Malware Analysis: GuLoader Dissection Reveals New Anti-Analysis Techniques and Code Injection Redundancy

Originally published by CrowdStrike. GuLoader is an advanced malware downloader that uses a polymorphic shellcode loader to dodge traditional security solutionsCrowdStrike researchers expose complete GuLoader behavior by mapping all embedded DJB2 hash values for every API used by the malwareNew shellcode anti-analysis technique attempts to thwart researchers and hostile environments by scanning entire process memory for any virtual machine (VM)-related stringsNew redundant code injection mech...

advanced advanced malware analysis anti-analysis api code code injection crowdstrike embedded environments guloader hash injection loader machine malware malware analysis mapping memory polymorphic process redundancy researchers scanning security shellcode shellcode loader techniques virtual virtual machine