Skip to content

Latest commit

 

History

History
29 lines (23 loc) · 1.73 KB

File metadata and controls

29 lines (23 loc) · 1.73 KB
ID OB0001

Anti-Behavioral Analysis

Behaviors that prevent, obstruct, or evade behavioral analysis (sandbox, debugger, etc). Because the underlying methods differ, separate "detection" and "evasion" behaviors are defined for some anti-behavioral analysis areas (e.g., anti-debugger).

Two primary resources for anti-behavioral analysis behaviors are [1] and [2].

  • Capture Evasion B0036
  • Conditional Execution B0025
  • Debugger Detection B0001
  • Debugger Evasion B0002
  • Dynamic Analysis Evasion B0003
  • Emulator Detection B0004
  • Emulator Evasion B0005
  • Executable Code Virtualization B0008
  • Hooking F0003
  • Memory Dump Evasion B0006
  • Sandbox Detection B0007
  • Software Packing F0001
  • Virtual Machine Detection B0009

References

[1] Unprotect Project, a database about malware self-defense and protection. https://search.unprotect.it/map

[2] InDepthUnpacking, course content for teaching malware anti-analysis techniques and mitigations, with emphasis on packers. https://github.com/knowmalware/InDepthUnpacking