diff --git a/README.md b/README.md index a97bb66..8aa149f 100644 --- a/README.md +++ b/README.md @@ -150,6 +150,23 @@ A curated list of awesome malware analysis tools and resources * [Python 3.8.0](https://www.python.org/downloads/release/python-380/) - for ret-sync & ida module * [yara-python](https://pypi.org/project/yara-python/) - require for ida module +### malicious Windows API +* malware tye + * downloader + * urldownloadtofile + * shellexec + * dropper + * findresource + * loadresource + * lockresource + * sizeofresource + * keylogger + * getkeystate + * getasynckeystate + * setwindowshook + * c2 server + * internetopenurla + * socket ### Tips @@ -172,6 +189,7 @@ A curated list of awesome malware analysis tools and resources * we can use psscan command in volatility for finding rootkit and hidden process * .pdb file is so important for detection function name and indexing of system dll that use in malware * in vmware we can suspend vm and copy .vmem for memory analysis. the file size is equal to whole memory size +* in ida pro use [tab] key to decompile code, use [x] key to find how many time item called in pe file