0 0 APP

CARBANAK Week Part Two: Continuing the CARBANAK Source Code Analysis

发布于 2019/04/24 FireEye Blog
In the previous installment, we wrote about how string hashing was used in CARBANAK to manage Windows API resolution throughout the entire codebase. But the authors used this same string hashing algorithm for another task as well. In this installment, we’ll pick up where we left off and write about CARBANAK’s antivirus (AV) detection, AV evasion, authorship artifacts, exploits, secrets, and network-based indicators. Antivirus Evasions Source code unquestionably accelerates analysis of string hashes. For example, the function AVDetect in AV.cpp iterates processes to detect AV ... 登录后阅读全文
本站内收录的所有文章及其中资源(图片、视频等)均来自于互联网,其版权均归原作者及其网站所有。

评论(0)