From 12c4ec0962528758b35de8e190cdc285b28e7119 Mon Sep 17 00:00:00 2001 From: mether049 Date: Sun, 5 Jan 2020 20:42:38 +0900 Subject: [PATCH] Update malware-tech_ref_and_memo.md --- malware-tech_ref_and_memo.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/malware-tech_ref_and_memo.md b/malware-tech_ref_and_memo.md index 86b592d..c3e0836 100644 --- a/malware-tech_ref_and_memo.md +++ b/malware-tech_ref_and_memo.md @@ -13,7 +13,7 @@ ### Dll Injection - 正規プロセス探索->プロセスのハンドル取得->メモリ領域確保->悪性DLL注入->実行 -- e.g. CreateToolhelp32Snapshot,Process32First,Process32Next->OpenProcess->VirtualAllocEx->WriteProcessMemory->CreateRemoteThread +- e.g. CreateToolhelp32Snapshot,Process32First,Process32Next->OpenProcess->VirtualAllocEx->WriteProcessMemory->CreateRemoteThread
[07b8f25e7b536f5b6f686c12d04edc37e11347c8acd5c53f98a174723078c365](https://www.virustotal.com/gui/file/07b8f25e7b536f5b6f686c12d04edc37e11347c8acd5c53f98a174723078c365/detection) ### Thread Execution Hijacking - 正規プロセス,スレッド探索->スレッドのハンドル取得->スレッド停止->メモリ領域確保->悪性コード注入->EIP書き換え->実行