linked against Microsoft Detours

edit on GitHub
search on VirusTotal

rule:
  meta:
    name: linked against Microsoft Detours
    namespace: linking/static/msdetours
    authors:
      - moritz.raabe@mandiant.com
    scopes:
      static: file
      dynamic: file
    att&ck:
      - Defense Evasion::Hijack Execution Flow [T1574]
    references:
      - https://github.com/microsoft/Detours
    examples:
      - 071F2D1C4C2201EE95FFE2AA965000F5F615A11A12D345E33B9FB060E5597740
  features:
    - or:
      - section: .detourc
      - section: .detourd

last edited: 2023-11-24 10:34:28