As continuation of this thread viewtopic.php?f=13&t=5496.
Features
+ Unpack VDM containers of Windows Defender/Microsoft Security Essentials;
+ Decrypt VDM container embedded in Malicious software Removal Tool (MRT.exe);
+ Extract all PE images from unpacked/decrypted containers on the fly (-e switch):
+ dump VDLLs (Virtual DLLs);
+ dump VFS (Virtual File System) contents;
+ dump signatures auxilarity images;
+ code can be adapted to dump type specific chunks of database (not implemented);
+ Faster than any script.
https://github.com/hfiref0x/WDExtract
As-is, no warranties. Feel free to contribute.
Features
+ Unpack VDM containers of Windows Defender/Microsoft Security Essentials;
+ Decrypt VDM container embedded in Malicious software Removal Tool (MRT.exe);
+ Extract all PE images from unpacked/decrypted containers on the fly (-e switch):
+ dump VDLLs (Virtual DLLs);
+ dump VFS (Virtual File System) contents;
+ dump signatures auxilarity images;
+ code can be adapted to dump type specific chunks of database (not implemented);
+ Faster than any script.
https://github.com/hfiref0x/WDExtract
As-is, no warranties. Feel free to contribute.
Ring0 - the source of inspiration
