Microsoft provides Shims to developers mainly for backward compatibility, but malware can take advantage of shims to target an executable for both persistence and injection. As the Windows operating system evolves from version to version, changes to the implementation of some functions may affect applications that depend on them. Because of the nature of software,…
Article Link: https://www.andreafortuna.org/dfir/malware-analysis/process-injection-and-persistence-using-application-shimming/