Difference between revisions of "Exotic Tricks"

From Unprotect Project
Jump to: navigation, search
(References)
(Techniques)
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
==Technique Description==
 
==Technique Description==
__NOTOC__  
+
__NOTOC__
  
 +
Malware coders can sometime be inventive to hide a malicious file. This section contains all the unclassified techniques.
  
 
==Techniques==
 
==Techniques==
Line 13: Line 14:
 
!Description
 
!Description
 
|-
 
|-
!colspan="2"|Infect by localisation
+
!colspan="2"|Infection by localisation
 
|Some Malware infects machine by localisation. Some governments protect malicious activities unless the targets are in the country.
 
|Some Malware infects machine by localisation. Some governments protect malicious activities unless the targets are in the country.
 
|-
 
|-
 
!colspan="2"|Malicious Shortcut
 
!colspan="2"|Malicious Shortcut
 
|A Windows shortcut can stored some code to download an additional file or store the malicious file directly into the shortcut. This makes the malicious application fully undetectable by any antivirus.  
 
|A Windows shortcut can stored some code to download an additional file or store the malicious file directly into the shortcut. This makes the malicious application fully undetectable by any antivirus.  
|-
 
!colspan="2"|Fake signature
 
|Every exe file contain metadata that allow users to trust the third party that distribute the program. Malware are able to usurp the metadata in order to fool the user but also the security tools.
 
 
|-
 
|-
 
!colspan="2"|Deadline infection
 
!colspan="2"|Deadline infection

Latest revision as of 18:56, 5 April 2017

Technique Description

Malware coders can sometime be inventive to hide a malicious file. This section contains all the unclassified techniques.

Techniques

Below is a list of all the exotic tricks in Unprotect Project:

Exotic Tricks
Techniques Description
Infection by localisation Some Malware infects machine by localisation. Some governments protect malicious activities unless the targets are in the country.
Malicious Shortcut A Windows shortcut can stored some code to download an additional file or store the malicious file directly into the shortcut. This makes the malicious application fully undetectable by any antivirus.
Deadline infection Attacks can be performed during a limited time. To avoid detection some malware contain an deadline date. Once the date is reached the malware do not run anymore. Malware analyst have to change the time of the machine to run the file. This technique can also defeat a sandbox if the date is already outdated.

References

https://www.phrozensoft.com/2016/12/shortcuts-as-entry-points-for-malware-poc-part-2-19
https://www.phrozensoft.com/2016/12/shortcuts-as-entry-points-for-malware-18
https://nakedsecurity.sophos.com/2016/12/13/nymaim-using-mac-addresses-to-uncover-virtual-environments-and-bypass-antivirus/