nganhkhoa/mether049-malware
1
0
Fork 0
mirror of https://github.com/nganhkhoa/malware.git synced 2024-06-10 21:32:07 +07:00
Code Issues Projects Releases Wiki Activity

Update analysis_processhollowing.md

Browse Source
This commit is contained in:
mether049 2020-01-07 00:55:54 +09:00 committed by GitHub
parent 8b6d58aed3
commit a6cdff6eb6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Trickbot/analysis_processhollowing.md
View File

@ -116,6 +116,7 @@ Process Hollowingにも利用するデータに関する説明
![](https://github.com/mether049/malware/blob/master/Trickbot/img/apicall_15_720.png) ![](https://github.com/mether049/malware/blob/master/Trickbot/img/apicall_15_720.png)
- 以下は[NtQueryInformationProcess](https://docs.microsoft.com/ja-jp/windows/win32/api/winternl/nf-winternl-ntqueryinformationprocess?redirectedfrom=MSDN)の呼び出し後におけるPROCESS_BASIC_INFORMATION構造体の各メンバの値である - 以下は[NtQueryInformationProcess](https://docs.microsoft.com/ja-jp/windows/win32/api/winternl/nf-winternl-ntqueryinformationprocess?redirectedfrom=MSDN)の呼び出し後におけるPROCESS_BASIC_INFORMATION構造体の各メンバの値である
- svchost.exeのプロセスIDは9652 - svchost.exeのプロセスIDは9652
![](https://github.com/mether049/malware/blob/master/Trickbot/img/PROCESS_BASIC_INFORMATION.png) ![](https://github.com/mether049/malware/blob/master/Trickbot/img/PROCESS_BASIC_INFORMATION.png)
![](https://github.com/mether049/malware/blob/master/Trickbot/img/processhacker.PNG) ![](https://github.com/mether049/malware/blob/master/Trickbot/img/processhacker.PNG)