Fortinet researchers revealed a distinctive cyber attack using malware with corrupted DOS and PE headers, which hampers the analysis of the malware. This malware, found operating for several weeks on a compromised machine, runs within a dllhost.exe process as a 64-bit executable. Although its distribution method is not yet known, it decrypts command-and-control server information from memory after execution. Fortinet managed to analyze the malware through memory dumps and by recreating the compromised environment despite initial difficulties with analysis due to the corrupted headers.
Cybersecurity researchers have discovered an unusual malware attack utilizing corrupted DOS and PE headers in a Windows executable file, complicating analysis efforts.
The malware ran on a compromised machine for weeks, executing scripts to establish contact with a control server, but its distribution method remains unclear.
Collection
[
|
...
]