nganhkhoa/mether049-malware
1
0
Fork 0
mirror of https://github.com/nganhkhoa/malware.git synced 2024-06-10 21:32:07 +07:00
Code Issues Projects Releases Wiki Activity

Update analysis_processhollowing.md

Browse Source
This commit is contained in:
MxExTxH 2020-01-03 17:14:20 +09:00 committed by GitHub
parent 29eb38a973
commit 28f7d00269
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
Trickbot/analysis_processhollowing.md
View File

@ -22,6 +22,24 @@
## Analysis contents
### File copy
![](https://github.com/mether049/malware/blob/master/Trickbot/img/shellexecute_2_940.png)
![](https://github.com/mether049/malware/blob/master/Trickbot/img/filecopy_1_940.png)
![]()
բնութագրվում է.exe
### VirtualAlloc and Data transition
![](https://github.com/mether049/malware/blob/master/Trickbot/img/virtualalloc_3_940.png)
![](https://github.com/mether049/malware/blob/master/Trickbot/img/datasection_4_940.png)
![](https://github.com/mether049/malware/blob/master/Trickbot/img/datacopy_5_940.png)
![](https://github.com/mether049/malware/blob/master/Trickbot/img/datacopy2_6_940.png)
![](https://github.com/mether049/malware/blob/master/Trickbot/img/decode_7_940.png)
![](https://github.com/mether049/malware/blob/master/Trickbot/img/decode2_8_940.png)
![](https://github.com/mether049/malware/blob/master/Trickbot/img/copytext_9_940.png)
### Createting Process and Heaven's Gate (Process Hollowing)
![](https://github.com/mether049/malware/blob/master/Trickbot/img/svchost_10_940.png)
![](https://github.com/mether049/malware/blob/master/Trickbot/img/heavensgate_11_940.png)
![](https://github.com/mether049/malware/blob/master/Trickbot/img/ntdll_12_940.png)
![](https://github.com/mether049/malware/blob/master/Trickbot/img/crccalc_13_940.png)
![](https://github.com/mether049/malware/blob/master/Trickbot/img/crccmp_14_940.png)
![]()
![]()