Difference between revisions of "Process Tricks"

From Unprotect Project
Jump to: navigation, search
(Technics)
(Technics)
Line 13: Line 13:
 
!Description
 
!Description
 
|-
 
|-
|colspan="2"|
+
!colspan="2"|Process hollowing
 
|
 
|
 
|-
 
|-
|colspan="2"|
+
!colspan="2"|Process camouflage
 
|
 
|
 
|-
 
|-
|colspan="2"|
+
!colspan="2"|Parent process
 
|
 
|
 
|-
 
|-
|colspan="2"|
+
!colspan="2"|Header entry point
 
|
 
|
 
|-
 
|-
|colspan="2"|
+
!colspan="2"|Hook injection
 
|
 
|
 
|-
 
|-
|colspan="2"|
+
!colspan="2"|Library injection
 
|
 
|
 
|-
 
|-
 +
!colspan="2"|Executing code from memory
 +
|
 +
|-
 +
!colspan="2"|File hiding
 +
|
 +
|-
 +
!colspan="2"|Trojanizing
 +
|
 
|}
 
|}
  
 
==References==
 
==References==

Revision as of 19:46, 6 November 2016

Technic Description

Malware abuse of process trick to stay undetected.

Technics

Below is a list of all the process tricks technics in Unprotect Project:

Process Tricks
Techniques Description
Process hollowing
Process camouflage
Parent process
Header entry point
Hook injection
Library injection
Executing code from memory
File hiding
Trojanizing

References