Anti-Sandboxing: Wait for Mouse Click

If it's not about a problem in the program
Post Reply
123456
Posts: 16
Joined: Thu Jan 06, 2011 11:24 am

Anti-Sandboxing: Wait for Mouse Click

Post by 123456 » Thu Mar 09, 2017 6:56 am

Overview
The Trojan Upclicker (as reported by eEye) uses the SetWindowsHookExA API with the WH_MOUSE_LL parameter to wait until the user lets up the left mouse button (WM_LBUTTONUP) before performing any malicious functionality (then it injects into Explorer.exe).

A sandbox environment that does not mimic mouse actions (probably most of them) will never execute the malicious behavior. This is probably effective against Kaspersky and others.

https://wikileaks.org/ciav7p1/cms/page_20873368.html


is sandboxie affects this vulnerability?

Barb@Invincea
Sandboxie Support
Sandboxie Support
Posts: 2470
Joined: Mon Nov 07, 2016 3:10 pm

Re: Anti-Sandboxing: Wait for Mouse Click

Post by Barb@Invincea » Thu Mar 09, 2017 10:36 am

Hello 123456,

This might help:

http://forums.sandboxie.com/phpBB3/view ... ker#p86411

Regards,
Barb.-

Post Reply

Who is online

Users browsing this forum: No registered users and 4 guests