🦉Data Wiping API's
List of Data WipingAPI's used by Malware Dude :)
Data wiping APIs are used to securely delete data from a system to ensure that it cannot be recovered. These APIs can be utilized by malware to remove traces of its presence, destroy sensitive information, or otherwise damage a system. Here’s a list of key APIs and methods related to data wiping:
Windows APIs for Data Wiping
ZeroMemory:Description: This function fills a block of memory with zeroes. Malware might use this to clear sensitive data from memory before terminating or unloading.
SecureZeroMemory:Description: A more secure version of
ZeroMemory, provided by the Windows API to zeroize memory in a way that is less likely to be optimized away by the compiler or caching mechanisms.
DeleteFile:Description: Deletes a specified file from the filesystem. This API is often used to remove files but does not securely wipe the data (file recovery tools may still recover it).
MoveFileEx:Description: Moves or renames a file and optionally deletes it. The
MOVEFILE_DELETEflag can be used to mark a file for deletion on reboot, which may be used to remove files after other operations have completed.
SetFileAttributes:Description: Sets attributes for a file or directory. Malware might use this to mark files as hidden or system files before deletion.
WriteFile:Description: Writes data to a file. Malware can use this API to overwrite a file’s contents with random data before deleting it, making recovery more difficult.
FlushFileBuffers:Description: Flushes the data written to a file to disk. This ensures that any pending writes are completed, which can be used in conjunction with other APIs to ensure data is overwritten.
FormatVolume:Description: Formats a volume, which effectively wipes all data on it. This is a more extreme method used to completely erase all data on a storage volume.
IOCTL_DISK_SET_CACHE_INFORMATION:Description: Can be used to disable caching on a disk, making it harder for residual data to be recovered after overwriting.
Last updated