Search the Community
Showing results for tags 'process'.
-
ome non typical malware which doesn't have any attention from "security experts" and other internet clowns. Maybe because of this it is not well detected on VT. The key features of it, making it non typical: 1) This malware lives in registry value. 2) Non typical dropper self-deletion method, nothing zero day though. 3) Malware startup location protection in a backdoor Sirefef way. 4) It downloads, installs and uses Windows KB968930 (MS PowerShell). More details below 1) This malware stored under key HKCU\Software\Microsoft\Windows\CurrentVersion\Run and it autostart location is invisible to r
-
Static Malware Analysis Starting here, I would like to share the results of my recent research into malware analysis. We will begin with some basics and proceed to advanced levels. In this first installment, we will discuss the techniques involved in static analysis of malware. I will also include some files for illustrative purposes in this document. Before we directly move onto the analysis part, let us set up context with some definitions. What is Malware? Malware is any software that does something that causes detriment to the user, computer, or network—such as viruses, trojan horses, wo
-
The virus on VT: https://www.virustotal.com/en/file/8f35f6f780acccfb406b918db6ef01111dd2c5200a16e97f25d35f76e2532e6d/analysis/1432362743/ The virus inject many process like it: but I cann't found how it autostart. When OS restarted, it start itself via explorer.exe, but I do not know how it auto started. log: 2015/05/23 15:54:55 c:\windows\explorer.exe Create new process c:\users\test\appdata\roaming\mozilla\firefox\profiles\4ude5xz7.default\storage\permanent\xulstore.exe?Cmd line: "C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\4ude5xz7.default\storage\permanent\xulstore.exe" Downlo
-
- 2015/05/23
- create
-
(and 3 more)
Tagged with:
-
US Used Zero-Day Exploits Before It Had Policies for Them
Aerosol posted a topic in Stiri securitate
AROUND THE SAME time the US and Israel were already developing and unleashing Stuxnet on computers in Iran, using five zero-day exploits to get the digital weapon onto machines there, the government realized it needed a policy for how it should handle zero-day vulnerabilities, according to a new document obtained by the Electronic Frontier Foundation. The document, found among a handful of heavily redacted pages released after the civil liberties group sued the Office of the Director of National Intelligence to obtain them, sheds light on the backstory behind the development of the government’-
- government
- policy
-
(and 3 more)
Tagged with:
-
## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' require 'rex' class Metasploit3 < Msf::Exploit::Local include Msf::Post::Windows::Runas include Msf::Post::Windows::Priv def initialize(info = {}) super(update_info(info, 'Name' => "Windows Run Command As User", 'Description' => %q{ This module will login with the specified username/password and execute the supplied command as a hidden process. Output is not returned
-
- command_line
- nil
-
(and 3 more)
Tagged with:
-
Process Detailer Version : 1.0 Features : - Show processes list - Display process name - Display process ID (PID) - Display process username - Display process path - Display process memory usage - Display total percentage of used memory - Get process details - End process by name - End process by PID - Run on startup - Tray icon Screenshot Download : CrownSoft - Process Detailer 1.0 by me