ioc[.]one - OSINT Cyber Threat Intelligence Database

WinAppDbg - Part 3 - Manipulating Function Calls

Tags

attack-pattern:

Show in Graph

Common Information

Type	Value
UUID	f153149c-48e4-452b-a2aa-c006857054fd
Fingerprint	36349835fb0d7091
Analysis status	DONE
Considered CTI value	-2
Text language
Published	Nov. 15, 2017, midnight
Added to db	Jan. 18, 2023, 10:07 p.m.
Last updated	Nov. 17, 2024, 11:40 p.m.
Headline	Hackerman's Hacking Tutorials
Title	WinAppDbg - Part 3 - Manipulating Function Calls
Detected Hints/Tags/Attributes	38/1/31

Source URLs

	Redirection	Url
Details	Source	https://parsiya.net/blog/2017-11-15-winappdbg-part-3-manipulating-function-calls/

URL Provider

Details	Provider	Source level domain
Details	parsiya.net	parsiya.net

Attributes

Details	Type	#Events	Value
Details	Domain	4128	github.com
Details	Domain	1	15-modifysleep.py
Details	Domain	831	example.com
Details	Domain	3	synopsys.com
Details	Domain	1	16-modifydomain-ie.py
Details	Domain	1	17-calcrecon.py
Details	Domain	1	18-calclayout.py
Details	File	1	test-32.exe
Details	File	1	test-64.exe
Details	File	1	15-modifysleep.py
Details	File	1	16-modifydomain-ie.py
Details	File	14	c:\program files\internet explorer\iexplore.exe
Details	File	312	calc.exe
Details	File	1	c:\windows\fonts\staticcache.dat
Details	File	22	ntkrnlpa.exe
Details	File	2	c:\windows\system32\ntkrnlpa.exe
Details	File	533	ntdll.dll
Details	File	36	c:\windows\system32\ntdll.dll
Details	File	748	kernel32.dll
Details	File	23	c:\windows\system32\kernel32.dll
Details	File	24	c:\windows\system32\calc.exe
Details	File	229	advapi32.dll
Details	File	18	a.dll
Details	File	11	b.dll
Details	File	1	17-calcrecon.py
Details	File	1	18-calclayout.py
Details	Github username	6	parsiya
Details	sha256	1	43003a005c00570069006e0064006f00770073005c0046006f006e0074007300
Details	Url	1	https://github.com/parsiya/parsia-code/tree/master/winappdbg
Details	Windows Registry Key	1	HKCU\Software\Microsoft\Calc\layout
Details	Windows Registry Key	1	HKCU\Software\Microsoft\calc\layout