Exotic Tricks

From Unprotect Project
Jump to: navigation, search

Technique Description

Malware coders can sometime be inventive to hide a malicious file. This section contains all the unclassified techniques.

Techniques

Below is a list of all the exotic tricks in Unprotect Project:

Exotic Tricks
Techniques Description
Infection by localisation Some Malware infects machine by localisation. Some governments protect malicious activities unless the targets are in the country.
Malicious Shortcut A Windows shortcut can stored some code to download an additional file or store the malicious file directly into the shortcut. This makes the malicious application fully undetectable by any antivirus.
Deadline infection Attacks can be performed during a limited time. To avoid detection some malware contain an deadline date. Once the date is reached the malware do not run anymore. Malware analyst have to change the time of the machine to run the file. This technique can also defeat a sandbox if the date is already outdated.

References

https://www.phrozensoft.com/2016/12/shortcuts-as-entry-points-for-malware-poc-part-2-19
https://www.phrozensoft.com/2016/12/shortcuts-as-entry-points-for-malware-18
https://nakedsecurity.sophos.com/2016/12/13/nymaim-using-mac-addresses-to-uncover-virtual-environments-and-bypass-antivirus/