👾Exfiltration API's

List of Exfiltration API's by Malware Dude :)

For data exfiltration, malware often uses specific APIs and techniques to extract and transfer data from compromised systems to remote servers or other destinations. Here’s a list of key APIs and methods related to data exfiltration:

APIs Used for Data Exfiltration

WinINet API:
- InternetOpen: Opens a handle to the WinINet library, allowing the application to make network requests.
- InternetOpenUrl: Opens a URL and retrieves data from a specified address, often used for sending data to a remote server.
- InternetReadFile: Reads data from an open URL, which can be used to download additional payloads or exfiltrate data.
- InternetWriteFile: Writes data to an open URL, useful for sending data to a remote server.
WinHTTP API:
- WinHttpOpen: Initializes a WinHTTP session, allowing for HTTP or HTTPS requests.
- WinHttpConnect: Connects to a specified HTTP server, enabling data transmission.
- WinHttpSendRequest: Sends an HTTP request to a server, which can be used for exfiltrating data.
- WinHttpReceiveResponse: Receives a response from the server, useful for handling the data after sending it.
Socket API:
- socket: Creates a socket, which can be used for establishing network connections.
- connect: Connects a socket to a specified address and port, enabling communication with a remote server.
- send: Sends data over a network socket, used for transferring exfiltrated data.
- recv: Receives data from a network socket, useful for receiving commands or additional instructions.
File APIs:
- CreateFile: Opens or creates a file, which can be used to read or write data for exfiltration purposes.
- ReadFile: Reads data from a file, which can then be sent out to an external destination.
- WriteFile: Writes data to a file, which can be used to temporarily store data before exfiltration.
Named Pipes API:
- CreateNamedPipe: Creates a named pipe for inter-process communication, which can be used to transfer data between processes.
- ReadFile and WriteFile: Used for reading from and writing to named pipes, facilitating data transfer.
Remote Procedure Call (RPC) API:
- RpcServerRegisterIf: Registers an RPC interface, enabling communication between processes on the same or different systems.
- RpcCall: Calls a remote procedure, which can be used for data transfer or command execution.
Registry APIs:
- RegOpenKeyEx: Opens a registry key to read or write configuration data.
- RegQueryValueEx: Retrieves data from a registry key, which can be exfiltrated or used for configuration purposes.

PreviousRestore Point API's NextData Wiping API's

Last updated 7 months ago

👾Exfiltration API's

List of Exfiltration API's by Malware Dude :)

APIs Used for Data Exfiltration

WinINet API:
- InternetOpen: Opens a handle to the WinINet library, allowing the application to make network requests.
- InternetOpenUrl: Opens a URL and retrieves data from a specified address, often used for sending data to a remote server.
- InternetReadFile: Reads data from an open URL, which can be used to download additional payloads or exfiltrate data.
- InternetWriteFile: Writes data to an open URL, useful for sending data to a remote server.
WinHTTP API:
- WinHttpOpen: Initializes a WinHTTP session, allowing for HTTP or HTTPS requests.
- WinHttpConnect: Connects to a specified HTTP server, enabling data transmission.
- WinHttpSendRequest: Sends an HTTP request to a server, which can be used for exfiltrating data.
- WinHttpReceiveResponse: Receives a response from the server, useful for handling the data after sending it.
Socket API:
- socket: Creates a socket, which can be used for establishing network connections.
- connect: Connects a socket to a specified address and port, enabling communication with a remote server.
- send: Sends data over a network socket, used for transferring exfiltrated data.
- recv: Receives data from a network socket, useful for receiving commands or additional instructions.
File APIs:
- CreateFile: Opens or creates a file, which can be used to read or write data for exfiltration purposes.
- ReadFile: Reads data from a file, which can then be sent out to an external destination.
- WriteFile: Writes data to a file, which can be used to temporarily store data before exfiltration.
Named Pipes API:
- CreateNamedPipe: Creates a named pipe for inter-process communication, which can be used to transfer data between processes.
- ReadFile and WriteFile: Used for reading from and writing to named pipes, facilitating data transfer.
Remote Procedure Call (RPC) API:
- RpcServerRegisterIf: Registers an RPC interface, enabling communication between processes on the same or different systems.
- RpcCall: Calls a remote procedure, which can be used for data transfer or command execution.
Registry APIs:
- RegOpenKeyEx: Opens a registry key to read or write configuration data.
- RegQueryValueEx: Retrieves data from a registry key, which can be exfiltrated or used for configuration purposes.

PreviousRestore Point API's NextData Wiping API's

Last updated 7 months ago