Process Tricks

From Unprotect Project
Revision as of 11:38, 8 November 2016 by Admin (talk | contribs) (Technique Description)

Jump to: navigation, search

Technique Description

Malware abuse of process trick to stay undetected. Windows API allows program to manipulate memory with some trick. Malware authors often go beyond this basic functionality to implement specific techniques to hide from the user or system administrator, using rootkits or process injection, or to otherwise thwart analysis and detection. Some of this tricks are describing here with a way to defeat its during malware analysis.

Technics

Below is a list of all the process tricks technics in Unprotect Project:

Process Tricks
Techniques Description
Process hollowing Process hollowing is a technique uses by malware to inject a malicious code into another process. For example a sample can create a notepad.exe process and inject its payload.
Process camouflage
Parent process
Header entry point
Hook injection
Library injection
Executing code from memory
File hiding
Trojanizing

References