[Vol-users] moddump Error: e_magic 8D4C is not a valid DOS signature.

Brian Keefer chort at effu.se
Thu Mar 21 17:32:16 CDT 2013


Working with a ransomware infection, trying to dump one of the modules that looks suspicious (the only one to reference a file in user's AppData). I'm trying to dump it via the base address found through modscan, but getting:
moddump Error: e_magic 8D4C is not a valid DOS signature.

I tried -u. Is there any other way to dump it?

--
chort





More information about the Vol-users mailing list