Do you know what questions to ask when you're looking for an IT firm? We're here to help. Get the free guide delivered right to your inbox:
This PlugX malware also hides actor files in a USB device using a novel technique that works even on the most recent Windows operating systems (OS) at the time of writing this post. This means the malicious files can only be viewed on a Unix-like (*nix) OS or by mounting the USB device in a forensic tool.
There are two files using "App" as extension (libeay32.dll & ssleay32.dll) and one file using "_" as an extension (a5e5cb8a_78be9242_000f779d). The files uses a name of "App", which is the same name used by Microsoft for Dynamic Link Library (*Dll) files...
It was observed that (*Dll) files with this name are used in similar attacks from other threat actors and not just by PlugX .
What is a DLL file?
A DLL (Dynamic Link Library) file is essentially a static library that contains resources or code (a function etc.) to use by multiple processes running on the same machine. Applications use DLL files specifically to share data and code between them, so that each process only has to load the DLL once even though there can be multiple instances of it running on the same machine.
Source: Chinese PlugX Malware Hidden in Your USB Devices? - AlienVault - Open Threat Exchange
This PlugX malware also hides actor files in a USB device using a novel technique that works even on the most recent Windows operating systems (OS) at the time of writing this post. This means the malicious files can only be viewed on a Unix-like (*nix) OS or by mounting the USB device in a forensic tool.
There are two files using "App" as extension (libeay32.dll & ssleay32.dll) and one file using "_" as an extension (a5e5cb8a_78be9242_000f779d). The files uses a name of "App", which is the same name used by Microsoft for Dynamic Link Library (*Dll) files...
It was observed that (*Dll) files with this name are used in similar attacks from other threat actors and not just by PlugX .
What is a DLL file?
A DLL (Dynamic Link Library) file is essentially a static library that contains resources or code (a function etc.) to use by multiple processes running on the same machine. Applications use DLL files specifically to share data and code between them, so that each process only has to load the DLL once even though there can be multiple instances of it running on the same machine.
Source: Chinese PlugX Malware Hidden in Your USB Devices? - AlienVault - Open Threat Exchange
