https://www.hybrid-analysis.com/sample/775823294439f2c459d1b13dde03091ba79221d2cd9956039b47dfe51832924a?environmentId=120
It lists ability to block user input
Anti-Reverse Engineering
- Contains ability to block user input
details
BlockInput@USER32.dll
This is a Windows api all, so we search msdn to learn more
https://msdn.microsoft.com/en-us/library/windows/desktop/ms646290(v=vs.85).aspx
https://msdn.microsoft.com/en-us/library/windows/desktop/ms646290(v=vs.85).aspx
It says “keyboard and mouse input events are blocked”
So if you are a malware analyst and you let the malware run that line of code then suddenly your VMs keyboard and mouse literally won’t respond.
The good thing is it also says
The good thing is it also says
The system will unblock input in the following cases:
- The user presses CTRL+ALT+DEL
No comments:
Post a Comment