Nytro Posted December 5, 2015 Report Posted December 5, 2015 An Introduction to Image File Execution OptionsDecember 4, 2015 | BY Pieter Arntz Image File Execution Options (IFEO) are used for debugging. Malware, however, does not only check if there are debuggers active, but it’s also known to use the features IFEO has to offer to their own advantage. Intention IFEO settings are stored in the Windows registry. The intention of creating the IFEO registry key is to give developers the option to debug their software. This is relatively easy to do. Developers can attach any program to any executable using the registry key— HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\{name of the executable} —and adding the value “Debugger”=”{full path to the debugger}” For example, if you use Process Explorer, there is an option to “Replace Task Manager”:Articol complet: https://blog.malwarebytes.org/development/2015/12/an-introduction-to-image-file-execution-options/ Quote
