Data Wiping API's

List of Data WipingAPI's used by Malware Dude :)

Data wiping APIs are used to securely delete data from a system to ensure that it cannot be recovered. These APIs can be utilized by malware to remove traces of its presence, destroy sensitive information, or otherwise damage a system. Here’s a list of key APIs and methods related to data wiping:

Windows APIs for Data Wiping

ZeroMemory:
- Description: This function fills a block of memory with zeroes. Malware might use this to clear sensitive data from memory before terminating or unloading.
SecureZeroMemory:
- Description: A more secure version of ZeroMemory, provided by the Windows API to zeroize memory in a way that is less likely to be optimized away by the compiler or caching mechanisms.
DeleteFile:
- Description: Deletes a specified file from the filesystem. This API is often used to remove files but does not securely wipe the data (file recovery tools may still recover it).
MoveFileEx:
- Description: Moves or renames a file and optionally deletes it. The MOVEFILE_DELETE flag can be used to mark a file for deletion on reboot, which may be used to remove files after other operations have completed.
SetFileAttributes:
- Description: Sets attributes for a file or directory. Malware might use this to mark files as hidden or system files before deletion.
WriteFile:
- Description: Writes data to a file. Malware can use this API to overwrite a file’s contents with random data before deleting it, making recovery more difficult.
FlushFileBuffers:
- Description: Flushes the data written to a file to disk. This ensures that any pending writes are completed, which can be used in conjunction with other APIs to ensure data is overwritten.
FormatVolume:
- Description: Formats a volume, which effectively wipes all data on it. This is a more extreme method used to completely erase all data on a storage volume.
IOCTL_DISK_SET_CACHE_INFORMATION:
- Description: Can be used to disable caching on a disk, making it harder for residual data to be recovered after overwriting.

PreviousExfiltration API's NextShadow Copy API's

Last updated 7 months ago

Data Wiping API's

List of Data WipingAPI's used by Malware Dude :)

Windows APIs for Data Wiping

ZeroMemory:
- Description: This function fills a block of memory with zeroes. Malware might use this to clear sensitive data from memory before terminating or unloading.
SecureZeroMemory:
- Description: A more secure version of ZeroMemory, provided by the Windows API to zeroize memory in a way that is less likely to be optimized away by the compiler or caching mechanisms.
DeleteFile:
- Description: Deletes a specified file from the filesystem. This API is often used to remove files but does not securely wipe the data (file recovery tools may still recover it).
MoveFileEx:
- Description: Moves or renames a file and optionally deletes it. The MOVEFILE_DELETE flag can be used to mark a file for deletion on reboot, which may be used to remove files after other operations have completed.
SetFileAttributes:
- Description: Sets attributes for a file or directory. Malware might use this to mark files as hidden or system files before deletion.
WriteFile:
- Description: Writes data to a file. Malware can use this API to overwrite a file’s contents with random data before deleting it, making recovery more difficult.
FlushFileBuffers:
- Description: Flushes the data written to a file to disk. This ensures that any pending writes are completed, which can be used in conjunction with other APIs to ensure data is overwritten.
FormatVolume:
- Description: Formats a volume, which effectively wipes all data on it. This is a more extreme method used to completely erase all data on a storage volume.
IOCTL_DISK_SET_CACHE_INFORMATION:
- Description: Can be used to disable caching on a disk, making it harder for residual data to be recovered after overwriting.

PreviousExfiltration API's NextShadow Copy API's

Last updated 7 months ago