Ch 13: Data Encoding

嚜燕ractical Malware Analysis

Ch 13: Data Encoding

Revised 11-24-20

The Goal of Analyzing

Encoding Algorithms

Reasons Malware Uses Encoding

? Hide configuration information

每 Such as C&C domains

? Save information to a staging file

每 Before stealing it

? Store strings needed by malware

每 Decode them just before they are needed

? Disguise malware as a legitimate tool

每 Hide suspicious strings

Simple Ciphers

Why Use Simple Ciphers?

? They are easily broken, but

每 They are small, so they fit into spaceconstrained environments like exploit

shellcode

每 Less obvious than more complex ciphers

每 Low overhead, little impact on performance

? These are obfuscation, not encryption

每 They make it difficult to recognize the data,

but can't stop a skilled analyst

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download