Bypass MainWindowTitle Techniques
In our last blog, we mentioned a malware mechanism that forces processes to exit when security tools or their websites are opened even just visiting their webpages can cause the browser to close immediately. I recently discovered a technique to bypass this mechanism using AutoHotkey.
So, what is AutoHotkey? AutoHotkey is a free, open-source scripting language for Windows that allows users to automate tasks, create custom shortcuts, and enhance productivity.
To be honest, I spent hours trying to find a way to bypass this behavior. I initially tested access through CroxyProxy, but the malware detected the "VirusTotal" webpage title since it's a blacklisted security vendor and immediately closed the browser.
Eventually, I found a workaround using Browseling to navigate through VirusTotal without triggering the malware, but that wasn't my real goal. My objective was to open VirusTotal like a normal webpage without the malware forcing my browser to exit.
Thanks to God . and thanks to ChatGPT for suggesting the method I was able to achieve that.
If you haven’t read our last blog post yet, you can check it out here:
🔗 https://reversethemalware.blogspot.com/2025/07/process-exits-instead-of-malware-self.html
so let's start our real operation to bypass this mechanism . first of all you have to download autohotkey from the following website : https://www.autohotkey.com .
So, let’s begin the actual process of bypassing this mechanism.
First, you need to download AutoHotkey from the official website:
🔗 https://www.autohotkey.com
After running it, you’ll see the following screen:
Then, double-click the script. An “H” icon will appear on the right side of the taskbar (system tray):
Double-click the icon, and you will see the following:
As you can see, the browser does not exit, and the malware cannot terminate the browser process when a webpage of blacklisted software is displayed.
YouTube Tutorial : https://www.youtube.com/watch?v=zuiBp0jmN3U&ab_channel=MALFAV.WIN32
Comments
Post a Comment