Comments on: Win32/Gapz: steps of evolution http://www.welivesecurity.com/2012/12/27/win32gapz-steps-of-evolution/ News, Views, and Insight from the ESET Security Community Mon, 03 Feb 2014 08:49:00 +0000 hourly 1 http://wordpress.org/?v=3.7 By: Mario Vilas http://www.welivesecurity.com/2012/12/27/win32gapz-steps-of-evolution/#comment-3828 Thu, 27 Dec 2012 21:40:55 +0000 http://blog.eset.com/?p=16277#comment-3828 "Win32/Gapz uses a non-standard technique for code injection in all known dropper versions. This approach allows it to inject code into explorer.exe address space, bypassing security software. This technique works on all current versions of Microsoft Windows operating system."

I tried to reproduce it and it doesn't seem to be working for me on Windows 7 64 bits. Trying to get or set another process' window procedure gives an access denied error (5) even when running as Administrator with UAC elevation. Perhaps it only works in 32 bit versions of Windows?

]]>