
ID	OB0002

Anti-Static Analysis

Behaviors and code characteristics that prevent static analysis or make it more difficult. Simple static analysis identifies features such as embedded strings, header information, hash values, and file metadata (e.g., creation date). More involved static analysis involves the disassembly of the binary code.

Two primary resources for anti-static analysis behaviors are [1] and [2].

Call Graph Generation Evasion B0010
Disassembler Evasion B0012
Data Flow Analysis Evasion B0045
Executable Code Obfuscation B0032
Executable Code Optimization B0034
Executable Code Virtualization B0008
Obfuscated Files or Information E1027
Software Packing F0001

References

[1] Unprotect Project, a database about malware self-defense and protection. https://search.unprotect.it/map/sandbox-evasion/

[2] InDepthUnpacking, course content for teaching malware anti-analysis techniques and mitigations, with emphasis on packers. https://github.com/knowmalware/InDepthUnpacking

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

Anti-Static Analysis

References

Files

README.md

Latest commit

History

README.md

File metadata and controls

Anti-Static Analysis

References