mirror of
https://github.com/nganhkhoa/malware.git
synced 2024-06-10 21:32:07 +07:00
Update malware-tech_ref_and_memo.md
This commit is contained in:
parent
394d746c04
commit
4d7defe748
@ -330,6 +330,16 @@ New-Object System.IO.Compression.DeflateStream([iO.mEmoRySTream] [sysTEM.ConVert
|
||||
- Stolen Bytesを利用
|
||||
- tELock
|
||||
- Import Redirectionを利用
|
||||
- CypherIT
|
||||
- オンラインでパッキング可能(Packing as a Searvice)
|
||||
- Pakcing以外にも,Anti-SandBox,Anti-MemoryScanner,Anti-VirtualMachine,Bypass-UAC,Persistence等の機能をバイナリに付与することができる
|
||||
- 上記の機能はAutoIT Scriptとしてバイナリに埋め込まれる
|
||||
- AutoIT Scriptは難読化されている
|
||||
> - Change the character order.
|
||||
> -Change the strings to hexadecimal.
|
||||
> -XOR with constant values.
|
||||
> -Rotate the strings.
|
||||
> -Embed many non-ASCII characters.
|
||||
|
||||
## Anti-Unpacking
|
||||
### Stolen Bytes(Stolen Codes)
|
||||
|
Loading…
Reference in New Issue
Block a user