🛡️
./Malfav.asm
Linkedin
  • 👋./Malfav.asm
    • 🕸️Malfav Agenda
  • 🕷️Malware Introduction
    • 💡What is Malware
      • 🌠FIN Malware
      • 🦘Cyber Gang Malware
        • 🕷️Spiders Malware
      • 🕵️‍♀️Cyber Espionage Malware
      • 🍘Cyber Sabotage Malware
      • 🛴Rootkit
        • 🫚Bootkit
    • 🦫Nations State APT
      • 🗯️APT
      • 🇮🇷Iran APT
      • 🇷🇺Russian APT
      • 🇨🇳Chines APT
      • 🇮🇳India APT
      • 🇵🇰Pakistan APT
      • 🇻🇳Vietnamese APT
      • 🇰🇵North Korean APT
    • 🥋Mobile Malware
      • 📲Android Malware
        • 💰Commerical Android Malware
          • Common Android Spyware
        • 🧧Common Android Exploits
          • 0️Common Android 0day
      • 📱IPHONE Malware
        • 🐚Common IPHONE Spyware
        • 💥Commerical IPHONE Malware
        • 💣Common IPHONE Exploits
    • 📃Malicious Documents
      • 📨Excel Spreadsheets
      • 🗼PowerPoint Presentations
      • 🤺Microsoft Office Documents
      • 📑PDF
      • 📄Other Document Formats
      • 🩼Common Techniques Used in Malicious Documents
    • 🏞️Advanced Persistence Threat - APT
      • 🥠APT Groups
        • 🇨🇳Mustang Panda
        • 🛕Mustard Tempest
        • 🇨🇳Naikon
        • 🪡NEODYMIUM
        • 🇷🇺Nomadic Octopus
        • 🇮🇷OilRig
        • 🍊Orangeworm
        • 🇮🇳Patchwork
        • 🇨🇳PittyTiger
        • 🌏PLATINUM
        • 🇱🇧POLONIUM
        • 🇵🇹Poseidon Group
        • 🇹🇲PROMETHIUM
        • 🇨🇳Putter Panda
        • 🦝Rancor
        • 🇨🇳Rocke
        • 🐢RTM
        • 🇷🇺Sandworm Team
        • 🃏Scarlet Mimic
        • 🇬🇱Scattered Spider
        • 🇵🇰SideCopy
        • 🇮🇳Sidewinder
        • 🔕Silence
        • 🇮🇷Silent Librarian
        • 🇳🇬SilverTerrier
        • 🐞Sowbug
        • 🔱Strider
        • 🇨🇳Suckfly
        • 🥃TA2541
        • 🇨🇳TA459
        • 💼TA505
        • 💰TA551
        • ☁️TeamTNT
        • 🇷🇺TEMP.Veles
        • 🦳The White Company
        • 💳Threat Group-1314
        • 🫓Threat Group-3390
        • 🇨🇳Threat Group-3390
        • 🦐Thrip
        • 🐈ToddyCat
        • 🐙Tonto Team
        • 🇵🇰Transparent Tribe
        • 🐠Tropic Trooper
        • 🐢Turla
        • 🇮🇷UNC788
        • 🇱🇧Volatile Cedar
        • 🇨🇳Volt Typhoon
        • 🕊️Whitefly
        • 🔘Windigo
        • 🪽Windshift
        • 🇨🇳Winnti Group
        • 🥀WIRTE
        • 🇷🇺Wizard Spider
        • 🎪ZIRCONIUM
      • 🏹APT's Software
        • 🐀3PARA RAT
        • 🐀4H RAT
        • ⚱️AADInternals
        • 🔻ABK
        • ⚗️AbstractEmu
        • 🪱ACAD/Medre.A
        • 🇲🇰AcidRain
        • 🐬Action RAT
  • 🐁OS Internal's
    • 🍩Suspicious API's
      • 🪨Process Information API's
      • 🧩Registry API's
      • 🔒Encryption API's
      • 📯Restore Point API's
      • 👾Exfiltration API's
      • 🦉Data Wiping API's
      • 📨Shadow Copy API's
      • 🪼What is Malicious API's Functions
      • 🌪️System Information API's
      • 🌀Network Information API's
  • 🪟Windows Internal
    • 📡Windows Internal
      • 🦐Why Windows Internal ?
        • 🏵️Process
        • 🧵Thread
        • 🪭Handle
        • 🌐Memory
        • ☢️Ram
        • 🤖ROM
  • 👁️‍🗨️Malware Technique
    • 📓Malware Technique
    • 💢Obfuscation
      • 🦾Anti-Debugging Techniques
      • 🏗️Instruction Substitution
      • 📔Code Obfuscation
      • 📦Code Packing
      • 💈Polymorphism
      • 🌬️Control Flow Obfuscation
      • 🪅Data Obfuscation
      • 💅Metadata Obfuscation
      • 🎣Metamorphism
      • ⛲Runtime Obfuscation
    • 🛌Persistence Mechanism
      • 🔰Registry Persistence Mechanism
      • 🗑️Task Sch Persistence Mechanism
      • 📂Startup Folder
      • 🎋AppData Folder
      • 🪹Temp Folder
  • ⚔️Malware Resources
    • 👻Malware Resources
    • 🎇Malware Sample Resources
      • 🌡️VirusShare
      • ♠️MalShare
      • 🚥MalwareTraffic
      • 🚏Malware Bazaar
  • Malware Analysis Toolkit
    • 🧌Windows Malware Analysis Toolkit
      • 💉Common Online Malware Analysis Toolkit
        • 💎Joe Sandbox
        • 🎪VT - VirusTotal
        • 👽Threat.Zone
        • 🐦Hybrid Analysis
        • 🦄Any.run
        • 🥫Filescan
      • 🥝Static Analysis Tools
        • 🍡Advance Static Analysis Tool
      • 💠Dynamic Analysis Tool
        • Advance Dynamic Analysis Tool
      • 🥜Network Analysis Tool
      • 🥟String Dumpers Toolkit
        • 📏Strings
        • 🦞Floss
    • 📱Android Malware Analysis Toolkit
      • 🕹️Static Analysis Toolkit
      • 💠Dynamic Analysis Toolkit
      • 🫒Online Analysis Toolkit
    • 📱IPHONE Malware Analysis Toolkit
      • 🥢Static Analysis Toolkit
      • ♦️Dynamic Analysis Toolkit
    • 💻MAC OSX Malware Analysis Toolkit
      • 📯Static Analysis Toolkit
      • 🍭Dynamic Analysis Toolkit
      • 🌬️Online Analysis Toolkit
  • Books and Guidelines
    • 🔋Books and Guidelines for Malware Analysis .
      • 🏋️‍♀️Android Malware Analysis 101
      • 🥖Common Anti-Forensics
      • 🦣Memory Forensics GUI
      • 📼Assembly for Malware Analyst
      • 💾Disk Image Forensics
      • ⚡Volatility Noob to Pro
  • 📋Malware Analysis Tips
    • 🖇️Malware Analysis Tips
      • 🏮Memory Malware Analysis
      • 🐜Technique to Investigate Process
      • 💥Process Lists 1
      • 💥Process Lists 2
      • 💥Process Lists 3
  • 🧽Incident Response
    • 🐳What is Incident Response
      • Incident Response Tools
      • Incident Response Toolkit
  • Technical Analysis Report
    • 🦎Technical Analysis Report
      • 🧲Stuxnet Memory Analysis
  • 🚨Rootkit Removal
    • 🤖Rootkit Removal
  • 🗜️Antivirus Artifact
    • 〽️Antivirus Artifact
      • 🀄Antivirus Process Name
  • 🧠Malware Author Mindset
    • 💽Malware Author Mindset
      • 🍫How Malware Author Terminate Antivirus Process during runtime ?
Powered by GitBook
On this page
  1. OS Internal's
  2. Suspicious API's

