Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > .NET Reverse Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Thread Tools Display Modes
Prev Previous Post   Next Post Next
Old 03-12-2009, 04:10 AM
rongchaua rongchaua is offline
Senior Member
Join Date: Apr 2007
Posts: 91
Default .NET Framework Rootkits

An interesting paper in .Net Reverse

.NET Framework Rootkits:
Backdoors inside your
November, 2008
Erez Metula

Link download: &mid=555

The main idea:
Upon request for this DLL from other executables running inside the framework, the
framework will search for the required DLL based on his version and signature. The
framework will not check for the actual signature but instead will rely on the signature
mentioned in the directory file name.
To put it in other words, the signature of the DLL itself is irrelevant, the only
thing that matters is the directory in which it is located.
Source: &mid=555

Tool: 61&mid=555

Modul: 61&mid=555
My site:
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.