Malware Analysis

  1. Analysis of Obfuscated and Evasive Malware
    1. Code Obfuscation Techniques
      1. Dead-Code Insertion
        1. Junk Instructions
          1. Unreachable Code
          2. Instruction Substitution
            1. Equivalent Instructions
              1. Complex Instruction Sequences
              2. Control Flow Flattening
                1. Switch-Based Obfuscation
                  1. Dispatcher Loops
                  2. String Encryption
                    1. XOR Encryption
                      1. Custom Encryption Algorithms
                        1. String Decryption Techniques
                          1. Runtime Decryption
                            1. Key Recovery
                          2. Polymorphic Code
                            1. Mutation Engines
                              1. Variable Encryption Keys
                              2. Metamorphic Code
                                1. Code Rewriting Techniques
                                  1. Semantic Preservation
                                2. Anti-Analysis Techniques
                                  1. Anti-Disassembly
                                    1. Opaque Predicates
                                      1. Jump Table Obfuscation
                                        1. Code Tricks to Confuse Disassemblers
                                        2. Anti-Debugging
                                          1. Debugger Detection
                                            1. IsDebuggerPresent
                                              1. CheckRemoteDebuggerPresent
                                                1. PEB Flags
                                                2. Timing Attacks
                                                  1. RDTSC Instructions
                                                    1. Sleep-Based Detection
                                                    2. Exception-Based Techniques
                                                      1. Structured Exception Handling
                                                        1. Vectored Exception Handling
                                                      2. Anti-VM (Virtual Machine Evasion)
                                                        1. Detecting VM Artifacts
                                                          1. VM-Specific Files
                                                            1. VMware Tools
                                                              1. VirtualBox Additions
                                                              2. Registry Keys
                                                                1. VM-Specific Entries
                                                                2. Processes
                                                                  1. VM Service Processes
                                                                3. Identifying Hardware Inconsistencies
                                                                  1. CPU Features
                                                                    1. Memory Layout
                                                                      1. Hardware IDs
                                                                    2. Sandbox Evasion
                                                                      1. Stalling and Sleep Loops
                                                                        1. Long Sleep Periods
                                                                          1. CPU-Intensive Loops
                                                                          2. User Interaction Checks
                                                                            1. Mouse Movement
                                                                              1. Keyboard Input
                                                                              2. Environment Fingerprinting
                                                                                1. System Uptime
                                                                                  1. Installed Software
                                                                                    1. File System Analysis

                                                                              Previous

                                                                              6. Advanced Dynamic Analysis (Debugging)

                                                                              Go to top

                                                                              Next

                                                                              8. Specialized Malware Analysis