Press "Enter" to skip to content

Posts published in August 2017

Defeat Malware’s Dynamic Api Loading

Sina Karvandi 0

There are thousands of ways which makes malwares resist against static dissambling and static analysing. One of the known ways to circumvent against suspicious API blocking or analysing statically by AV’s, is using LoadLibrary API to dynamically load a library then use its functions and it makes a CPU Intensive task for AV’s to defeat this kind of malwares. This technique consists of using functions like LoadLibraryA or VirtualAlloc then use GetProcAdress. As msdn says, GetProcAddress : Retrieves the address…