Search For Content
Search Result
86 item(s) found so far for this keyword.
CLIPBRDWNDCLASS
CLIPBRDWNDCLASS is a window class that is registered by the Object Linking & Embedding (OLE) library (ole32.dll) to handle clipboard data. When a window of this class is created, it is assigned a number of window properties that store the addresses of various interfaces that are used to process clipboard data. These interfaces include the ClipboardDataObjectInterface, ClipboardRootDataObjectInterface, and …
DNS API Injection
DNS API injection is a technique used by malware to evade detection by intercepting and modifying DNS (Domain Name System) requests made by a host system. The technique involves injecting code into the DNS API (Application Programming Interface) of the host system, which is a set of functions and protocols that allow communication with the DNS service. By injecting code …
Read moreDebug Registers, Hardware Breakpoints
Hardware breakpoints allow a debugger to pause execution at specific memory addresses without modifying the program code. They are stored in special CPU registers (DR0 through DR3 on Intel CPUs).
For anti-debugging, malware can inspect the values of these debug registers. If any of the registers contain a non-empty value, it indicates that a hardware breakpoint has been set …
Read moreFile Melt
File melting is a technique that malware uses to delete itself after it has been installed on a system. This is often done in order to avoid detection by antivirus programs or other security measures. The process of file melting involves overwriting the file with random data, making it impossible to recover the original file or to detect the presence …
Read moreProcEnvInjection - Remote code injection by abusing process environment strings
This method allows to inject custom code into a remote process without using WriteProcessMemory - It will use the lpEnvironment parameter in CreateProcess to copy the code into the target process. This technique can be used to load a DLL into a remote process, or simply execute a block of code.
The lpEnvironment parameter in CreateProcess allows us to …
Misusing Structured Exception Handlers
Misusing Structured Exception Handlers is a technique used by malware to make it more difficult for security analysts to reverse engineer the code. Structured Exception Handlers (SEH) are functions that are used to handle exceptions in a program. These can be misused by malware to fool disassemblers and make it harder to analyze the code. One way this is done …
Read moreUPX: Ultimate Packer for Executables
UPX is a tool that is used to compress and encrypt executables in order to make them smaller and more difficult to reverse engineer. UPX is free to use, portable, and can be extended with additional features. It is known for its high performance and compatibility with a wide range of executable formats. UPX is commonly used by software developers …
Read moreMPRESS
MPRESS is a free packer. It makes programs and libraries smaller, and decrease start time when the application loaded from a slow removable media or from the network.
It uses in-place decompression technique, which allows to decompress the executable without memory overhead or other drawbacks; it also protects programs against reverse engineering by non-professional hackers. Programs compressed with MPRESS …
Read moreAlternate EXE Packer
EXE Packer is able to compress executable files (type EXE) or DLL-files. Already compressed files may also be decompressed with this program. There exist 12 different levels for file-compression. This program is also able to create backups of the files that shall be compressed.
If a file is compressed the physical file-size is reduced on the respective device. A …
Read moreAsPack
ASPack is an EXE packer created to compress Win32 executable files and to protect them against reverse engineering.
The solution makes Windows programs and libraries smaller up to 70% what leads to a reduction in the download time of compressed applications in local networks and the Internet because of their smaller size compared to uncompressed apps.
The ASPack …
Read more