Memory Analysis For Beginners With Volatility — Coreflood Trojan: Part 2

CERT-LatestNews Malware ThreatsCybercrime

In order to figure out what this piece of code does, my first instinct is to use the vaddump command. This command enables me to dump out a section of memory. I can use it to dump out the module from memory and disassemble it using IDA ( or some other disassembler ) One small problem though: In the….