{"id":361,"date":"2012-01-13T17:14:41","date_gmt":"2012-01-13T17:14:41","guid":{"rendered":"http:\/\/www.hexacorn.com\/blog\/?p=361"},"modified":"2013-03-15T05:31:09","modified_gmt":"2013-03-15T05:31:09","slug":"forensic-riddle-8","status":"publish","type":"post","link":"https:\/\/www.hexacorn.com\/blog\/2012\/01\/13\/forensic-riddle-8\/","title":{"rendered":"Forensic Riddle #8"},"content":{"rendered":"<p>Malware is often using one of these 3 APIs to launch new processes:<\/p>\n<ul>\n<li>WinExec<\/li>\n<li>ShellExecute (Ansi and Wide versions)<\/li>\n<li>CreateProcess (Ansi and Wide versions + all CreateProcess* family e.g. CreateProcessInternal, CreateProcessAsUser, etc.)<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>Question:<\/p>\n<p>There is at least one more API function that could be also used to launch executables. What is its name?<\/p>\n<p>&nbsp;<\/p>\n<p>Have a good weekend!<\/p>\n<p>Answer <a title=\"Forensic Riddle #8 \u2013 Answer\" href=\"https:\/\/www.hexacorn.com\/blog\/2012\/01\/15\/forensic-riddle-8-answer\/\">here<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Malware is often using one of these 3 APIs to launch new processes: WinExec ShellExecute (Ansi and Wide versions) CreateProcess (Ansi and Wide versions + all CreateProcess* family e.g. CreateProcessInternal, CreateProcessAsUser, etc.) &nbsp; Question: There is at least one more &hellip; <a href=\"https:\/\/www.hexacorn.com\/blog\/2012\/01\/13\/forensic-riddle-8\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[7],"tags":[],"_links":{"self":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts\/361"}],"collection":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/comments?post=361"}],"version-history":[{"count":5,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts\/361\/revisions"}],"predecessor-version":[{"id":363,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts\/361\/revisions\/363"}],"wp:attachment":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/media?parent=361"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/categories?post=361"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/tags?post=361"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}