Malware Hidden in NTFS Alternate Streams 🗂️

NTFS alternate streams, or named streams, or ADS (Alternate Data Streams) is a little known NTFS feature.

Subscribe now https://goo.gl/EG1EPH
https://www.facebook.com/MickyjWhitehat

Check out Malware Analysis for Hedgehogs
https://www.youtube.com/channel/UCVFXrUwuWxNlm6UNZtBLJ-A

ADS is the ability to fork file data into existing files without affecting their functionality, size, or display to traditional file browsing utilities like dir or Windows Explorer.

http://www.vbindent.com/?indent

https://docs.microsoft.com/en-us/sysinternals/downloads/streams

wget
https://sourceforge.net/projects/gnuwin32/
https://sourceforge.net/projects/gnuwin32/files/wget/1.11.4-1/wget-1.11.4-1-dep.zip/download?use_mirror=nchc

About ADS
https://hackernoon.com/breaking-software-integrity-with-ntfs-streams-fe4a1b13d2da?gi=2a1090ac16fb
http://www.flexhex.com/docs/articles/alternate-streams.phtml
https://www.howtogeek.com/howto/windows-vista/stupid-geek-tricks-hide-data-in-a-secret-text-file-compartment/

Links to malware results
https://www.virustotal.com/gui/file/bc94a1d498847aec37f5ba1004ffec7eb7dca1256ad9f778e2794ed88e4f4526/detection
https://www.maltiverse.com/sample/3888b7ee079dcc3093962f473a05792bd064ea6dd4f1c317591acee839e95e70
https://www.hybrid-analysis.com/sample/ffc3fa11af37f532060d2293563e0dd0516875434551f2c9fb6b937c3545809e?environmentId=100




Please subscribe, ring the bell and share this video.
(and comment)

This Video brought to you by the Virus Doctor. You will get a 15% discount on a course if you use coupon code Mickyj15.
https://www.thevirusdoc.com/

Mickyj Whitehat playlist https://www.youtube.com/watch?v=gzfxJqU9sVQ&list=PLodEQVE4Lw01mtCM_LAn6e0tPNd5BfERv


Subscribe to my email list and I will send you a PDF of my top 10 tools for pulling a part Malware (find the email hat on www.mickyj.com)

Check out the Mickyj whitehat Merch at https://shop.spreadshirt.com.au/mickyj-whitehat

Show your support by joining in this competition https://youtu.be/1fmY0SS4HKQ

Also, feel free to send my video advert out to your friends. This advert gives enough detail to help the people with a keen interest join the community. https://youtu.be/Dqp_ve_aR4o

Help give this channel a fighting chance !
Please share in your community, forums, user groups and blogs !

** To help fund this adventure, here are some of the products I recommend. **

Antivirus on Amazon "TREND MICRO INTERNET SECURITY 2019 | 3 PC's | 1 Year | PC | Registration code - No CD" https://amzn.to/2TBrboR
Book on Amazon "The Hacker Playbook 3: Practical Guide to Penetration Testing" https://amzn.to/2TB0Res
I recommend Sonicwall firewalls and this Book on Amazon "Configuring SonicWALL Firewalls" https://amzn.to/2TEUJBT
Software on Amazon "Webroot Antivirus with Spy Sweeper Personal Edition" https://amzn.to/2THS6zk



Tools used
- virustotal
- Hybrid-analysis
- HexRays /IDA
- Process Hacker
- Process Monitor
- Wireshark
- many more specific to each video


..........: About the music :..........

Music Provided by the Following

Rock Intro 3 by Audionautix is licensed under a Creative Commons Attribution licence (https://creativecommons.org/licenses/)
Artist: http://audionautix.com/