Hacker News new | ask | show | jobs
by kaszanka 198 days ago
> no winhttp.dll, wininet.dll, or ws2_32.dll. offline validation only. all crypto is local, so theoretically extractable.

You can't possibly know that by the mere lack of these DLLs from the import directory.
1 comments
muststopmyths 198 days ago
TFA is checking those via imports, not copied DLLs.

I suppose they could LoadLibrary/GetProcAddress at runtime, but that'd be a lot of effort for obfuscation.

link