👾Exfiltration API's

List of Exfiltration API's by Malware Dude :)

For data exfiltration, malware often uses specific APIs and techniques to extract and transfer data from compromised systems to remote servers or other destinations. Here’s a list of key APIs and methods related to data exfiltration:

APIs Used for Data Exfiltration

1. WinINet API:

   • InternetOpen: Opens a handle to the WinINet library, allowing the application to make network requests.

   • InternetOpenUrl: Opens a URL and retrieves data from a specified address, often used for sending data to a remote server.

   • InternetReadFile: Reads data from an open URL, which can be used to download additional payloads or exfiltrate data.

   • InternetWriteFile: Writes data to an open URL, useful for sending data to a remote server.

2. WinHTTP API:

   • WinHttpOpen: Initializes a WinHTTP session, allowing for HTTP or HTTPS requests.

   • WinHttpConnect: Connects to a specified HTTP server, enabling data transmission.

   • WinHttpSendRequest: Sends an HTTP request to a server, which can be used for exfiltrating data.

   • WinHttpReceiveResponse: Receives a response from the server, useful for handling the data after sending it.

3. Socket API:

   • socket: Creates a socket, which can be used for establishing network connections.

   • connect: Connects a socket to a specified address and port, enabling communication with a remote server.

   • send: Sends data over a network socket, used for transferring exfiltrated data.

   • recv: Receives data from a network socket, useful for receiving commands or additional instructions.

4. File APIs:

   • CreateFile: Opens or creates a file, which can be used to read or write data for exfiltration purposes.

   • ReadFile: Reads data from a file, which can then be sent out to an external destination.

   • WriteFile: Writes data to a file, which can be used to temporarily store data before exfiltration.

5. Named Pipes API:

   • CreateNamedPipe: Creates a named pipe for inter-process communication, which can be used to transfer data between processes.

   • ReadFile and WriteFile: Used for reading from and writing to named pipes, facilitating data transfer.

6. Remote Procedure Call (RPC) API:

   • RpcServerRegisterIf: Registers an RPC interface, enabling communication between processes on the same or different systems.

   • RpcCall: Calls a remote procedure, which can be used for data transfer or command execution.

7. Registry APIs:

   • RegOpenKeyEx: Opens a registry key to read or write configuration data.

   • RegQueryValueEx: Retrieves data from a registry key, which can be exfiltrated or used for configuration purposes.