Coursera Plus Annual is 40% Off — Ends July 6.

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Independent

PE Injection Study

Malware Unicorn via Independent

Go to class Write review
Scrimba Ad

Get 20% off all career paths from fullstack to AI

Learn More → Coursera Ad

Learn AI, Data Science & Business — Earn Certificates That Get You Hired

Learn More →

Overview

AI, Data Science & Cloud Certificates from Google, IBM & Meta — 40% Off
One plan covers every Professional Certificate on Coursera. 40% off Coursera Plus Annual.
Unlock All Certificates

The intent of this workshop is to reverse engineer existing malware to extract the portable executable (PE) injection technique to be replicated for use for red team operation tooling. The content of this workshop will begin by reverse engineering the malware Cryptowall and then go over the injection technique. The injection sequence consists of writing code into a newly created executable section in the target process, then using NtQueueApcThread to execute the target code.

Syllabus

Introduction
Background
Environment Setup
PE Injection
Manual Unpacking: Extracting the First Routine
Unpacking: Control Flow Obfuscation
Unpacking: Setting up Imports and Final Unpacking
Unpacking: Cryptowall Unpacked Code
Unpacking: Import Table Restoration
Injection Into Explorer: New Section Creation
Injection Into Explorer: Spawning a New Thread
Appendix

Reviews

Start your review of PE Injection Study

Go to class

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.