Tag: Evasion
-
Designing Emulation Resistant Control Flow
—
by
Antimalware emulators have the Sisyphean task of implementing a complete and accurate clone of the Windows environment. My previous research focused on a generic way to detect the presence of such emulators based upon Windows API artifacts. This is and will continue to be an effective technique in one’s arsenal. One of the most effective…
-
Static Detection of Portable Executable Files
—
by
Preface The cat and mouse game of the AV industry lives on into another decade. All AVs, operate on essentially three modes of detection. This post will provide a high-level overview of how AVs statically determine anomalous and heuristically incorrect PE files. These types of detections are often labeled under some vague descriptor such as…