Hello again,
Have you ever heard of this? It’s a pretty cool technique to load an arbitrary DLL into a process by taking advantage of the way Windows’ DLL search works. Quite honestly, I’ve never seen it in action on real malware, up until very recently.
There is a “launcher” floating around which uses not only DSOH, but some other pretty cool techniques to host malicious activity into the process of a legitimate (and signed) tool.
Continue reading “Malware Launcher using DLL Search Order Hijacking”