Skip to Main Content
Learning Malware Analysis
book

Learning Malware Analysis

by Monnappa K A
June 2018
Beginner content levelBeginner
510 pages
13h 7m
English
Packt Publishing
Content preview from Learning Malware Analysis

6. Listing DLLs

Throughout this book, you have seen examples of malware using DLL to implement the malicious functionality. Therefore, in addition to investigating processes, you may also want to examine the list of loaded libraries. To list the loaded modules (executable and DLLs), you can use Volatility's dlllist plugin. The dlllist plugin also displays the full path associated with a process. Let's take an example of the malware named Ghost RAT. It implements the malicious functionality as the Service DLL, and as a result, the malicious DLL gets loaded by the svchost.exe process (for more information on Service DLL, refer to the Service section in Chapter 7, Malware Functionalities and Persistence). The following is the output from the ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Practical Malware Analysis

Practical Malware Analysis

Michael Sikorski, Andrew Honig
Evasive Malware

Evasive Malware

Kyle Cucci
Security in Computing

Security in Computing

Shari Lawrence Pfleeger, Charles P. Pfleeger, Jonathan Margulies

Publisher Resources

ISBN: 9781788392501Other