From 26c8d5df62c3559f97f2064028c8423f48fc4ca2 Mon Sep 17 00:00:00 2001 From: mether049 Date: Tue, 3 Mar 2020 03:28:18 +0900 Subject: [PATCH] Update malware-tech_ref_and_memo.md --- malware-tech_ref_and_memo.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/malware-tech_ref_and_memo.md b/malware-tech_ref_and_memo.md index d55d187..931552b 100644 --- a/malware-tech_ref_and_memo.md +++ b/malware-tech_ref_and_memo.md @@ -336,13 +336,13 @@ New-Object System.IO.Compression.DeflateStream([iO.mEmoRySTream] [sysTEM.ConVert - Pakcing以外にも,Anti-SandBox,Anti-MemoryScanner,Anti-VirtualMachine,Bypass-UAC,Persistence等の機能をバイナリに付与することができる - 上記の機能はAutoIT Scriptとしてバイナリに埋め込まれる - AutoIT Scriptは難読化されている -> - Change the character order.
-> -Change the strings to hexadecimal.
-> -XOR with constant values.
-> -Rotate the strings.
-> -Embed many non-ASCII characters.
- - ref: - - [DeCypherIT – All eggs in one basket](https://research.checkpoint.com/2019/decypherit-all-eggs-in-one-basket/) + > - Change the character order.
+ > -Change the strings to hexadecimal.
+ > -XOR with constant values.
+ > -Rotate the strings.
+ > -Embed many non-ASCII characters.
+ - ref: + - [DeCypherIT – All eggs in one basket](https://research.checkpoint.com/2019/decypherit-all-eggs-in-one-basket/) ## Anti-Unpacking ### Stolen Bytes(Stolen Codes)