#dll

2rZiKKbOU3nTafniR2qMMSE0gwZ

@2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy

4 days ago

Hackers Pose as IT Staff in Microsoft Teams to Install Malware Hackers are impersonating IT staff in Microsoft Teams to trick employees into installing malware, giving attackers stealthy access to ...

#Cybersecurity #International #Microsoft #News #Security #Windows #cybersecurity #dll […]

Jennifer Chung

@doctorchungie.bsky.social

1 week ago

What an amazing session! Our #DLL @ioe.bsky.social @ucl.ac.uk BA Early Childhood Education students enjoyed an exciting and interactive activity in the Play and Pedagogy Around the World module. I have some truly amazing colleagues! #EarlyChildhoodEducation #earlyyears #WeAreIOE #LoveUCL

CySecurity News

@cysecuritynews.bsky.social

1 week ago

Fake FileZilla Website Distributes Malware-Infected Download   A fraudulent website is distributing a modified portable edition of FileZilla version 3.69.5 that contains embedded malware. The archive appears legitimate and includes the authentic open-source FTP client, but attackers inserted one additional file, a rogue dynamic-link library named version.dll, before repackaging and circulating it online. When users download this altered ZIP file, extract it, and launch filezilla.exe, Windows follows its standard DLL loading order. The operating system checks the application’s own directory before referencing system libraries stored in C:\Windows\System32. Because the malicious version.dll is placed inside the FileZilla folder, Windows loads it first. From that moment, the malicious code executes within the legitimate FileZilla process. This method relies on a long-established Windows behavior known as DLL search order hijacking. It does not involve a vulnerability in FileZilla itself. Instead, the compromise depends on users downloading the installer from an unofficial domain such as filezilla-project[.]live, which imitates the legitimate project site. The attack spreads through deception, including lookalike domains and search engine manipulation, rather than automated self-propagation. Archive Examination Reveals a Single Suspicious File The compromised archive contains 918 files. Among them, 917 entries show a last-modified date of 2025-11-12, consistent with the authentic portable release of FileZilla 3.69.5. One file differs: version.dll carries a timestamp of 2026-02-03, nearly three months newer than the rest. A genuine portable distribution of FileZilla does not include version.dll. Legitimate libraries in the package typically include files such as libfilezilla-50.dll and libfzclient-private-3-69-5.dll. The Windows Version API library normally resides inside the operating system directory and has no reason to be bundled with FileZilla. Its inclusion forms the basis of the compromise. The SHA-256 hash of the trojanized archive is: 665cca285680df321b63ad5106b167db9169afe30c17d349d80682837edcc755 The SHA-256 hash of the malicious version.dll is: e4c6f8ee8c946c6bd7873274e6ed9e41dec97e05890fa99c73f4309b60fd3da4 Execution Behavior Observed on a Live System Monitoring the application with Process Monitor confirms the sideloading sequence. When filezilla.exe starts, Windows attempts to load required libraries. For files such as IPHLPAPI.DLL and POWRPROF.dll, the application directory does not contain a copy, producing “NAME NOT FOUND.” Windows then retrieves legitimate versions from the system directory. For version.dll, however, the malicious copy is present locally. Windows maps it into memory without consulting System32. The attacker’s code now operates inside the trusted application process. Approximately 17 milliseconds after loading, the malicious DLL attempts to locate version_original.dll in the same directory. The lookup fails. This pattern suggests DLL proxying, where attackers forward legitimate function calls to a renamed original library to preserve application stability. In this case, the renamed library was not included, which may explain abrupt application termination during testing. FileZilla invokes LoadLibrary using only the file name rather than a full system path. While common in Windows software design, this practice enables directory-based DLL substitution. Anti-Analysis Checks and Network Communication Before activating its main payload, the DLL performs environmental checks. These include BIOS version inspection, system manufacturer queries, probing for VirtualBox registry keys, disk enumeration, memory allocation using write-watch techniques, and delayed execution loops. These checks aim to detect virtual machines or sandbox environments. If the system appears genuine, the malware initiates encrypted domain resolution using DNS-over-HTTPS. It sends the following request to Cloudflare’s public resolver: https://1.1.1.1/dns-query?name=welcome.supp0v3[.]com&type=A Using HTTPS for DNS queries prevents traditional monitoring systems that rely on port 53 inspection from detecting the request. After resolving the domain, the malware contacts: https://welcome.supp0v3.com/d/callback?utm_tag=tbs2&utm_source=dll Memory inspection revealed the embedded configuration: { "tag":"tbs", "referrer":"dll", "callback":"https://welcome.supp0v3.com/d/callback?utm_tag=tbs2&utm_source=dll" } The UTM-style parameters suggest structured tracking of distribution channels. The malware also attempts connections to 95.216.51[.]236 over TCP port 31415, a non-standard port. Ten connection attempts were recorded across two sessions, indicating retry logic designed to maintain communication. Additional Capabilities Identified Automated behavioral analysis indicated potential FTP credential harvesting. Because FileZilla stores connection details locally, unauthorized access could expose remote servers and hosting accounts. Other flagged behaviors included: • Creation of suspended processes with memory injection • Runtime .NET compilation using csc.exe • Registry modifications consistent with persistence mechanisms • Calls to Windows encryption-related APIs These behaviors indicate functionality beyond simple credential theft, potentially including persistence and process manipulation. Defensive Guidance Users should download FileZilla exclusively from the official domain filezilla-project.org and verify the published hash values before execution. Portable installations should not contain version.dll. Its presence signals compromise. Monitor outbound HTTPS traffic to public DNS resolvers such as 1.1.1.1 or 8.8.8.8 from non-browser applications. Review ZIP archive timestamps for inconsistencies before running software. Block the identified domains and IP address at the network perimeter if detected. Malwarebytes reports detection and blocking of known variants of this threat. Indicators of Compromise (IOCs) • SHA-256 Hashes 665cca285680df321b63ad5106b167db9169afe30c17d349d80682837edcc755    FileZilla_3.69.5_win64.zip e4c6f8ee8c946c6bd7873274e6ed9e41dec97e05890fa99c73f4309b60fd3da4 — version.dll • Domains filezilla-project[.]live welcome.supp0v3[.]com • Network Indicator 95.216.51[.]236:31415

