book

Learning Malware Analysis

by Monnappa K A

June 2018

Beginner

510 pages

13h 7m

English

Packt Publishing

Read now

Unlock full access

Content preview from Learning Malware Analysis

2.1 Hollow Process Injection Steps

The following steps describe how malware normally performs process hollowing. Let’s assume that there are two processes, A and B. In this case, process A is the malicious process and process B is the legitimate process (also known as a remote process) such as explorer.exe:

Process A starts a legitimate process, B, in the suspended mode. As a result of that, the executable section of process B is loaded in the memory, and the PEB (Process Environment Block) identifies the full path to the legitimate process. The PEB structure's ImageBaseAddress field points to the base address where the legitimate process executable is loaded.
Process A gets the malicious executable that will be injected into the remote ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Practical Malware Analysis

Michael Sikorski, Andrew Honig

Malware Analysis Techniques

Dylan Barker

Mastering Malware Analysis

Alexey Kleymenov, Amr Thabet

Evasive Malware

Kyle Cucci

Publisher Resources

ISBN: 9781788392501Other