
Fileless Malware – A Behavioural Analysis of Kovter Persistence - adamnemecek
http://blog.airbuscybersecurity.com/post/2016/03/FILELESS-MALWARE-–-A-BEHAVIOURAL-ANALYSIS-OF-KOVTER-PERSISTENCE
======
zaroth
Wow, that is a nasty little bug! Can't even see the registry keys in regedit
because they contain a non-ASCII value in the subkey!

~~~
__float
Updating regedit probably moved just a tiny bit higher on some engineer's
priority list :)

~~~
voltagex_
I thought regedit had this issue for ages, but it looks like I was thinking of
null-terminated names - [http://www.kahusecurity.com/2014/registry-dumper-
find-and-du...](http://www.kahusecurity.com/2014/registry-dumper-find-and-
dump-hidden-registry-keys/) (Googling shows references to this technique going
back to 2004)

~~~
Pxtl
Fun how they protect this illicit key using permissions. Always nice to see
security turned against the user by the malware.

