mirror of
https://github.com/nganhkhoa/malware.git
synced 2024-06-10 21:32:07 +07:00
Update malware-tech_ref_and_memo.md
This commit is contained in:
parent
b8be059175
commit
26c8d5df62
@ -336,13 +336,13 @@ New-Object System.IO.Compression.DeflateStream([iO.mEmoRySTream] [sysTEM.ConVert
|
|||||||
- Pakcing以外にも,Anti-SandBox,Anti-MemoryScanner,Anti-VirtualMachine,Bypass-UAC,Persistence等の機能をバイナリに付与することができる
|
- Pakcing以外にも,Anti-SandBox,Anti-MemoryScanner,Anti-VirtualMachine,Bypass-UAC,Persistence等の機能をバイナリに付与することができる
|
||||||
- 上記の機能はAutoIT Scriptとしてバイナリに埋め込まれる
|
- 上記の機能はAutoIT Scriptとしてバイナリに埋め込まれる
|
||||||
- AutoIT Scriptは難読化されている
|
- AutoIT Scriptは難読化されている
|
||||||
> - Change the character order.<br>
|
> - Change the character order.<br>
|
||||||
> -Change the strings to hexadecimal.<br>
|
> -Change the strings to hexadecimal.<br>
|
||||||
> -XOR with constant values.<br>
|
> -XOR with constant values.<br>
|
||||||
> -Rotate the strings.<br>
|
> -Rotate the strings.<br>
|
||||||
> -Embed many non-ASCII characters.<br>
|
> -Embed many non-ASCII characters.<br>
|
||||||
- ref:
|
- ref:
|
||||||
- [DeCypherIT – All eggs in one basket](https://research.checkpoint.com/2019/decypherit-all-eggs-in-one-basket/)
|
- [DeCypherIT – All eggs in one basket](https://research.checkpoint.com/2019/decypherit-all-eggs-in-one-basket/)
|
||||||
|
|
||||||
## Anti-Unpacking
|
## Anti-Unpacking
|
||||||
### Stolen Bytes(Stolen Codes)
|
### Stolen Bytes(Stolen Codes)
|
||||||
|
Loading…
Reference in New Issue
Block a user