A forum for reverse engineering, OS internals and malware analysis 

Forum for announcements and questions about tools and software.
 #32836  by EP_X0FF
 Fri Apr 19, 2019 5:37 pm
As continuation of this thread viewtopic.php?f=13&t=5496.


+ Unpack VDM containers of Windows Defender/Microsoft Security Essentials;
+ Decrypt VDM container embedded in Malicious software Removal Tool (MRT.exe);
+ Extract all PE images from unpacked/decrypted containers on the fly (-e switch):
+ dump VDLLs (Virtual DLLs);
+ dump VFS (Virtual File System) contents;
+ dump signatures auxilarity images;
+ code can be adapted to dump type specific chunks of database (not implemented);
+ Faster than any script.


As-is, no warranties. Feel free to contribute.