[Vol-users] Need to pick a malware for a demo

Mike Lambert dragonforen at hotmail.com
Thu May 3 09:41:51 CDT 2012


Hi Fosforo,  I'm afraid I was not clear, but thanks for the URL.
 
I'm looking for a suggestion of a sample NAME that had those characteristics I was looking for. 
 
I use malwaredomainlist too; and if I did not have a sample, I'd probably look for one there.
 
I will be using a VM in the demo so it would have to run in a demo and illustrate the crossview technique.
 
Mike
 

> From: fosforo at gmail.com
> Date: Thu, 3 May 2012 02:47:02 -0300
> Subject: Re: [Vol-users] Need to pick a malware for a demo
> To: dragonforen at hotmail.com
> CC: vol-users at volatilityfoundation.org
> 
> have fun.
> 
> http://www.malwaredomainlist.com/mdl.php
> 
> --
> []s Fosforo
> -------------------------------------------------------------
> "Only the wisest and stupidest of men never change."
> -Confusio
> -------------------------------------------------------------
> 
> 
> On Thu, May 3, 2012 at 1:32 AM, Mike Lambert <dragonforen at hotmail.com> wrote:
> > I've got a memory forensics presentation coming up next week and I'd like to
> > use a sample that will illustrate a crossview example.
> >
> > Specifically, I'd like to use an example that hides from pslist on the
> > running system (don't want a DKOM example) but we can find it using
> > Volatility.
> > I'd like it to be something running and not a process injection sample.
> >
> > Does someone have a suggestion which one may provide a good illustration?
> >
> > Thanks,
> > Mike
> >
> >
> > _______________________________________________
> > Vol-users mailing list
> > Vol-users at volatilityfoundation.org
> > http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
> >
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.volatilityfoundation.org/pipermail/vol-users/attachments/20120503/07c8e313/attachment.html


More information about the Vol-users mailing list