🛡️
./Malfav.asm
Linkedin
  • 👋./Malfav.asm
    • 🕸️Malfav Agenda
  • 🕷️Malware Introduction
    • 💡What is Malware
      • 🌠FIN Malware
      • 🦘Cyber Gang Malware
        • 🕷️Spiders Malware
      • 🕵️‍♀️Cyber Espionage Malware
      • 🍘Cyber Sabotage Malware
      • 🛴Rootkit
        • 🫚Bootkit
    • 🦫Nations State APT
      • 🗯️APT
      • 🇮🇷Iran APT
      • 🇷🇺Russian APT
      • 🇨🇳Chines APT
      • 🇮🇳India APT
      • 🇵🇰Pakistan APT
      • 🇻🇳Vietnamese APT
      • 🇰🇵North Korean APT
    • 🥋Mobile Malware
      • 📲Android Malware
        • 💰Commerical Android Malware
          • Common Android Spyware
        • 🧧Common Android Exploits
          • 0️Common Android 0day
      • 📱IPHONE Malware
        • 🐚Common IPHONE Spyware
        • 💥Commerical IPHONE Malware
        • 💣Common IPHONE Exploits
    • 📃Malicious Documents
      • 📨Excel Spreadsheets
      • 🗼PowerPoint Presentations
      • 🤺Microsoft Office Documents
      • 📑PDF
      • 📄Other Document Formats
      • 🩼Common Techniques Used in Malicious Documents
    • 🏞️Advanced Persistence Threat - APT
      • 🥠APT Groups
        • 🇨🇳Mustang Panda
        • 🛕Mustard Tempest
        • 🇨🇳Naikon
        • 🪡NEODYMIUM
        • 🇷🇺Nomadic Octopus
        • 🇮🇷OilRig
        • 🍊Orangeworm
        • 🇮🇳Patchwork
        • 🇨🇳PittyTiger
        • 🌏PLATINUM
        • 🇱🇧POLONIUM
        • 🇵🇹Poseidon Group
        • 🇹🇲PROMETHIUM
        • 🇨🇳Putter Panda
        • 🦝Rancor
        • 🇨🇳Rocke
        • 🐢RTM
        • 🇷🇺Sandworm Team
        • 🃏Scarlet Mimic
        • 🇬🇱Scattered Spider
        • 🇵🇰SideCopy
        • 🇮🇳Sidewinder
        • 🔕Silence
        • 🇮🇷Silent Librarian
        • 🇳🇬SilverTerrier
        • 🐞Sowbug
        • 🔱Strider
        • 🇨🇳Suckfly
        • 🥃TA2541
        • 🇨🇳TA459
        • 💼TA505
        • 💰TA551
        • ☁️TeamTNT
        • 🇷🇺TEMP.Veles
        • 🦳The White Company
        • 💳Threat Group-1314
        • 🫓Threat Group-3390
        • 🇨🇳Threat Group-3390
        • 🦐Thrip
        • 🐈ToddyCat
        • 🐙Tonto Team
        • 🇵🇰Transparent Tribe
        • 🐠Tropic Trooper
        • 🐢Turla
        • 🇮🇷UNC788
        • 🇱🇧Volatile Cedar
        • 🇨🇳Volt Typhoon
        • 🕊️Whitefly
        • 🔘Windigo
        • 🪽Windshift
        • 🇨🇳Winnti Group
        • 🥀WIRTE
        • 🇷🇺Wizard Spider
        • 🎪ZIRCONIUM
      • 🏹APT's Software
        • 🐀3PARA RAT
        • 🐀4H RAT
        • ⚱️AADInternals
        • 🔻ABK
        • ⚗️AbstractEmu
        • 🪱ACAD/Medre.A
        • 🇲🇰AcidRain
        • 🐬Action RAT
  • 🐁OS Internal's
    • 🍩Suspicious API's
      • 🪨Process Information API's
      • 🧩Registry API's
      • 🔒Encryption API's
      • 📯Restore Point API's
      • 👾Exfiltration API's
      • 🦉Data Wiping API's
      • 📨Shadow Copy API's
      • 🪼What is Malicious API's Functions
      • 🌪️System Information API's
      • 🌀Network Information API's
  • 🪟Windows Internal
    • 📡Windows Internal
      • 🦐Why Windows Internal ?
        • 🏵️Process
        • 🧵Thread
        • 🪭Handle
        • 🌐Memory
        • ☢️Ram
        • 🤖ROM
  • 👁️‍🗨️Malware Technique
    • 📓Malware Technique
    • 💢Obfuscation
      • 🦾Anti-Debugging Techniques
      • 🏗️Instruction Substitution
      • 📔Code Obfuscation
      • 📦Code Packing
      • 💈Polymorphism
      • 🌬️Control Flow Obfuscation
      • 🪅Data Obfuscation
      • 💅Metadata Obfuscation
      • 🎣Metamorphism
      • ⛲Runtime Obfuscation
    • 🛌Persistence Mechanism
      • 🔰Registry Persistence Mechanism
      • 🗑️Task Sch Persistence Mechanism
      • 📂Startup Folder
      • 🎋AppData Folder
      • 🪹Temp Folder
  • ⚔️Malware Resources
    • 👻Malware Resources
    • 🎇Malware Sample Resources
      • 🌡️VirusShare
      • ♠️MalShare
      • 🚥MalwareTraffic
      • 🚏Malware Bazaar
  • Malware Analysis Toolkit
    • 🧌Windows Malware Analysis Toolkit
      • 💉Common Online Malware Analysis Toolkit
        • 💎Joe Sandbox
        • 🎪VT - VirusTotal
        • 👽Threat.Zone
        • 🐦Hybrid Analysis
        • 🦄Any.run
        • 🥫Filescan
      • 🥝Static Analysis Tools
        • 🍡Advance Static Analysis Tool
      • 💠Dynamic Analysis Tool
        • Advance Dynamic Analysis Tool
      • 🥜Network Analysis Tool
      • 🥟String Dumpers Toolkit
        • 📏Strings
        • 🦞Floss
    • 📱Android Malware Analysis Toolkit
      • 🕹️Static Analysis Toolkit
      • 💠Dynamic Analysis Toolkit
      • 🫒Online Analysis Toolkit
    • 📱IPHONE Malware Analysis Toolkit
      • 🥢Static Analysis Toolkit
      • ♦️Dynamic Analysis Toolkit
    • 💻MAC OSX Malware Analysis Toolkit
      • 📯Static Analysis Toolkit
      • 🍭Dynamic Analysis Toolkit
      • 🌬️Online Analysis Toolkit
  • Books and Guidelines
    • 🔋Books and Guidelines for Malware Analysis .
      • 🏋️‍♀️Android Malware Analysis 101
      • 🥖Common Anti-Forensics
      • 🦣Memory Forensics GUI
      • 📼Assembly for Malware Analyst
      • 💾Disk Image Forensics
      • ⚡Volatility Noob to Pro
  • 📋Malware Analysis Tips
    • 🖇️Malware Analysis Tips
      • 🏮Memory Malware Analysis
      • 🐜Technique to Investigate Process
      • 💥Process Lists 1
      • 💥Process Lists 2
      • 💥Process Lists 3
  • 🧽Incident Response
    • 🐳What is Incident Response
      • Incident Response Tools
      • Incident Response Toolkit
  • Technical Analysis Report
    • 🦎Technical Analysis Report
      • 🧲Stuxnet Memory Analysis
  • 🚨Rootkit Removal
    • 🤖Rootkit Removal
  • 🗜️Antivirus Artifact
    • 〽️Antivirus Artifact
      • 🀄Antivirus Process Name
  • 🧠Malware Author Mindset
    • 💽Malware Author Mindset
      • 🍫How Malware Author Terminate Antivirus Process during runtime ?
Powered by GitBook
On this page
  1. OS Internal's
  2. Suspicious API's

