Anti-Sandboxing: Wait for Mouse Click

If it's not about a problem in the program
Post Reply
Posts: 16
Joined: Thu Jan 06, 2011 11:24 am

Anti-Sandboxing: Wait for Mouse Click

Post by 123456 » Thu Mar 09, 2017 6:56 am

The Trojan Upclicker (as reported by eEye) uses the SetWindowsHookExA API with the WH_MOUSE_LL parameter to wait until the user lets up the left mouse button (WM_LBUTTONUP) before performing any malicious functionality (then it injects into Explorer.exe).

A sandbox environment that does not mimic mouse actions (probably most of them) will never execute the malicious behavior. This is probably effective against Kaspersky and others.

is sandboxie affects this vulnerability?

Sandboxie Support
Sandboxie Support
Posts: 2821
Joined: Mon Nov 07, 2016 3:10 pm

Re: Anti-Sandboxing: Wait for Mouse Click

Post by Barb@Invincea » Thu Mar 09, 2017 10:36 am

Hello 123456,

This might help: ... ker#p86411


Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests