Malware Analysis - Code Injection via CreateRemoteThread & WriteProcessMemory
We take a look into the malware Gatak which uses WriteProcessMemory and CreateRemoteThread to inject code into rundll32.exe. Many thanks to @_jsoo_ for providing the sample! Malware analysis courses: https://malwareanalysis-for-hedgehogs... Buy me a coffee: https://ko-fi.com/struppigel Follow me on Twitter: / struppigel Gatak VirusBtn article: https://www.virusbulletin.com/virusbu... Sample HA: https://www.hybrid-analysis.com/sampl... Sample Any Run: https://app.any.run/tasks/80896885-8b... API Monitor: http://www.rohitab.com/apimonitor Process Explorer: https://technet.microsoft.com/en-us/s... x64dbg: http://x64dbg.com/ HxD: https://mh-nexus.de/en/hxd/
▶︎
Malware Analysis - Process Hollowing
▶︎
Unpacking Bokbot / IcedID Malware - Part 1
▶︎
Malware Analysis - When De4dot fails, Removing Anti Tamper from NullShield
▶︎
Malware Theory - Process Injection
▶︎
Malware Development: Processes, Threads, and Handles
▶︎
#8 How to Manually Unpack Malware
▶︎
Malware Analysis - RenPy game, finding malware code in 2956 files, Beginner friendly
▶︎
Unpacking Emotet / Geodo (Stage 1) Using x64dbg - Subscriber Request
▶︎
MALWARE ANALYSIS | Agent Tesla from an AutoIT EXE
▶︎
Malware Analysis Tools YOU COULD USE
▶︎
Malware Analysis - Java Malware Deobfuscation
▶︎
Analyzing the Zeus Banking Trojan - Malware Analysis Project 101
▶︎
Process Injection Techniques - Gotta Catch Them All
▶︎
Reversing WannaCry Part 1 - Finding the killswitch and unpacking the malware in #Ghidra
▶︎
Unpacking Princess Locker and Fixing Corrupted PE Header (OALabs x MalwareAnalysisForHedgehogs)
▶︎
Part 1 - Understanding Hollow Process Injection Using Reverse Engineering
▶︎
World's Deadliest Computer Virus: WannaCry
▶︎
Creator of C++: Bell Labs, Negative Overhead Abstraction, Mistakes | Bjarne Stroustrup
▶︎
Something is jamming GPS over Europe. Here's what we found
▶︎