From bfb241ed5ecedc34db9ef5c303912c793aa62348 Mon Sep 17 00:00:00 2001 From: MxExTxH Date: Fri, 3 Jan 2020 17:21:06 +0900 Subject: [PATCH] Update analysis_processhollowing.md --- Trickbot/analysis_processhollowing.md | 28 +++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/Trickbot/analysis_processhollowing.md b/Trickbot/analysis_processhollowing.md index 9e6fe6b..0faf40d 100644 --- a/Trickbot/analysis_processhollowing.md +++ b/Trickbot/analysis_processhollowing.md @@ -22,24 +22,24 @@ ## Analysis contents ### File copy -![](https://github.com/mether049/malware/blob/master/Trickbot/img/shellexecute_2_940.png) -![](https://github.com/mether049/malware/blob/master/Trickbot/img/filecopy_1_940.png) +![](https://github.com/mether049/malware/blob/master/Trickbot/img/shellexecute_2_720.png) +![](https://github.com/mether049/malware/blob/master/Trickbot/img/filecopy_1_720.png) ![]() բնութագրվում է.exe ### VirtualAlloc and Data transition -![](https://github.com/mether049/malware/blob/master/Trickbot/img/virtualalloc_3_940.png) -![](https://github.com/mether049/malware/blob/master/Trickbot/img/datasection_4_940.png) -![](https://github.com/mether049/malware/blob/master/Trickbot/img/datacopy_5_940.png) -![](https://github.com/mether049/malware/blob/master/Trickbot/img/datacopy2_6_940.png) -![](https://github.com/mether049/malware/blob/master/Trickbot/img/decode_7_940.png) -![](https://github.com/mether049/malware/blob/master/Trickbot/img/decode2_8_940.png) -![](https://github.com/mether049/malware/blob/master/Trickbot/img/copytext_9_940.png) +![](https://github.com/mether049/malware/blob/master/Trickbot/img/virtualalloc_3_720.png) +![](https://github.com/mether049/malware/blob/master/Trickbot/img/datasection_4_720.png) +![](https://github.com/mether049/malware/blob/master/Trickbot/img/datacopy_5_720.png) +![](https://github.com/mether049/malware/blob/master/Trickbot/img/datacopy2_6_720.png) +![](https://github.com/mether049/malware/blob/master/Trickbot/img/decode_7_720.png) +![](https://github.com/mether049/malware/blob/master/Trickbot/img/decode2_8_720.png) +![](https://github.com/mether049/malware/blob/master/Trickbot/img/copytext_9_720.png) ### Createting Process and Heaven's Gate (Process Hollowing) -![](https://github.com/mether049/malware/blob/master/Trickbot/img/svchost_10_940.png) -![](https://github.com/mether049/malware/blob/master/Trickbot/img/heavensgate_11_940.png) -![](https://github.com/mether049/malware/blob/master/Trickbot/img/ntdll_12_940.png) -![](https://github.com/mether049/malware/blob/master/Trickbot/img/crccalc_13_940.png) -![](https://github.com/mether049/malware/blob/master/Trickbot/img/crccmp_14_940.png) +![](https://github.com/mether049/malware/blob/master/Trickbot/img/svchost_10_720.png) +![](https://github.com/mether049/malware/blob/master/Trickbot/img/heavensgate_11_720.png) +![](https://github.com/mether049/malware/blob/master/Trickbot/img/ntdll_12_720.png) +![](https://github.com/mether049/malware/blob/master/Trickbot/img/crccalc_13_720.png) +![](https://github.com/mether049/malware/blob/master/Trickbot/img/crccmp_14_720.png) ![]() ![]()