Import address table (IAT) hooking is a well documented technique for intercepting calls to imported functions. However, most methods rely on suspicious API functions and leave several easy to identify artifacts. This paper explores different ways IAT hooking can be employed while circumventing common detection mechanisms.
You can download it from the following link: https://packetstormsecurity.com/files/download/103646/IAT-Hooking-Revisited.pdf
Source: https://packetstormsecurity.com/files/103646/IAT-Hooking-Revisited.html