Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Malware Analysis - Code Injection via CreateRemoteThread & WriteProcessMemory
#1

Published on May 3, 2017
We take a look into the malware Gatak which uses WriteProcessMemory and CreateRemoteThread to inject code into rundll32.exe.
Many thanks to @_jsoo_ for providing the sample!

Follow me on Twitter: https://twitter.com/struppigel

Gatak VirusBtn article: https://www.virusbulletin.com/virusbu...
Sample: https://www.hybrid-analysis.com/sampl...
API Monitor: http://www.rohitab.com/apimonitor
Process Explorer: https://technet.microsoft.com/en-us/s...
x64dbg: http://x64dbg.com/
HxD: https://mh-nexus.de/en/hxd/
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Malware adds Any.Run sandbox detection to evade analysis tarekma7 2 3,457 07-14-2020 , 11:01 PM
Last Post: uyar64
  The new landscape of pre-installed mobile malware: malicious code within Mohammad.Poorya 0 2,291 01-03-2019 , 05:05 AM
Last Post: Mohammad.Poorya
  "Early Bird" Code Injection Technique Helps Malware Stay Undetected tarekma7 0 2,176 04-13-2018 , 06:29 PM
Last Post: tarekma7
  Malware Analysis - Deobfuscating Loyeetro Trojan-Spy baziroll 0 2,439 08-18-2017 , 12:49 AM
Last Post: baziroll
  Malware Analysis - Unpacking RunPE Loyeetro Trojan baziroll 0 2,278 08-09-2017 , 02:19 AM
Last Post: baziroll

Forum Jump:


Users browsing this thread: 1 Guest(s)