👾
Malware Development Guide
  • 🚀Introduction
  • 🐤Baby Steps
    • 📔Pre-requisite Knowledge
    • What is Malware?
    • Programming Guide
    • Vulnerability Analysis
  • 👾Basic Malware
    • Fork Bombs
    • Logical Bombs
    • Zip Bombs
    • Keyloggers
    • Wipers
    • ScreenJackers
    • Prependers and Postpenders
    • What's Next?
  • 💀Intermediate Malware
    • Browser Extensions
    • Worms
    • RATs
  • ☠️Advanced Malware
    • Botnets w/ C2 Servers
    • Rootkits and Bootkits
    • Polymorphic Malware
  • Appendix
    • Pivoting
      • Windows: Effing Drivers
      • Windows: Abusing LSASS
    • Elementary Concepts and Stuff
      • Memory Representation
      • Expressions
    • Being Stealthy
      • UAC Evasion
      • OPSEC
      • Code Obfuscation
      • Signing Code and Binary Properties
      • Punycodes
    • Backdoors
    • Windows Process Injection
    • SIM Swapping
    • Quishing
    • RunPE
    • Malware Packers
    • Learning Resources
  • Updates n Stuff
  • Scratchpad
Powered by GitBook
On this page
  1. Appendix

RunPE

Hiding code behind legit processes

PreviousQuishingNextMalware Packers

Last updated 1 year ago

References

https://www.adlice.com/runpe-hide-code-behind-legit-process/
https://labs.nettitude.com/blog/introducing-process-hiving-runpe/
https://www.malwarebytes.com/glossary/runpe-technique
https://itm4n.github.io/vba-runpe-part1/
https://itm4n.github.io/vba-runpe-part2/