Promo2day | Giveaways, Offers, Crypto and Much More Security Center Malware v
Malware Analysis - Code Injection via CreateRemoteThread & WriteProcessMemory

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Malware Analysis - Code Injection via CreateRemoteThread & WriteProcessMemory
baziroll Offline
ツツツツツツツツツ
*****
MotM
Posts: 8,358
Threads: 4,009
Thanks Received: 11,372 in 4,807 posts
Thanks Given: 33,541
Joined: Jan 2016
Reputation: 196 000000
#1
05-03-2017 , 10:24 PM

Published on May 3, 2017
We take a look into the malware Gatak which uses WriteProcessMemory and CreateRemoteThread to inject code into rundll32.exe.
Many thanks to @_jsoo_ for providing the sample!

Follow me on Twitter: https://twitter.com/struppigel

Gatak VirusBtn article: https://www.virusbulletin.com/virusbu...
Sample: https://www.hybrid-analysis.com/sampl...
API Monitor: http://www.rohitab.com/apimonitor
Process Explorer: https://technet.microsoft.com/en-us/s...
x64dbg: http://x64dbg.com/
HxD: https://mh-nexus.de/en/hxd/
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Malware adds Any.Run sandbox detection to evade analysis tarekma7 2 3,803 07-14-2020 , 11:01 PM
Last Post: uyar64
  The new landscape of pre-installed mobile malware: malicious code within Mohammad.Poorya 0 2,508 01-03-2019 , 05:05 AM
Last Post: Mohammad.Poorya
  "Early Bird" Code Injection Technique Helps Malware Stay Undetected tarekma7 0 2,402 04-13-2018 , 06:29 PM
Last Post: tarekma7
  Malware Analysis - Deobfuscating Loyeetro Trojan-Spy baziroll 0 2,663 08-18-2017 , 12:49 AM
Last Post: baziroll
  Malware Analysis - Unpacking RunPE Loyeetro Trojan baziroll 0 2,501 08-09-2017 , 02:19 AM
Last Post: baziroll



Users browsing this thread: 1 Guest(s)