Ch 13: Data Encoding
Practical Malware Analysis
Ch 13: Data Encoding
Revised 11-24-20
The Goal of Analyzing Encoding Algorithms
Reasons Malware Uses Encoding
? Hide configuration information
? Such as C&C domains
? Save information to a staging file
? Before stealing it
? Store strings needed by malware
? Decode them just before they are needed
? Disguise malware as a legitimate tool
? Hide suspicious strings
Simple Ciphers
Why Use Simple Ciphers?
? They are easily broken, but
? They are small, so they fit into spaceconstrained environments like exploit shellcode
? Less obvious than more complex ciphers ? Low overhead, little impact on performance
? These are obfuscation, not encryption
? They make it difficult to recognize the data, but can't stop a skilled analyst
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- edi guide appendix l binary data attachments bin
- base64 encode or decode file as mime base64 rfc 1341
- convert base64 to pdf c
- base64 to pdf c
- php filter encoding
- base64 encode or decode le as mime base64 rfc 1341
- ch 13 data encoding
- streams poco c libraries
- expanding the data capacity of qr codes using multiple