Press "Enter" to skip to content

Posts published in “Malware”

Defeating malware’s Anti-VM techniques (CPUID-Based Instructions)

Sina Karvandi 1

[The picture of this post is taken by one of my best friends, Ahmad Ghazi in Chitgar Lake !] Introduction You should by now be aware of everything, cause the topic’s title clearly describes the contents of this post. As you know, almost all of the modern malware programs use some bunch of packers or protectors and using such tools cause malware to be weaponized with Anti-VM techniques which makes it impossible for reverse-engineers and analyzer to detect what’s happening inside the…

Defeat Malware’s Dynamic Api Loading

Sina Karvandi 0

There are thousands of ways which makes malwares resist against static dissambling and static analysing. One of the known ways to circumvent against suspicious API blocking or analysing statically by AV’s, is using LoadLibrary API to dynamically load a library then use its functions and it makes a CPU Intensive task for AV’s to defeat this kind of malwares. This technique consists of using functions like LoadLibraryA or VirtualAlloc then use GetProcAdress. As msdn says, GetProcAddress : Retrieves the address…