Archive | Oktober, 2014
DLL in Sandbox

Smart DLL execution for Malware Analysis in Sandbox Systems

While analysing several suspicious DLL files I noticed that some of these files (which were obviously malicious) didn’t perform their malicious activity unless a certain function was triggered. The malware used a registry entry to execute a certain function that is exported by the DLL called „InstallM“. I had to run „rundll32.exe malware.dll,InstallM“ to trigger […]

3 Comments Continue Reading →