Volatility Framework plugin to detect various types of hooks as performed by banking Trojans
Switch branches/tags
Nothing to show
Clone or download

README.adoc

volatility-browserhooks

Volatility-browserhooks is a Volatility Framework plugin to detect various types of hooks as performed by recent banking Trojans.

Usage

  1. Move browserhooks.py to volatility/plugins/malware in the Volatilty Framework path.

  2. Run: python vol.py -f dump_from_compromised_windows_system.vmem --profile=Win7SP1x64 browserhooks (-D _store_mods)

Authors

  • Peter Kálnai <peter.kalnai @_eset.cz>

  • Michal Poslušný <michal.poslusny @_eset.cz>