The Process hollowing and Portable Executable (PE) Injection technique enable us to inject and run a complete executable module inside another process memory. this Crypter feature help hacker to run a malicious file.
What is The Portable Executable or PE?
The Portable Executable (PE) is a format of the file that includes executable (EXE files), object code, DLLs, FON Font files, and others used in Windows operating systems (both x86 and x64). The PE is necessary for the Windows OS loader to manage the wrapped executable code. PE Injection technique enables us to inject and run a complete executable module inside another process memory.
Hacker tries to use PE injection by the method of Process hollowing. Process hollowing starts a normal process and deallocated memory so replaces the content of the process with malicious code.
How the Process hollowing woks?
Flow hollowing working when a process is running in a suspend state. Then its memory is not finable and replaces
with malicious code.
Like Process Injection, execution of the malicious code is masked under an authorized process and may escape security programs.
In-process hollowing, malware choose the legit process of the Windows processes for code inject these methods use for evading from detection analysis of malicious processes execution.