all InfoSec news
GULoader Campaigns: A Deep Dive Analysis of a highly evasive Shellcode based loader
Malware Analysis, News and Indicators - Latest topics malware.news
Authored by: Anandeshwar Unnikrishnan
Stage 1: GULoader Shellcode Deployment
In recent GULoader campaigns, we are seeing a rise in NSIS-based installers delivered via E-mail as malspam that use plugin libraries to execute the GU shellcode on the victim system. The NSIS scriptable installer is a highly efficient software packaging utility. The installer behavior is dictated by an NSIS script and users can extend the functionality of the packager by adding custom libraries (dll) known as NSIS plugins. Since its inception, …
analysis campaigns deep dive deployment dive e-mail evasive guloader installer loader mail malspam plugin shellcode stage system victim