Secret weapon how to promote your YouTube channel
AnimalsBabiesBeautifulCatsCreativeCute Dogs EducationalFunnyHeartwarmingHolidaysIncredible
Inspirational Interesting LoveMusicNatureOopsPerformancePranksScienceSportsTechnologyUnexpected
 Funny Cats  Funny Puppies  Cover Song Competition
Get Free YouTube Subscribers, Views and Likes

Malware Evasion Techniques: API Unhooking

Follow
Anuj Soni

Description: In this video, we explore a malware evasion technique API unhooking.

Timestamps:
00:00 Intro
00:37 Inline hooking explained
02:04 Introducing fridatrace
04:12 Static analysis of Gazprom ransomware
06:18 Patching Gazprom sample
07:37 Hooking Gazprom with fridatrace
09:50 Identifying API unhooking code using x64dbg
12:14 Reviewing API unhooking code using Ghidra
19:39 Debugging API unhooking code using x64dbg

Have malware analysis questions or topics you'd like me to cover? Leave a comment and let me know!

SANS Malware Analysis Courses I Author and Teach:
https://sans.org/for610 (coauthor with Lenny Zeltser)
https://sans.org/for710

Sample: https://github.com/as0ni/youtubefile...
Password: infected
Unzipped SHA256: 32ec301f02dfa21932679726f07e30f9c807391aaf1044278c0e0b2c0dc8ebdf
Description: Gazprom Ransomware Sample

Tools
Frida: https://frida.re/
PEStudio: https://www.winitor.com/download
Process Hacker: https://processhacker.sourceforge.io/...
x64dbg: https://x64dbg.com/
Ghidra: https://ghidrasre.org/

Find Anuj Soni on X: https://x.com/asoni
Connect on LinkedIn:   / sonianuj  

posted by intapymariermck


Decode Malware Strings with Conditional Breakpoints
Decode Malware Strings with Conditional Breakpoints
Analyzing the FBI's Qakbot Takedown Code
Analyzing the FBI's Qakbot Takedown Code
An Intro to Binary Ninja (Free) for Malware Analysis
An Intro to Binary Ninja (Free) for Malware Analysis
Analyzing and Unpacking Qakbot using Binary Ninja Automation
Analyzing and Unpacking Qakbot using Binary Ninja Automation
I Tried Ghidra's BSim Feature
I Tried Ghidra's BSim Feature
Finding the Entrypoint of iOS Apps in Ghidra
Finding the Entrypoint of iOS Apps in Ghidra
Malware Analysis Tools YOU COULD USE
Malware Analysis Tools YOU COULD USE
I Made Malware In Under 20 Minutes
I Made Malware In Under 20 Minutes
Free Coding Tool Distributes Malware
Free Coding Tool Distributes Malware
Identifying Code Reuse in Ransomware with Ghidra and BinDiff
Identifying Code Reuse in Ransomware with Ghidra and BinDiff
How I Debug DLL Malware (Emotet)
How I Debug DLL Malware (Emotet)
Reverse Engineering Malware with Ghidra
Reverse Engineering Malware with Ghidra
6 Tips to Get Started with Malware Analysis
6 Tips to Get Started with Malware Analysis
Code Analysis with Ghidra
Code Analysis with Ghidra
Malware Detection Evasion with Debugging | TryHackMe Dynamic Malware Analysis
Malware Detection Evasion with Debugging | TryHackMe Dynamic Malware Analysis
Can this BYPASS Windows Defender???
Can this BYPASS Windows Defender???
Make Malware Analysis FASTER with Binary Emulation
Make Malware Analysis FASTER with Binary Emulation
Writing Custom Malware: Import Address Table Hooking
Writing Custom Malware: Import Address Table Hooking
Recommended
All The HOWs of 2017
All The HOWs of 2017
02:01
Now You See Who's The Last To Laugh
Now You See Who's The Last To Laugh
00:10
One Dance, Hundred Places - You Won't Get Bored!
One Dance, Hundred Places - You Won't Get Bored!
03:10
This Girl Got Something To Wiggle!
This Girl Got Something To Wiggle!
02:48
25 Halloween Life Hacks Put On Test & Approved!
25 Halloween Life Hacks Put On Test & Approved!
11:07
High School Love & Other Disasters
High School Love & Other Disasters
04:47
Every Time Your Diet Is Over...
Every Time Your Diet Is Over...
02:29
AnimalsBabiesBeautifulCatsCreativeCute Dogs EducationalFunnyHeartwarmingHolidaysIncredible
Inspirational Interesting LoveMusicNatureOopsPerformancePranksScienceSportsTechnologyUnexpected
 Funny Cats  Cute Puppies  Top Music Talents
doovi © | 2014-2018
YouTube Subscriber Count
Real YouTube Subscribers
Follow us at Facebook
Terms of Service
Follow us at YouTube
Powered by