all InfoSec news
NixImports - A .NET Malware Loader, Using API-Hashing To Evade Static Analysis
KitPloit - PenTest Tools! www.kitploit.com
A .NET malware loader, using API-Hashing and dynamic invoking to evade static analysis
How does it work?
NixImports uses my managed API-Hashing implementation HInvoke, to dynamically resolve most of it's called functions at runtime. To resolve the functions HInvoke requires two hashes the typeHash and the methodHash. These hashes represent the type name and the methods FullName, on runtime HInvoke parses the entire mscorlib to find the matching type and method. Due to this process, HInvoke does not leave any …
analysis api called detection engineering dynamic evade functions hashes hashing implementation it work loader malware managed payload runtime static analysis work yara