Hello,
I have been researching two sets of files all day, OUTLOOK.EXE.HDMP & IEXPLORER.EXE.HDMP. Both of these files showed up in an AV scanner detection log for a generic trojan. When I Google these files I see a lot of information about how to delete them and various virus detecitons, but nothing on what they really are. I did find some very loose references to heap dump files or applicatoin dump from from either OUTLOOK or IE. Does that make sence?
The AV signature doesn't really provide a lot of info on what the virus detection is other than a smal string "something like format c etc.
Anyone have any thoughts…?
Thanks
they are heap dumps. malware causes outlook to crash - either because it's crappy or an attemt at buffer overflow. It is an image of the process memory - thus it conating the offending malware.
_nik_
Thanks for the information. Do you (or anyone) know why these or ANY other hdmp files would have the same exact keywords over and over if different *.hdmp files? Meaning say I do a keyword search on foo, and the same exact foo hit shows up in a dump file on Jan 1, feb 2, Mar 3 etc (dates are just random examples). The surrounding text is evern the same. Tthe files are not the same b/c the file offset /PS are different. Could it be that these files are nothing but a running or appended log/file from previous dumps?
Thanks
Use Windbg from http//