Fake FileZilla Website Distributes Malware-Infected Download #DLL #Domain #malware

@iliev99.bsky.social

1 week ago

#dll #horny #freeballing #twink #teen #jerkoff #retwet #gayboy #young #chile #gaychile #novinho #kiffeur #tracksuit #kiffeursurvet #PINTOSAWARDS #bulge #bulto #chudai #horny #novinho #gaysex #asian #cruising #gaynsfw #asianboy #sex #bigdick #conteudos #exhib #hung #gayexhib

@iliev99.bsky.social

2 weeks ago

#dll #horny #freeballing #twink #teen #jerkoff #retwet #gayboy #young #chile #gaychile #novinho #kiffeur #tracksuit #kiffeursurvet #PINTOSAWARDS #bulge #bulto #chudai #horny #novinho #gaysex #asian #cruising #gaynsfw #asianboy #sex #bigdick #conteudos #exhib #hung #gayexhib

Jennifer Chung

@doctorchungie.bsky.social

2 weeks ago

I was really honoured to welcome the Early Childhood Education Teachers' Union from #Finland to #DLL and @ioe.bsky.social @ucl.ac.uk this week! Thank you and kiitos paljon to Birgitta Vuorinen and the Embassy of Finland in London for introducing us. #WeAreIOE #LoveUCL #FinnishEducation #earlyyears

@iliev99.bsky.social

3 weeks ago

#dll #horny #freeballing #twink #teen #jerkoff #retwet #gayboy #young #chile #gaychile #novinho #kiffeur #tracksuit #kiffeursurvet #PINTOSAWARDS #bulge #bulto #chudai #horny #novinho #gaysex #asian #cruising #gaynsfw #asianboy #sex #bigdick #conteudos

Jennifer Chung

@doctorchungie.bsky.social

1 month ago

Chinese teachers’ understandings and perceptions on child-initiated play and self-regulation Self-regulation has gained prominence as a critical indicator of learning during early childhood. However, opportunities to practice self-regulation, primarily through child-initiated play in presc...

I am very proud to be part of this publication! My former #DLL @ioe.bsky.social @ucl.ac.uk MA supervise has published this excellent article based on her MA dissertation. It is wonderful to see her develop in her academic career! #WeAreIOE #LoveUCL

www.tandfonline.com/doi/full/10....

Jennifer Chung

@doctorchungie.bsky.social

1 month ago

Thank you to Tim and Heronsgate Sch for hosting our #DLL @ioe.bsky.social @ucl.ac.uk BA Early Childhood Education students! They are learning about digital tech in #earlyyears. Our trip to the Apple Distinguished School was so valuable. Fun fact: Tim is an #IOE alumnus! #WeAreIOE #LoveUCL

Jennifer Chung

@doctorchungie.bsky.social

1 month ago

A big thank you to Naazish, an alumna of our #DLL @ioe.bsky.social @ucl.ac.uk MA Early Years Education, who spoke to our BA Early Childhood Education students. She gave her perspective about professionalism as the director of an Ofsted Outstanding early years setting! #WeAreIOE #LoveUCL

Jennifer Chung

@doctorchungie.bsky.social

1 month ago

Our #DLL @ioe.bsky.social @ucl.ac.uk BA Early Childhood Education students were silently concentrating on their own critical reflection. They will start their practical experience very soon! #education #earlyyears #EarlyChildhoodEducation #WeAreIOE #LoveUCL

@oxfemale.bsky.social

1 month ago

Exploring Protected Process Light and Exploits Red team technique—process injection—and how to leverage it against Protected Process Light (PPL)

Original text by Dang Duong Minh Nhat


Hello everyone, today I’m sharing another red team technique—process injection—and how to leverage it against Protected Process Light (PPL). Let’s explore it in the blog post below. #dll #injection #PPL #ProcessInjection #redteam #windows
core-jmp.org/?p=136

Jennifer Chung

@doctorchungie.bsky.social

1 month ago

Our #DLL @ioe.bsky.social @ucl.ac.uk BA Early Childhood Education has an amazing Digital Technologies module, which is team taught by three lecturers (including me!). We also have field trips and an innovative assessment. #WeAreIOE #LoveUCL #earlyyears #EarlyChildhoodEducation

@oxfemale.bsky.social

1 month ago

DLL Hijacking in Windows Audio: A New Escalation Technique Original post by S1lkyThis article describes DLL hijacking in the context of the audiodg.exe process which may load vendor-supplied APO-related DLL dependencies

Original post by S1lkyThis article describes DLL hijacking in the context of the audiodg.exe process which may load vendor-supplied APO-related DLL dependencies from system paths. #dll #escalation #hijacking #system #windows
core-jmp.org/?p=89

California's Universal PreKindergarten

@cauniversalprek.bsky.social

1 month ago

Parents of dual language learners (DLLs) have LOTS to say about the positive impact dual-language preschool programs have had on their children! #DualLanguageLearners #DLL #ECE #UPK #EarlyChildhoodEducation

SearchEngine

@searchengine.activitypub.awakari.com.ap.brid.gy

1 month ago

Hackers Exploit LinkedIn DMs to Spread Malware as Job Offers Hackers are exploiting LinkedIn private messages to spread remote access trojans via DLL sideloading, disguising malware as job offers o...

#CybersecurityUpdate #Cybersecurity #threats #DLL […]

[Original post on webpronews.com]

2rZiKKbOU3nTafniR2qMMSE0gwZ

@2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy

1 month ago

APT-Grade PDFSider Malware Used by Ransomware Groups Providing cyberespionage and remote code execution capabilities, the malware is executed via DLL sideloading. The post APT-Grade PDFSider Malwar...

#Malware #& #Threats #DLL #hijacking #DLL #sideloading […]

[Original post on securityweek.com]

Jennifer Chung

@doctorchungie.bsky.social

1 month ago

Our Year 2 #DLL @ioe.bsky.social @ucl.ac.uk BA Early Childhood Education students reflected upon their Year 1 practical experience. They are getting ready to go back into #earlyyears settings soon! #education #EarlyChildhoodEducation #WeAreIOE #LoveUCL

Jennifer Chung

@doctorchungie.bsky.social

1 month ago

Our #DLL @ioe.bsky.social @ucl.ac.uk BA Early Childhood Education students reflected on their Term 1 core modules. This is very important before they go into #earlyyears settings for practical experience! #edchat #education #earlyyears #EarlyChildhoodEducation #WeAreIOE #LoveUCL

Migration Policy Institute

@migrationpolicy.bsky.social

2 months ago

🏫 In many U.S. preschool programs, young children in multilingual homes are not always fully assessed

Limited access to interpreters, bilingual staff & translated materials can make it harder to share what children can do in their home language

Read more: bit.ly/preschool-DLL

#ECEC #DLL

Jennifer Chung

@doctorchungie.bsky.social

2 months ago

More scenes from our #DLL @ioe.bsky.social @ucl.ac.uk MA Early Years Education and MA Primary Education party! #WeAreIOE #LoveUCL

Jennifer Chung

@doctorchungie.bsky.social

2 months ago

More scenes from our #DLL @ioe.bsky.social @ucl.ac.uk MA Early Years Education and MA Primary Education party! #WeAreIOE #LoveUCL

Jennifer Chung

@doctorchungie.bsky.social

2 months ago

Time for a Christmas quiz... The winner will be someone who has paid close attention during the Research Methods module in #DLL @ioe.bsky.social @ucl.ac.uk MA Early Years Education and MA Primary Education! #WeAreIOE #LoveUCL

Jennifer Chung

@doctorchungie.bsky.social

2 months ago

We had a birthday in our last #DLL @ioe.bsky.social @ucl.ac.uk MA Early Years Education and MA Primary Education REYPE lecture. Happy birthday! #WeAreIOE #LoveUCL

Jennifer Chung

@doctorchungie.bsky.social

2 months ago

Fun party for our #DLL @ioe.bsky.social @ucl.ac.uk MA Early Years Education and MA Primary Education students! Merry Christmas! 🎄💃🏻 #LoveUCL #WeAreIOE

Jennifer Chung

@doctorchungie.bsky.social

2 months ago

Fun party for our #DLL @ioe.bsky.social @ucl.ac.uk MA Early Years Education and MA Primary Education students! Merry Christmas! 🎄💃🏻 #LoveUCL #WeAreIOE

Jennifer Chung

@doctorchungie.bsky.social

2 months ago

Fun party for our #DLL @ioe.bsky.social @ucl.ac.uk MA Early Years Education and MA Primary Education students! Merry Christmas! 🎄💃🏻 #LoveUCL #WeAreIOE

Jennifer Chung

@doctorchungie.bsky.social

2 months ago

Fun party for our #DLL @ioe.bsky.social @ucl.ac.uk MA Early Years Education and MA Primary Education students! Merry Christmas! 🎄💃🏻 #LoveUCL #WeAreIOE

Jennifer Chung

@doctorchungie.bsky.social

2 months ago

Party time for our #DLL @ioe.bsky.social @ucl.ac.uk MA Early Years Education and MA Primary Education students! Hope you had fun! #WeAreIOE #LoveUCL