mirror of
https://github.com/nganhkhoa/malware.git
synced 2024-06-10 21:32:07 +07:00
Update analysis_processhollowing.md
This commit is contained in:
parent
29eb38a973
commit
28f7d00269
@ -22,6 +22,24 @@
|
||||
## Analysis contents
|
||||
|
||||
### File copy
|
||||
![](https://github.com/mether049/malware/blob/master/Trickbot/img/shellexecute_2_940.png)
|
||||
![](https://github.com/mether049/malware/blob/master/Trickbot/img/filecopy_1_940.png)
|
||||
![]()
|
||||
բնութագրվում է.exe
|
||||
### VirtualAlloc and Data transition
|
||||
![](https://github.com/mether049/malware/blob/master/Trickbot/img/virtualalloc_3_940.png)
|
||||
![](https://github.com/mether049/malware/blob/master/Trickbot/img/datasection_4_940.png)
|
||||
![](https://github.com/mether049/malware/blob/master/Trickbot/img/datacopy_5_940.png)
|
||||
![](https://github.com/mether049/malware/blob/master/Trickbot/img/datacopy2_6_940.png)
|
||||
![](https://github.com/mether049/malware/blob/master/Trickbot/img/decode_7_940.png)
|
||||
![](https://github.com/mether049/malware/blob/master/Trickbot/img/decode2_8_940.png)
|
||||
![](https://github.com/mether049/malware/blob/master/Trickbot/img/copytext_9_940.png)
|
||||
### Createting Process and Heaven's Gate (Process Hollowing)
|
||||
![](https://github.com/mether049/malware/blob/master/Trickbot/img/svchost_10_940.png)
|
||||
![](https://github.com/mether049/malware/blob/master/Trickbot/img/heavensgate_11_940.png)
|
||||
![](https://github.com/mether049/malware/blob/master/Trickbot/img/ntdll_12_940.png)
|
||||
![](https://github.com/mether049/malware/blob/master/Trickbot/img/crccalc_13_940.png)
|
||||
![](https://github.com/mether049/malware/blob/master/Trickbot/img/crccmp_14_940.png)
|
||||
![]()
|
||||
![]()
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user