What is the significance of using 'ZwUnmapViewofSection' during process hollowing?

Using 'ZwUnmapViewOfSection' during process hollowing is significant because it is utilized to remove legitimate code from the target process. This technique involves targeting a running process that is legitimate but has its memory altered to insert malicious code. 'ZwUnmapViewOfSection' effectively unmaps a view of the specified section of memory, allowing the attacker to eliminate existing, valid code from that process’s address space.

This function is essential in the context of process hollowing because it enables the attacker to clear out genuine process information, replacing it with malicious payloads without affecting the process's overall running state or triggering alarms that may accompany changes in behavior. This is a crucial step in maintaining stealth and ensuring that the malicious code operates within the context of the target application while avoiding detection.