![]() Opens the MountPointManager (often used to detect additional infection locations) Reads Antivirus engine related registry keys Possibly tries to implement anti-virtualization techniques Possibly tries to evade analysis by sleeping many times Possibly checks for the presence of an Antivirus engine Possibly checks for the presence of a forensics/monitoring tool Queries the internet cache settings (often used to hide footprints in index.dat or internet cache) Queries firmware table information (may be used to fingerprint/evade) Modifies auto-execute functionality by setting/creating a value in the registry ![]() Interacts with the primary disk partition (DR0) Contains ability to create/switch the desktop
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |