get service handle

edit on GitHub
search on VirusTotal

rule:
  meta:
    name: get service handle
    authors:
      - moritz.raabe@mandiant.com
    lib: true
    scopes:
      static: function
      dynamic: call
    examples:
      - Practical Malware Analysis Lab 03-02.dll_:0x10004706
  features:
    - or:
      - api: advapi32.CreateService
      - api: advapi32.OpenService

last edited: 2023-11-24 10:34:28