Clampi's Evasive Injection Technique

Hope CIS’s Defense+ can catch this DLL injection technique:

Nice find. I am interested to know this as well.

Now let’s find someone with the source of this baddie >:-D

Yep. I will try.

This techique will finally call the API CreateRemoteThread
and CreateRemoteThread is based on NtCreateThreadEx
COMODO has hooked NtCreateThreadEx.

so , the techique won’t work…

CFP, EQS and OA all detect it.

[attachment deleted by admin]