eset / volatility-browserhooks

Volatility Framework plugin to detect various types of hooks as performed by banking Trojans

volatility-browserhooks

Volatility-browserhooks is a Volatility Framework plugin to detect various types of hooks as performed by recent banking Trojans.

Move browserhooks.py to volatility/plugins/malware in the Volatilty Framework path.
Run: python vol.py -f dump_from_compromised_windows_system.vmem --profile=Win7SP1x64 browserhooks (-D _store_mods)

Volatility Framework plugin to detect various types of hooks as performed by banking Trojans

BSD 2-Clause "Simplified" License

Language:Python 100.0%