From 303010a3eb4d3af3a6d12255b51b1f53148139a3 Mon Sep 17 00:00:00 2001
From: pe3zx <pansaen@i-secure.co.th>
Date: Tue, 14 Nov 2017 23:42:53 +0700
Subject: [PATCH] Add list of interesting Windows APIs used by malware to
 Malware Analysis section on Articles

---
 README.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/README.md b/README.md
index 67efd5d..4ef023b 100644
--- a/README.md
+++ b/README.md
@@ -24,6 +24,18 @@ My curated list of awesome links, resources and tools
 - CCleaner's backdoor analysis
     - [Protecting the Software Supply Chain: Deep Insights into the CCleaner Backdoor](https://www.crowdstrike.com/blog/protecting-software-supply-chain-deep-insights-ccleaner-backdoor/)
     - [In-Depth Analysis of the CCleaner Backdoor Stage 2 Dropper and Its Payload](https://www.crowdstrike.com/blog/in-depth-analysis-of-the-ccleaner-backdoor-stage-2-dropper-and-its-payload/)
+- List of interesting Windows APIs used by malware
+
+<table>
+    <tr>
+        <td>`WNetAddConnection`</td>
+        <td>The WNetAddConnection function enables the calling application to connect a local device to a network resource. A successful connection is persistent, meaning that the system automatically restores the connection during subsequent logon operations. An example of malware that implement this function can be found below:
+            <ul>
+                <li><a href="https://securityintelligence.com/new-banking-trojan-icedid-discovered-by-ibm-x-force-research/">Icedid trojan in its network propagation function</a><li>
+            <ul>
+        </td>
+    </tr>
+</table>
 
 ## Tools