Книга: Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
Назад: Labs
Дальше: B. Tools for Malware Analysis
for an in-depth explanation of COM.connectUsed to connect to a remote socket. Malware often uses low-level functionality to connect to a command-and-control server.
ConnectNamedPipe.
Wow64DisableWow64FsRedirectionDisables file redirection that occurs in 32-bit files loaded on a 64-bit system. If a 32-bit application writes to C:\Windows\System32 after calling this function, then it will write to the real C:\Windows\System32 instead of being redirected to C:\Windows\SysWOW64.
WriteProcessMemoryUsed to write data to a remote process. Malware uses WriteProcessMemory as part of process injection.
WSAStartupUsed to initialize low-level network functionality. Finding calls to WSAStartup can often be an easy way to locate the start of network-related functionality.
connectUsed to connect to a remote socket. Malware often uses low-level functionality to connect to a command-and-control server.
ConnectNamedPipe.
Wow64DisableWow64FsRedirectionDisables file redirection that occurs in 32-bit files loaded on a 64-bit system. If a 32-bit application writes to C:\Windows\System32 after calling this function, then it will write to the real C:\Windows\System32 instead of being redirected to C:\Windows\SysWOW64.
WriteProcessMemoryUsed to write data to a remote process. Malware uses WriteProcessMemory as part of process injection.
WSAStartupUsed to initialize low-level network functionality. Finding calls to WSAStartup can often be an easy way to locate the start of network-related functionality.
Назад: Labs
Дальше: B. Tools for Malware Analysis
Войти в систему
Войти с помощью соц. сетей:
