HTTP 200 OK
Allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"id": 113,
"key": "apc-injection",
"unprotect_id": "U1221, E1055.004",
"name": "APC injection",
"description": "Malware can take advantage of Asynchronous Procedure Calls (APC) to force another thread to execute their custom code by attaching it to the APC Queue of the target thread.\r\n\r\nEach thread has a queue of APCs which are waiting for execution upon the target thread entering alterable state.\r\n\r\nA thread enters an alert table state if it calls `SleepEx`, `SignalObjectAndWait`, `MsgWaitForMultipleObjectsEx`, `WaitForMultipleObjectsEx`, or `WaitForSingleObjectEx` functions. The malware usually looks for any thread that is in an alterable state, and then calls `OpenThread` and `QueueUserAPC` to queue an APC to a thread.",
"resources": "",
"creation_date": "2019-03-23T17:21:25Z",
"tags": "Asynchronous Procedure Calls (APC), custom code, APC Queue, target thread, alterable state, SleepEx, SignalObjectAndWait, MsgWaitForMultipleObjectsEx, WaitForMultipleObjectsEx, WaitForSingleObjectEx, OpenThread, QueueUserAPC, Malware, thread, execution",
"modification_date": "2023-10-04T10:39:04.584000Z",
"category": [
4
],
"rules": [],
"attachments": [],
"featured_api": [
3,
4,
6,
11,
12,
13,
14,
15,
16,
17,
18,
19,
20,
21,
22,
23,
24,
25,
26,
27,
28,
29,
30,
132,
239,
290,
295,
381,
399,
419
],
"contributors": []
}
