Keylogger according to TE with a very different type of dll injection.
I usually do High-level anaylsis on files.
This one I am unable to.
Very different type of dll injection.
Able to inject itself inside ANY ARK tool I run.
Upon removal I get a winlogon 21A bsod.
Upon replacement get a checksum mismatch bsod.
Not in registry, not performing any hooks that I see but I cannot unload the dll out of ARK tools.
Not like anything I have seen, It's a real nasty One.
http://www.threatexpert.com/report.aspx ... e6cc88cb86
Will include some screenshots of dll injecting inside RKU and KD and VBA32
I usually do High-level anaylsis on files.
This one I am unable to.
Very different type of dll injection.
Able to inject itself inside ANY ARK tool I run.
Upon removal I get a winlogon 21A bsod.
Upon replacement get a checksum mismatch bsod.
Not in registry, not performing any hooks that I see but I cannot unload the dll out of ARK tools.
Not like anything I have seen, It's a real nasty One.
http://www.threatexpert.com/report.aspx ... e6cc88cb86
Will include some screenshots of dll injecting inside RKU and KD and VBA32
Attachments
Password: infected
(251.96 KiB) Downloaded 55 times
(251.96 KiB) Downloaded 55 times
