capa-rules icon indicating copy to clipboard operation
capa-rules copied to clipboard
verified publisher icon mandiant

[Rule Idea] - Hide Desktop Icons

Open re-fox opened this issue 4 years ago • 0 comments

Prerequisites

  • [x] Put an X between the brackets on this line if you have done all of the following:
    • Checked that your rule idea isn't already filed: search

Summary

A ransomware-like technique to hide desktop icons.

Examples

Code segment is here -> https://vxug.fakedoma.in/papers/VXUG/Exclusive/HideDesktopIcons.cpp

Features

  • Folder flags of 0x00001000 = FWF_NOICONS
  • SetCurrentFolderFlags

Additional context

Rule details

Namespace

  • host-interaction/gui/window/hide/

References

  • https://vxug.fakedoma.in/papers/VXUG/Exclusive/HideDesktopIcons.cpp

Other rule meta information

re-fox avatar Apr 20 '21 15:04 re-fox