Deep Dive into a Dumped Malware without a PE Header

Posted May 29, 2025 Updated Jun 3, 2025

By ictsec.pl

1 min read

This analysis is part of an incident investigation led by the FortiGuard Incident Response Team.

We discovered malware that had been running on a compromised machine for several weeks. The threat actor had executed a batch of scripts and PowerShell to run the malware in a Windows process. Although obtaining the original malware executable was difficult, a memory dump of the running malware process and a full memory dump of the compromised machine (the “fullout” file, size 33GB) were successfully acquired.

To read the complete article see: https://www.fortinet.com/blog/threat-research/deep-dive-into-a-dumped-malware-without-a-pe-header

MALWARE

This post is licensed under CC BY 4.0 by the author.

Trending Tags