Update README.md

2024-12-18 10:26:08 +00:00 · 2022-01-08 20:14:01 +03:30 · 2022-01-08 20:14:01 +03:30 · 7dc03df452
commit 7dc03df452
parent 53c1290535
1 changed files with 18 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -150,6 +150,23 @@ A curated list of awesome malware analysis tools and resources
 * [Python 3.8.0](https://www.python.org/downloads/release/python-380/) - for ret-sync & ida module
 * [yara-python](https://pypi.org/project/yara-python/) - require for ida module 

+### malicious Windows API
+* malware tye
+  * downloader
+    * urldownloadtofile
+    * shellexec 
+  * dropper
+    * findresource
+    * loadresource
+    * lockresource
+    * sizeofresource 
+  * keylogger
+    * getkeystate
+    * getasynckeystate
+    * setwindowshook 
+  * c2 server 
+    * internetopenurla
+    * socket 


 ### Tips
@ -172,6 +189,7 @@ A curated list of awesome malware analysis tools and resources
 * we can use psscan command in volatility for finding rootkit and hidden process
 * .pdb file is so important for detection function name and indexing of system dll that use in malware
 * in vmware we can suspend vm and copy .vmem for memory analysis. the file size is equal to whole memory size
+* in ida pro use [tab] key to decompile code, use [x] key to find how many time item called in pe file