Difference between revisions of "Process Tricks"

From Unprotect Project
Jump to: navigation, search
(Technic Description)
(Technique Description)
Line 1: Line 1:
 
==Technique Description==
 
==Technique Description==
 
__NOTOC__  
 
__NOTOC__  
Malware abuse of process trick to stay undetected. Windows API allows program to manipulate memory with some trick. Malware authors often go beyond this basic functionality to implement specific techniques to hide from the user or system administrator, using rootkits or process injection, or to otherwise thwart analysis and detection. Some of this tricks are describing here with a manner to defeat its during malware analysis.
+
Malware abuse of process trick to stay undetected. Windows API allows program to manipulate memory with some trick. Malware authors often go beyond this basic functionality to implement specific techniques to hide from the user or system administrator, using rootkits or process injection, or to otherwise thwart analysis and detection. Some of this tricks are describing here with a way to defeat its during malware analysis.
  
 
==Technics==
 
==Technics==

Revision as of 12:38, 8 November 2016

Technique Description

Malware abuse of process trick to stay undetected. Windows API allows program to manipulate memory with some trick. Malware authors often go beyond this basic functionality to implement specific techniques to hide from the user or system administrator, using rootkits or process injection, or to otherwise thwart analysis and detection. Some of this tricks are describing here with a way to defeat its during malware analysis.

Technics

Below is a list of all the process tricks technics in Unprotect Project:

Process Tricks
Techniques Description
Process hollowing Process hollowing is a technique uses by malware to inject a malicious code into another process. For example a sample can create a notepad.exe process and inject its payload.
Process camouflage
Parent process
Header entry point
Hook injection
Library injection
Executing code from memory
File hiding
Trojanizing

References