Difference between revisions of "Exotic Tricks"
|Line 28:||Line 28:|
Revision as of 15:24, 30 December 2016
Below is a list of all the exotic tricks in Unprotect Project:
|Infect by localisation||Some Malware infects machine by localisation. Some governments protect malicious activities unless the targets are in the country.|
|Malicious Shortcut||A Windows shortcut can stored some code to download an additional file or store the malicious file directly into the shortcut. This makes the malicious application fully undetectable by any antivirus.|
|Fake signature||Every exe file contain metadata that allow users to trust the third party that distribute the program. Malware are able to usurp the metadata in order to fool the user but also the security tools.|
|Deadline infection||Attacks can be performed during a limited time. To avoid detection some malware contain an deadline date. Once the date is reached the malware do not run anymore. Malware analyst have to change the time of the machine to run the file. This technique can also defeat a sandbox if the date is already outdated.|