From 4d7defe748cc69a03c83ab185ad8965dadcdcd7f Mon Sep 17 00:00:00 2001
From: mether049 <cstt17009@g.nihon-u.ac.jp>
Date: Tue, 3 Mar 2020 03:24:08 +0900
Subject: [PATCH] Update malware-tech_ref_and_memo.md

---
 malware-tech_ref_and_memo.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/malware-tech_ref_and_memo.md b/malware-tech_ref_and_memo.md
index a8ba837..6d9f971 100644
--- a/malware-tech_ref_and_memo.md
+++ b/malware-tech_ref_and_memo.md
@@ -330,6 +330,16 @@ New-Object System.IO.Compression.DeflateStream([iO.mEmoRySTream] [sysTEM.ConVert
         - Stolen Bytesを利用
     - tELock
         - Import Redirectionを利用
+    - CypherIT
+      - オンラインでパッキング可能(Packing as a Searvice)
+      - Pakcing以外にも，Anti-SandBox,Anti-MemoryScanner,Anti-VirtualMachine,Bypass-UAC,Persistence等の機能をバイナリに付与することができる
+      - 上記の機能はAutoIT Scriptとしてバイナリに埋め込まれる
+      - AutoIT Scriptは難読化されている
+> - Change the character order.
+> -Change the strings to hexadecimal.
+> -XOR with constant values.
+> -Rotate the strings.
+> -Embed many non-ASCII characters.
 
 ## Anti-Unpacking
 ### Stolen Bytes(Stolen Codes)