Resources

List with hooked calls AV

Symantec.txt

NtCreateFile is hooked
NtCreateKey is hooked
NtCreateUserProcess is hooked
NtDeleteFile is hooked
NtDeleteKey is hooked
NtDeleteValueKey is hooked
NtMapViewOfSection is hooked
NtOpenFile is hooked
NtOpenKey is hooked
NtOpenKeyEx is hooked
NtRenameKey is hooked
NtSetInformationFile is hooked
NtSetValueKey is hooked
NtTerminateProcess is hooked
NtTerminateThread is hooked
ZwCreateFile is hooked
ZwCreateKey is hooked
ZwCreateUserProcess is hooked
ZwDeleteFile is hooked
ZwDeleteKey is hooked
ZwDeleteValueKey is hooked
ZwMapViewOfSection is hooked
ZwOpenFile is hooked
ZwOpenKey is hooked
ZwOpenKeyEx is hooked
ZwRenameKey is hooked
ZwSetInformationFile is hooked
ZwSetValueKey is hooked
ZwTerminateProcess is hooked
ZwTerminateThread is hooke

GitHub - Mr-Un1k0d3r/EDRsGitHub

GitHub - ethereal-vx/Antivirus-Artifacts: Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot.GitHub

PreviousBypass AV/EDR using Safe Mode NextUAC bypass

Last updated 4 years ago

Was this helpful?