Messages

1

RogueKiller / Re: Hook IEAT need help

« on: January 27, 2016, 12:46:55 AM »

Thanks a lot.
And pardon me for not thanking you before... I think I missed the notification of your post.

2

RogueKiller / Re: Hook IEAT need help

« on: December 22, 2015, 02:11:54 PM »

Hi Curson,

I haven't heard from you for a while now...
Could it be that you have forgotten to send me my analysis ?
Or is it Christmas rush ?

season's greatings
Temium

3

RogueKiller / Re: Hook IEAT need help

« on: December 04, 2015, 03:07:28 PM »

Thanks for your message, Curson.

4

RogueKiller / Re: Hook IEAT need help

« on: December 03, 2015, 05:18:35 PM »

Hi Curson,

Here's a link to my Dropbox :

https://www.dropbox.com/sh/e0wrzybrywjqa1z/AADSSDNwnHRX74t4fKws-qUMa?dl=0

You can upload either .dum ou .zip file.

5

RogueKiller / Re: Hook IEAT need help

« on: December 02, 2015, 06:47:04 PM »

Hi Curson,

I uploaded the dump file (zipped)
and put the link to your message as a comment of my upload, that is :

http://forum.adlice.com/index.php?topic=609.msg3424#msg3424

I hope everything went all right... I'm not very familiar with forum uses.

6

RogueKiller / Re: Hook IEAT need help

« on: November 30, 2015, 03:55:24 PM »

Hi Curson,

Thanks for your replying.

I Had to run RK again (and to redownload it ) to get the report in .JSON format.

And a lot of new IEAT HOOK came up !

see attached file... 

7

RogueKiller / Hook IEAT need help

« on: November 28, 2015, 02:11:44 PM »

Hi, just installed RK and got a report which I don't know how to read... specialy this :

¤¤¤ Antirootkit : 1 (Driver: Chargé) ¤¤¤
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!LdrLoadDll : Unknown @ 0x7ff90cab0430 (jmp 0xffffffffff895540|call rbx|jmp 0x102)

is it a false positive ? Can someone help.
full report attached.