New Unprotect Delphi Code Snippet added for technique Process Hollowing, RunPE
with support of both x86-32 and x86-64 in a single code.
New Unprotect Delphi Code Snippet added for technique ProcEnvInjection - Remote code injection by abusing process environment strings
for both x86-32 and x86-64.
New Unprotect Delphi Code Snippet added for technique DLL Injection via CreateRemoteThread and LoadLibrary
with both support of x86-32 and x86-64.
This technique is often used by Malware to hide their presence on system after execution. The application self-delete after the end of its execution. The best method to archive a such goal is through process injection.
Read more...Description
This Delphi unit demonstrate how to manipulate EOF Data of a Valid Microsoft Windows Portable Executable (PE) File.
EOF (End Of File) is often used by Malware authors to offer their Malware users a way to edit Malware payload configuration (Ex: C2 informations) without having access to source code.
You often encounter such techniques in:
- Remote Access Tool/Trojan (RAT)
- File Wrapper / Binder
- Downloader
- Loader / Botnets