Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page fileless malware
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 02-20-2017, 19:17
foosaa foosaa is offline
Friend
  
Join Date: Dec 2005
Posts: 112
Rept. Given: 36
Rept. Rcvd 14 Times in 11 Posts
Thanks Given: 179
Thanks Rcvd at 93 Times in 34 Posts
foosaa Reputation: 14
In fact there are multiple methods to keep the file portion to persist across reboots. Some of the ways tried for POC were:
- Writing beyond the partition boundaries
- Writing in between the partition spaces
and they do not get scanned using any of the file system scanners, but nevertheless, there needs to be a driver which will load portions of the malware from the unreadable locations and it needs to exist on the normal file system. With the advancement in the file-less method and combining it with the older, known rootkit techniques, it is still possible to create a malware than can persist yet undetectable.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Malware Analysis ldmd General Discussion 7 03-09-2025 18:42
ahk malware analysis dion General Discussion 0 12-20-2021 08:50
Malware Sample analysis Aesculapius Source Code 2 02-13-2018 19:35


All times are GMT +8. The time now is 21:53.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )