1. Home
  2. Software
  3. Power Loader

Power Loader

Power Loader is modular code sold in the cybercrime market used as a downloader in malware families such as Carberp, Redyms and Gapz. [1] [2]

ID: S0177
Associated Software: Win32/Agent.UAW
Type: MALWARE
Platforms: Windows
Version: 1.0
Created: 16 January 2018
Last Modified: 17 October 2018
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1055 .011 Process Injection: Extra Window Memory Injection

Power Loader overwrites Explorer’s Shell_TrayWnd extra window memory to redirect execution to a NTDLL function that is abused to assemble and execute a return-oriented programming (ROP) chain and create a malicious thread within Explorer.exe.[1][2]

References

  1. MalwareTech. (2013, August 13). PowerLoader Injection – Something truly amazing. Retrieved December 16, 2017.
  1. Matrosov, A. (2013, March 19). Gapz and Redyms droppers based on Power Loader code. Retrieved December 16, 2017.