We take a look into the malware Gatak which uses WriteProcessMemory and CreateRemoteThread to inject code into rundll32.exe.
Many thanks to @_jsoo_ for providing the sample!
My malware analysis course for beginners: www.udemy.com/...
Buy me a coffee: ko-fi.com/stru...
Follow me on Twitter: / struppigel
Gatak VirusBtn article: www.virusbulle...
Sample HA: www.hybrid-ana...
Sample Any Run: app.any.run/ta...
API Monitor: www.rohitab.com...
Process Explorer: technet.micros...
x64dbg: x64dbg.com/
HxD: mh-nexus.de/en...
Негізгі бет Malware Analysis - Code Injection via CreateRemoteThread & WriteProcessMemory
Пікірлер: 16