Hello folks! Hope you all are doing well.
As an avid Windows 7 user and enjoyer, I tend to have to rely on backports or older versions of software.
However, as expected, there are some cases where this approach hits a wall fast, and modern apps with no backportability happen to be needed.
In this case, I've heard many people recommend VxKex, which seems to be an extended kernel of some sorts.
However, the general consensus seems to be mixed between VxKex by i486 and VxKex-NEXT by YuZhouRen86.
Being unsure, I put them in VirusTotal, the results were 30/66 for VxKex (i486), and 43/68 for VxKex-NEXT (YuZhouRen86).
After that, I went to the Behavior section, and both had:
- Image File Execution Options Injection (If I recall correctly, this had to do with the kernel hooking.)
- Registry Modification (I'd say this is expected behaviour for an extended kernel.)
- Input Capture (I recall this had something to do with the pointer input history thing from Windows 8 and later)
- Process Injection (Expected)
- All the Discovery techniques (Process Discovery, File and Directory Discovery etc.)
But, after these, there are 3 (well, 4, but I'll get to that a tad later) that I didn't quite understand:
- Data Destruction
- Data Encrypted for Impact
- File and Directory Permissions Modification
I do not know much about why extended kernel would need those, although they might as well just be benign.
However, the fourth one I just told you about was unique to VxKex-NEXT, which was:
- Virtualisation/Sandbox Evasion
Why exactly would an extended kernel have to know whether it's in a sandboxed environment or not? Or is this perhaps a false positive on VirusTotal's (and its scanners') part?
I also decided to check out the hashes of these two files on Threat.Rip, and the results came out as VxKex (i486) having a score of 71/100, and VxKex-NEXT (YuZhouRen86) having a score of 100/100!
The biggest red flag here seems to be how VxKex-NEXT tried to do Privilege Escalation.
I'm no expert at this, as I'm just a paranoid Windows 7 user trying to stay safe hehe!
So if you have experience in data and heuristics analysis, then please let me know your thoughts.
Have a good day!
VxKex (i486):
Download Link: https://github.com/i486/VxKex/releases/download/Version1.1.5.1679/KexSetup_Release_1_1_5_1679.exe
VirusTotal: https://www.virustotal.com/gui/file/a4c9af98ca721a82e8470ab5f81fcfb2bda74fcbc36bdfbea8854934ad3f0420
Threat.Rip Link: https://www.threat.rip/file/a4c9af98ca721a82e8470ab5f81fcfb2bda74fcbc36bdfbea8854934ad3f0420
VxKex-NEXT:
Download Link: https://github.com/YuZhouRen86/VxKex-NEXT/releases/download/1.1.4.2085/KexSetup_Release_1_1_4_2085.exe
VirusTotal Link: https://www.virustotal.com/gui/file/8985542047792393c391e63bf1d3cb50e2b199b084772d50057a5f7061d720a5/behavior
Threat.Rip Link: https://www.threat.rip/file/8985542047792393c391e63bf1d3cb50e2b199b084772d50057a5f7061d720a5