Back to Blog
![]() If there is only one job queue, the first thread will investigate whether the job queue is empty and then will find the job and begins executing it. Let's suppose we are in a situation where we have a "race condition. To avoid detection, the malware uses different evasion and masquerading techniques to prevent being registered in the databank of dangerous mutexes, used by the antimalware systems, byusing dynamic techniques in various forms, including web-based and machine language learning. Mutex dynamic analysis is more complicated and involves analyzing many processes, each with their own view of memory and the kernel schedules, which are different ones running at different times. In surprising research, it was found that 15%: of collected worms have the same mutex (2gvwnqiz) 6. Mutex static analysis is a powerful tool for malware discovery, family classification, and author fingerprinting. Mutexes are also used to discover whether the operating system has an antimalware system activated and is even used in bot wars to eliminate other bots in the system and become dominant. In some cases, some malware will avoid using a specific name to avoid detection. There is also the case that the malware creators are using dynamic mutexes, which are harder to detect. These mutexes have specific names, and typically a malware detection system can look for those known names and spot the presence of malware. We may consider mutexes as the fingerprints of malware. Malware, on some occasions, uses mutex objects to coordinate the communication between its various components and bypass re-effecting the same system more than once. The unnamed mutexes are found only inside the process while the named ones are located within the operating system and are used for synchronization of the various activities or operations. ![]() Mutexes come with two types: the local mutexes (also called unnamed) and the named system mutexes. The problem it resolves is the unpredictable behavior and rase conditions that result from multiple threads in accessing a resource, mainly if the thread modifies that resource. It is a flag that can be set or upset or more specifically locked or unlocked. The same process is also usedby malware software. One of those methods of hiding is achieved by using mutexes.Ī mutex is a legitimate software used by the operating system in multithreaded programs to facilitate the normal job queue process. Hiding and avoid detection of the created malware is a common practice for hackers. Detecting that malware is big multi-dollar business, and antimalware companies are trying to find signatures and pieces of code that will help them identify them. Malware attacks are increasing exponentially every year and becoming harder to find since they are using various techniques to hide and bypass detection or protection mechanisms. Malware Detection Avoidance through MutexesĪlexios Kotsis I.
0 Comments
Read More
Leave a Reply. |