While analysing several suspicious DLL files I noticed that some of these files (which were obviously malicious) didn’t perform their malicious activity unless a certain function was triggered. The malware used a registry entry to execute a certain function that is exported by the DLL called „InstallM“. I had to run „rundll32.exe malware.dll,InstallM“ to trigger […]
Archive | Oktober, 2014