1
0
mirror of https://github.com/nganhkhoa/malware.git synced 2024-06-10 21:32:07 +07:00

Update analysis_processhollowing.md

This commit is contained in:
MxExTxH 2020-01-03 17:21:06 +09:00 committed by GitHub
parent 641e37c864
commit bfb241ed5e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -22,24 +22,24 @@
## Analysis contents
### File copy
![](https://github.com/mether049/malware/blob/master/Trickbot/img/shellexecute_2_940.png)
![](https://github.com/mether049/malware/blob/master/Trickbot/img/filecopy_1_940.png)
![](https://github.com/mether049/malware/blob/master/Trickbot/img/shellexecute_2_720.png)
![](https://github.com/mether049/malware/blob/master/Trickbot/img/filecopy_1_720.png)
![]()
բնութագրվում է.exe
### VirtualAlloc and Data transition
![](https://github.com/mether049/malware/blob/master/Trickbot/img/virtualalloc_3_940.png)
![](https://github.com/mether049/malware/blob/master/Trickbot/img/datasection_4_940.png)
![](https://github.com/mether049/malware/blob/master/Trickbot/img/datacopy_5_940.png)
![](https://github.com/mether049/malware/blob/master/Trickbot/img/datacopy2_6_940.png)
![](https://github.com/mether049/malware/blob/master/Trickbot/img/decode_7_940.png)
![](https://github.com/mether049/malware/blob/master/Trickbot/img/decode2_8_940.png)
![](https://github.com/mether049/malware/blob/master/Trickbot/img/copytext_9_940.png)
![](https://github.com/mether049/malware/blob/master/Trickbot/img/virtualalloc_3_720.png)
![](https://github.com/mether049/malware/blob/master/Trickbot/img/datasection_4_720.png)
![](https://github.com/mether049/malware/blob/master/Trickbot/img/datacopy_5_720.png)
![](https://github.com/mether049/malware/blob/master/Trickbot/img/datacopy2_6_720.png)
![](https://github.com/mether049/malware/blob/master/Trickbot/img/decode_7_720.png)
![](https://github.com/mether049/malware/blob/master/Trickbot/img/decode2_8_720.png)
![](https://github.com/mether049/malware/blob/master/Trickbot/img/copytext_9_720.png)
### Createting Process and Heaven's Gate (Process Hollowing)
![](https://github.com/mether049/malware/blob/master/Trickbot/img/svchost_10_940.png)
![](https://github.com/mether049/malware/blob/master/Trickbot/img/heavensgate_11_940.png)
![](https://github.com/mether049/malware/blob/master/Trickbot/img/ntdll_12_940.png)
![](https://github.com/mether049/malware/blob/master/Trickbot/img/crccalc_13_940.png)
![](https://github.com/mether049/malware/blob/master/Trickbot/img/crccmp_14_940.png)
![](https://github.com/mether049/malware/blob/master/Trickbot/img/svchost_10_720.png)
![](https://github.com/mether049/malware/blob/master/Trickbot/img/heavensgate_11_720.png)
![](https://github.com/mether049/malware/blob/master/Trickbot/img/ntdll_12_720.png)
![](https://github.com/mether049/malware/blob/master/Trickbot/img/crccalc_13_720.png)
![](https://github.com/mether049/malware/blob/master/Trickbot/img/crccmp_14_720.png)
![]()
![]()