Search This Blog

Powered by Blogger.

Blog Archive

Labels

Trojan modifies Critical DLL file(comres.dll) to Avoid Antivirus Detection


Bitdefender researchers spotted a new Dropper Trojan which utilize an interesting technique to avoid being easily detected by Anti-virus application.

Usually, Malwares add themselves to the Startup list by adding their path to the Startup Registry key, but this makes them easy to detect by antivirus solutions or computer-savvy users.

A New Trojan namely "Trojan.Dropper.UAJ " use a new technique to overcome detection, it compromise a library file(comres.dll) forcing all applications that rely on comres.dll to execute the Trojan as well.Comres.dll is widely used by most internet browsers, in some communication applications or networking tools.

The Trojan makes a copy of the genuine comres.dll file, patches it and then saves it in the Windows directory folder.

"The dropper patches the code library by adding a single new malicious function to the imported list to be launched with the rest of its functions.Next, the Trojan drops the file “prfn0305.dat” (identified by Bitdefender as Backdoor.Zxshell.B) that exports (contains) the function that compromises the system. And everything is now in place. The moment the system calls the code library, the malware is turned on." researcher said.
Share it:

DLL load hijacking

Malware Report