🧩Registry API's

List of Registry API's used by Malware Dude :)

Malware often uses Windows Registry API functions to manipulate or access registry keys and values for various malicious purposes, such as persistence, hiding its presence, or configuring its behavior. Here’s a list of Registry APIs commonly exploited by malware:

RegOpenKeyEx: Opens a specified registry key, allowing malware to access or modify the contents of the key.
RegCreateKeyEx: Creates a new registry key or opens an existing key, which can be used to add or modify registry entries.
RegSetValueEx: Sets the data for a specified registry value, which can be used to store configuration data or persistence mechanisms.
RegQueryValueEx: Retrieves the data for a specified registry value, allowing malware to read configuration data or other information.
RegDeleteValue: Deletes a specified registry value, which can be used to remove evidence of malicious activity or disable security settings.
RegDeleteKey: Deletes a specified registry key, which can be used to remove registry entries associated with malware.
RegEnumKeyEx: Enumerates the subkeys of a specified registry key, allowing malware to explore and manipulate registry structures.
RegEnumValue: Enumerates the values of a specified registry key, which can be used to identify and manipulate existing registry values.
RegFlushKey: Writes any changes made to the registry key to disk, ensuring that modifications persist across system reboots.
RegLoadKey: Loads a registry hive from a file, allowing malware to modify or add registry data from external sources.
RegUnLoadKey: Unloads a registry hive, which can be used to remove or hide changes made to the registry.
RegOpenCurrentUser: Opens the registry key for the current user, which can be used to modify user-specific settings or persistence mechanisms.
RegOpenUserClassesRoot: Opens the registry key for user-specific settings related to file associations and application settings.

These APIs allow malware to interact with the Windows Registry in various ways, facilitating activities such as persistence, configuration, and evasion. Understanding these functions is crucial for developing effective detection and mitigation strategies.

PreviousProcess Information API's NextEncryption API's

Last updated 7 months ago

🧩Registry API's

List of Registry API's used by Malware Dude :)

RegOpenKeyEx: Opens a specified registry key, allowing malware to access or modify the contents of the key.
RegCreateKeyEx: Creates a new registry key or opens an existing key, which can be used to add or modify registry entries.
RegSetValueEx: Sets the data for a specified registry value, which can be used to store configuration data or persistence mechanisms.
RegQueryValueEx: Retrieves the data for a specified registry value, allowing malware to read configuration data or other information.
RegDeleteValue: Deletes a specified registry value, which can be used to remove evidence of malicious activity or disable security settings.
RegDeleteKey: Deletes a specified registry key, which can be used to remove registry entries associated with malware.
RegEnumKeyEx: Enumerates the subkeys of a specified registry key, allowing malware to explore and manipulate registry structures.
RegEnumValue: Enumerates the values of a specified registry key, which can be used to identify and manipulate existing registry values.
RegFlushKey: Writes any changes made to the registry key to disk, ensuring that modifications persist across system reboots.
RegLoadKey: Loads a registry hive from a file, allowing malware to modify or add registry data from external sources.
RegUnLoadKey: Unloads a registry hive, which can be used to remove or hide changes made to the registry.
RegOpenCurrentUser: Opens the registry key for the current user, which can be used to modify user-specific settings or persistence mechanisms.
RegOpenUserClassesRoot: Opens the registry key for user-specific settings related to file associations and application settings.

PreviousProcess Information API's NextEncryption API's

Last updated 7 months ago