here before and I use it in my day job doing malware analysis. The problem is, I know it is capable of doing a lot more than I am currently using it for, but I rarely have the time to sit down and play with it and learn how to use it better. So, I was very pleased when I noticed that Michael Hale Ligh has written 2 pieces on how to use Volatility to find DLLs that have been stealthily injected into running processes. The first is Locating Hidden Clampi DLLs and the second is entitled Recovering Coreflood Binaries with Volatility. Does anyone else out there have any other tools/methods they use for trying to detect and analyze these DLL injections (or even non-stealthy ones)? Let me know via the contact page and I'll update this story.