Process Hollowing is a technique mainly used by Malware Creators to hide malicious code behind Legitimate Process.
This technique mainly consists of following steps:-
- Start the remote process in Suspended State.
- Replace the headers and sections loaded into memory with our executable's.
- Change the Image Base and Start the thread with new Entry Point.