Back in December 2013, Kaspersky reported spotting a 64-bit version of the notorious ZeuS banking Trojan. At the time, experts revealed that the threat was relying on Tor in order to protect its command and control infrastructure.
Now, Trend Micro researchers have also analyzed the 64-bit ZeuS and they’ve found some interesting details.
Apparently, the threat comes with improved antimalware evasion tricks. The malware is capable of identifying certain analysis tools such as StudPE, WinHex, OllyDbg and ProcDump. Execution is prevented if any of these tools is detected.
The 64-bit version of ZeuS also has user mode rootkit capabilities. These enable it to hide the malware files, processes and registries.
However, it’s worth noting that user mode rootkit capabilities are not as good as kernel mode rootkit capabilities. In the former case, users can still find and delete the files in Safe Mode.
Additional technical details are available on Trend Micro’s blog.