[Vol-users] moddump Error: e_magic 8D4C is not a valid DOS
chort at effu.se
Thu Mar 21 17:32:16 CDT 2013
Working with a ransomware infection, trying to dump one of the modules that looks suspicious (the only one to reference a file in user's AppData). I'm trying to dump it via the base address found through modscan, but getting:
moddump Error: e_magic 8D4C is not a valid DOS signature.
I tried -u. Is there any other way to dump it?
More information about the Vol-users