Ch 13: Data Encoding
嚜燕ractical Malware Analysis
Ch 13: Data Encoding
Revised 11-24-20
The Goal of Analyzing
Encoding Algorithms
Reasons Malware Uses Encoding
? Hide configuration information
每 Such as C&C domains
? Save information to a staging file
每 Before stealing it
? Store strings needed by malware
每 Decode them just before they are needed
? Disguise malware as a legitimate tool
每 Hide suspicious strings
Simple Ciphers
Why Use Simple Ciphers?
? They are easily broken, but
每 They are small, so they fit into spaceconstrained environments like exploit
shellcode
每 Less obvious than more complex ciphers
每 Low overhead, little impact on performance
? These are obfuscation, not encryption
每 They make it difficult to recognize the data,
but can't stop a skilled analyst
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.