Looking For Hidden Module?

05/28/2014 21:52 oguzhane#1

[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]
As you can see there is a injected dll in process and it creates hidden thread , how can i detect this dll ? i have tried enum modules but it didn't work. Ideas??

05/30/2014 14:17 XxharCs#2

How do you enumerate the process?

05/30/2014 14:19 vBulletiin#3

Give some more Informations like how you do the Proc?

06/03/2014 00:50 dasschild#4

Well the problem is the Dll is cloaked. In backend the enumeration of modules will look through the PEB(Process Enviroment Block). Theres a linked list for the modules(forward & backward). So Its unlikely youll find It unless the cloaking is done really bad.

You can just analyse the memory. You have two options you can do. I'm not going into detail as you should figure out itself.