Advice Request Can all antivirus programs detected malware that uses hooks?

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

Prayag

Level 4
Thread author
Verified
Well-known
Mar 27, 2017
160
What a malware can do if it uses hooks functionality of windows os?
How much damage it could do to the system?
How efficient are the antiviruses at detecting such malicious attempts?
 
Last edited:

Winter Soldier

Level 25
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
Probably you mean SSDT patching to perform API hooking within the kernel instead of the classic user mode hooking using remote threads and things like that.
SSDT hooking is as far as I know, the lowest level technique to replace/hook/intercept/whatever API and for this reason has been used for years both by malcoders and AV vendors.

But in 2005 Microsoft introduced a Kernel Patching Protection (also known as “PatchGuard”) for 64 bit systems, making this technique uneffective in the worst case or quite harder to perform in the average case.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top