You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
description = "Detects specific API calls made by malicious code"
strings:
$api_call1 = "CreateRemoteThread" wide
$api_call2 = "WriteProcessMemory" wide
$api_call3 = "VirtualAllocEx" wide
$api_call4 = "GetProcAddress" wide
// GetProcAddress wird in Bezug auf die Erkennung von bösartigem Code hinzugefügt, da es dazu verwendet wird, Funktionen aus anderen DLL-Dateien dynamisch zu laden und aufzurufen. //