C# is more convenient and powerful than PB for writing Windows applications. I don't think that PureBasic better than all of these PLs. I writing in more than 10 PLs including C#, Java, C++ and other main-stream PLs. *** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson.No. Upon completion of its encryption activity, the ransomware (Read more.) It also noticed that the threat used the compiled-in purebasic crypto library instead of the Windows Crypto API functions to execute its encryption routine. It specifically observed PureLocker using a tactic to evade user-mode hooking of ntdll functions. The security firm also found that the ransomware was uncharacteristic in its use of anti-evasion techniques. Additionally, being a DLL file designed to be executed in a very specific manner reveals this ransomware is a later-stage component of a multi-stage attack. This type of behavior is not common in ransomware, which typically prefer to infect as many victims as possible in the hopes of gaining as much profit as possible. The threat exited without performing its malicious activity if any of those checks failed.Īs it notes in its research, Intezer feels these techniques effectively differentiated PureLocker from more opportunistic ransomware attacks. Named “PureLocker” for being written in the PureBasic programming language, the ransomware sample verified its file extension, the current year and other information surrounding its execution, for instance. Even more importantly, the researchers found that sample both reused code from the “more_eggs” backdoor as well as used new code that translated into unusual techniques for a family of crypto-ransomware. This effort uncovered that the sample lacked a code connection to Crypto++. The research team conducted a more detailed analysis after a search on VirusTotal revealed that nothing had been reported about the sample for several weeks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2023
Categories |