HTTP 200 OK
Allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"id": 93,
"key": "dll-injection-via-createremotethread-and-loadlibrary",
"unprotect_id": "U1226, E1055.001",
"name": "DLL Injection via CreateRemoteThread and LoadLibrary",
"description": "DLL Injection Via `CreateRemoteThread` and `LoadLibrary` is a technique used by malware to inject its code into a legitimate process. This technique is similar to hook injection, where the malware inserts a malicious DLL to be used by the system. It is one of the most common techniques used to inject malware into another process.\r\n\r\nThe malware writes the path to its malicious dynamic-link library (DLL) in the virtual address space of the target process, and then creates a remote thread in the target process. The thread's start address is the `LoadLibrary` function, which is used to load the malicious DLL into the target process's address space. This allows the malware to execute its code within the context of the target process, without creating new processes or threads.",
"resources": "https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process",
"creation_date": "2019-03-18T14:47:37Z",
"tags": "DLL Injection, CreateRemoteThread, LoadLibrary, malware, hook injection, process, system, code injection, legitimate process, virtual address space, remote thread, target process, LoadLibrary function, malicious DLL, execution,",
"modification_date": "2023-10-04T10:43:55.058000Z",
"category": [
4
],
"rules": [],
"attachments": [],
"featured_api": [
1,
3,
4,
5,
6,
7,
8,
9,
10,
23,
24,
355,
381,
419,
425
],
"contributors": []
}
