Really cool. Also, the recent sigcheck updates can do the same thing, so if the executable isn't in memory, you can still do the VT thing.
That's very nice. Kurt On Fri, Feb 7, 2014 at 9:06 AM, Ziots, Edward <[email protected]> wrote: > A very nice addition to the Process explorer/Sysinternals Suite. > > Hello Virustotal? It's Microsoft Calling. > > http://isc.sans.edu/diary.html?n&storyid=17594 > > > > Z > > > > > > Edward E. Ziots, CISSP, CISA, Security +, Network + > > Security Engineer > > Lifespan Organization > > [email protected] > > Work:401-255-2497 > > > > > > This electronic message and any attachments may be privileged and > confidential and protected from disclosure. If you are reading this > message, but are not the intended recipient, nor an employee or agent > responsible for delivering this message to the intended recipient, you are > hereby notified that you are strictly prohibited from copying, printing, > forwarding or otherwise disseminating this communication. If you have > received this communication in error, please immediately notify the sender > by replying to the message. Then, delete the message from your computer. > Thank you. > > *[image: Description: Description: Lifespan]* > > > > >
<<image001.jpg>>
