Providing Free and Editor Tested Software Downloads

MajorGeeks.com - Chicks just love a Geek in Uniform.

All In One Tweaks

Antivirus & Malware

Drives (SSD, HDD, USB)

Graphics & Photos

MajorGeeks Windows Tweaks

Office & Productivity

· How To and Tutorials
· Life Hacks and Reviews
· Way Off Base
· MajorGeeks Deals
· News
· Off Base
· Reviews

· YouTube
· Facebook
· Instagram
· Twitter
· Pintrest
· RSS/XML Feeds

· News Blur
· Yahoo
· Symbaloo

· Top Freeware Picks
· Malware Removal
· Geektionary
· Useful Links
· About Us

· Copyright
· Privacy
· Terms of Service
· How to Uninstall

1. GS Auto Clicker

2. Macrium Reflect FREE Edition

3. Smart Defrag

4. Visual C++ Redistributable Runtimes AIO Repack

5. Visual C++ Runtime Installer (All-In-One)

6. McAfee Removal Tool (MCPR)

9. K-Lite Mega Codec Pack

10. Sergei Strelec's WinPE

How to Disable 1-Click Ordering on Amazon (and Avoid Surprise Charges)

How to Fix Shallow Paint Layer Depth in Bambu Studio

Aviator Betting Game Secrets: Unlock 97% RTP & Triple Your Wins

Windows Recall: What It Is, Why Hackers Will Love It, and How to Stay Safe

Star Trek Fleet Command Promo Codes: Redeem Codes for Free Shards, Blueprints And Resources

How To Use VLC Media Player to Trim Video Clips

What Is the $WinREAgent Folder and Can I Delete It?

Swear Your Way to Better Search Results

How to Get a Dark Start Menu and Taskbar in Windows 10 & 11

Enable, Disable, Manage, Delete or Create a System Restore Point

Malware Authors Employ Variety to Evade Security Detection

Posted by: Timothy Tibbetts on 09/02/2013 07:52 AM [ Comments ]

In Arvind Gowda's blog at McAfeee he discussed procedure prologue and procedure epilogue techniques to evade security systems. They now have come across one more set of fake-alert samples that use a different technique to evade detection.

This technique is related to the dynamic loading of a library at runtime.

Dynamic Loading

Dynamic loading is a mechanism by which a program loads a library into memory at runtime so that the addresses of the functions and variables contained in the library can be executed or accessed. Dynamic loading is done using an API LoadLibrary, which takes a string argument (the name of the library to be loaded).

The following screenshot is a typical LoadLibrary code with argument.

Malware authors are always searching for new techniques to evade detection, but eventually their techniques are discovered and blocked by security researchers. McAfee detects all the variants that use these techniques.

Comments

comments powered by Disqus

© 2000-2025 MajorGeeks.com

Powered by Contentteller® Business Edition