Posts Tagged ‘export table’

The Powerloader 64-bit update based on leaked exploits

Aug

2013

A few months ago on this blog I described PowerLoader functionality including an interesting way for privilege escalation into the explorer.exe system process. The leaked PowerLoader code is also used in other malware families. For example the Win32/Gapz dropper is based on leaked PowerLoader code. In August 2013 we have tracked a new modification of […]

Category General Written by We Live Security 0 Comments

The evolution of Ronvix: Private TCP/IP stacks

Jul

2013

We recently discovered a new breed of the bootkit Rovnix that introduces a private TCP/IP stack. It seems this is becoming a new trend for this type of malware.The implementation of the private stack is based on an open-source TCP/IP project and it can be accessed from both kernel and user modes.It works like this: […]

Category General Written by Microsoft Malware Protection Center 0 Comments

Gapz and Redyms droppers based on Power Loader code

Mar

2013

Power Loader is a special bot builder for making downloaders for other malware families and yet another example of specialization and modularity in malware production. The first time Power Loader was detected was in September 2012, using the family detection name Win32/Agent.UAW. This bot builder has been used for developing Win32/Gapz droppers (Win32/Gapz: steps of […]

Category General Written by We Live Security 0 Comments

The Latest in IT Security

Posts Tagged ‘export table’

The Powerloader 64-bit update based on leaked exploits

The evolution of Ronvix: Private TCP/IP stacks

Gapz and Redyms droppers based on Power Loader code

Categories

Featured

Archives

Latest Comments

About Us

Contact Us