Skip to content

PowerLoaderEx - Advanced Code Injection Technique for x32 / x64

Notifications You must be signed in to change notification settings

YHVHvx/PowerLoaderEx

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 

Repository files navigation

PowerLoaderEx

Original PowerLoader

  • Known since ~2013
  • Loader used in many different dropper families (Gapz / Redyms / Carberp / Vabushky ...)
  • First injection technique via Return Oriented Programming technique (ROP).
  • “explorer.exe” is injected using Shell_TrayWnd / NtQueueApcThread (32bit / 64bit)

PowerLoaderEx

  • Injection via shared desktop heap
  • Remove dependency in Explorer.exe shared sections (more generic)
  • Injection without reading memory from the target process
  • 32 and 64-bit versions (same technique)

#Tested Environments

  • Windows 7 32 and 64 bit.

Authors

  • BreakingMalware.com

About

PowerLoaderEx - Advanced Code Injection Technique for x32 / x64

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C++ 100.0%