Skip to main content

Malware – Common LoadPoints

This document describes the most common load points that are used by malicious software. These files or registry locations allows running the malware automatically once you log on or start the machine etc.            ## Startup folders (including all users)- The file stored inside of these folders will be executed after user logs on. -#HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User […]

Read More

Process Explorer – Useful options while searching for virus samples.

Process Explorer – Useful options while searching for virus samples.

Process Explorer highlights packed processes with purple (violet) color. Note: very often the packed processes are malicious. Check for file/process signature. Process Explorer has an option called “Verify Image Signatures“. This option automatically checks the CRL (Certificate Revocation List) of the file’s signature. It allows verifying whether that file is valid and if it has […]

Read More

Notes – Troubleshooting viruses with SysInternals Tools

Notes – Troubleshooting viruses with SysInternals Tools

This post will contain all information I was not aware of concerning mentioned SysInternals tools or I simply found some of them very useful to refresh the knowledge about. Reference: Malware Hunting with the Sysinternals Tools http://channel9.msdn.com/Events/TechEd/NorthAmerica/2012/SIA302 Quick Notes: Following Tools are interesting all will be described later when time allows.   listdlls (http://technet.microsoft.com/pl-pl/sysinternals/bb896656) Following […]

Read More