From 809a3ecac661efb856e7e230b02813ae60d5171d Mon Sep 17 00:00:00 2001
From: mether049 <cstt17009@g.nihon-u.ac.jp>
Date: Mon, 27 Jan 2020 23:59:08 +0900
Subject: [PATCH] Update malware-analysis_ref_and_memo.md

---
 malware-analysis_ref_and_memo.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/malware-analysis_ref_and_memo.md b/malware-analysis_ref_and_memo.md
index 0ab3fd7..c2a94f0 100644
--- a/malware-analysis_ref_and_memo.md
+++ b/malware-analysis_ref_and_memo.md
@@ -95,11 +95,14 @@
 |Yomi Sandbox|https://yomi.yoroi.company/upload||
 |UnpacMe|https://www.unpac.me/#/|online unpacker,beta|
 
-### Unpacker/Decryptor
+### Unpacker/Decryptor/Extractor
 - 攻撃者グループTA505が利用するマルウェア(GetandGoDll, Silence, TinyMet, Azorult, KBMiner, etc.)の静的アンパッカー<br>
 [TAFOF-Unpacker](https://github.com/Tera0017/TAFOF-Unpacker)
 - Trickbotのartifactを取得するためのdecrypter<br>
 [Trickbot artifact decrypter](https://github.com/snemes/malware-analysis/tree/master/trickbot)
+- Injecition/Hollowingされたプロセスの抽出<br>
+[Memhunter](https://github.com/marcosd4h/memhunter)
+
 
 # Doc Analysis
 - VBA マクロの解析についての資料<br>