[Vol-users] RE: [Detailed analysis of Kaspersky hooks including analysis....

Michael Chaves mchaves at monroectpolice.com
Wed Oct 29 07:28:24 CDT 2014


I've used malfind and memscan on a suspected POS infected system and I get a ton of false positive hits on AV processes.  Any way to white list some of these or use --silent to filter out some of these false positives?  On the other side, is it likely malware is using AV processes to do their deed?

Mike

Det. Michael Chaves
Monroe Police Department
7 Fan Hill Road
Monroe, CT 06468
203.452.2831 x1307 (desk)
203.261.3622  (w)
203.650.7997 (c)

*** NOTE: If you are sending me an attachment, rename the extension to .txt or .jpg, otherwise, due to filters, I will not get it ***

-----Original Message-----
From: vol-users-bounces at volatilityfoundation.org [mailto:vol-users-bounces at volatilityfoundation.org] On Behalf Of vol-users-request at volatilityfoundation.org
Sent: Tuesday, October 28, 2014 1:00 PM
To: vol-users at volatilityfoundation.org
Subject: [BULK] Vol-users Digest, Vol 76, Issue 6

Send Vol-users mailing list submissions to
	vol-users at volatilityfoundation.org

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
or, via email, send a message with subject or body 'help' to
	vol-users-request at volatilityfoundation.org

You can reach the person managing the list at
	vol-users-owner at volatilityfoundation.org

When replying, please edit your Subject line so it is more specific than "Re: Contents of Vol-users digest..."


Today's Topics:

   1. Detailed analysis of Kaspersky hooks including analysis	with
      Volatility (Andrew Case)


----------------------------------------------------------------------

Message: 1
Date: Tue, 28 Oct 2014 02:16:58 -0500
From: Andrew Case <atcuno at gmail.com>
Subject: [Vol-users] Detailed analysis of Kaspersky hooks including
	analysis	with Volatility
To: "'vol-users at volatilityfoundation.org'" <vol-users at volatilityfoundation.org>
Message-ID: <544F42EA.9020500 at gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

A really well done writeup & analysis:

https://quequero.org/2014/10/kaspersky-hooking-engine-analysis/

--
Thanks,
Andrew (@attrc)


------------------------------

_______________________________________________
Vol-users mailing list
Vol-users at volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users


End of Vol-users Digest, Vol 76, Issue 6
****************************************


More information about the Vol-users mailing list