Christopher Zachor

May 23, 2024 | securelist.com | Eduardo Ovalle |Ashley Munoz |Cristian Souza |Christopher Zachor

IntroductionAttackers always find creative ways to bypass defensive features and accomplish their goals. This can be done with packers, crypters, and code obfuscation. However, one of the best ways of evading detection, as well as maximizing compatibility, is to use the operating system’s own features. In the context of ransomware threats, one notable example is leveraging exported functions present in the cryptography DLL ADVAPI32.dll, such as CryptAcquireContextA, CryptEncrypt, and CryptDecrypt.