Process Information API's

List of Network API's used by Malware Dude :)

  • OpenProcess: Opens a handle to a specified process, allowing malware to access and manipulate that process's memory and properties.

  • EnumProcesses: Retrieves a list of process identifiers (PIDs) for all running processes on the system, which can be used to identify and target specific processes.

  • GetProcessTimes: Provides information about the amount of time a process has spent executing in user mode and kernel mode, which can help malware assess process activity.

  • GetProcessId: Retrieves the process identifier for a given handle, which is useful for tracking or interacting with specific processes.

  • GetProcessMemoryInfo: Provides information about the memory usage of a process, including details about working set size and page file usage.

  • NtQuerySystemInformation: Provides detailed information about system processes, including their state and memory usage. It is often used for more extensive process monitoring and analysis.

  • GetModuleFileName: Retrieves the full path of the executable file for a specified module within a process, which can help malware identify and manipulate specific applications.

  • CreateRemoteThread: Creates a thread in the address space of another process, often used for code injection or to execute malicious payloads in the context of a different process.

  • WriteProcessMemory: Writes data into the memory space of another process, facilitating code injection or manipulation of process behavior.

  • ReadProcessMemory: Reads data from the memory space of another process, which can be used for stealing information or analyzing process data.

  • TerminateProcess: Terminates a specified process, which can be used by malware to kill security software or other critical processes.

  • QueryFullProcessImageName: Retrieves the full path of the executable image of a specified process, useful for identifying processes by their executable location.

  • EnumWindows: Enumerates all top-level windows on the screen, which can be used to interact with or manipulate user interfaces of running applications.

  • GetWindowThreadProcessId: Retrieves the process identifier of the process that created a specified window, useful for identifying which process owns a particular window.

  • GetCurrentProcessId: Retrieves the process identifier of the calling process, which can be used to identify or reference the process itself.

PreviousSuspicious API'sNextRegistry API's

Last updated 10 months ago

🐁
🍩
🪨
Page cover image