Restore Point API's

List of Windows Restore Point API's used by Malware Dude :)

Windows Restore Point APIs are used to manage system restore points, which are snapshots of system files, settings, and registry information that can be used to restore a system to a previous state. These APIs are part of the Windows System Restore functionality and can be used for creating, deleting, or managing restore points.

  • SRSetRestorePoint:

    • Description: Creates a restore point. This function is part of the System Restore API and is used to create a restore point programmatically.

    • Usage: This API is used by applications to create restore points, ensuring that the system state can be reverted to this point if necessary.

  • SRRemoveRestorePoint:

    • Description: Deletes a specified restore point. This API allows for the removal of restore points, which can help manage disk space or remove unnecessary restore points.

    • Usage: Used to delete old or unnecessary restore points to free up space or clean up the system.

  • SRGetRestorePoint:

    • Description: Retrieves information about a specific restore point. This API allows querying details of existing restore points.

    • Usage: Useful for getting details about restore points, such as creation time and description.

  • `VSS (Volume Shadow Copy Service) APIs:

    • Description: While not specifically for restore points, VSS APIs like VssCreateSnapshot, VssDeleteSnapshots, and VssGetSnapshotProperties can interact with volume snapshots, which are related to system restore operations.

    • Usage: These APIs can be used to create and manage snapshots that could be involved in the restore process.

  • IVssBackupComponents Interface:

    • Description: Part of the VSS API, this interface provides methods to manage backup and restore operations, including interacting with shadow copies that could be used for system restore.

    • Usage: Useful for applications that need to manage backups and restore operations at a more granular level.

  • IVssSnapshotMgmt Interface:

    • Description: Provides methods for managing shadow copies, including creating and deleting them. While not directly for restore points, these snapshots are integral to the restore process.

    • Usage: Manages snapshots that are used in system restore and backup processes.

PreviousEncryption API'sNextExfiltration API's

Last updated 10 months ago

🐁
🍩
📯
Page cover image