| ID | OB0001 |
| Created | 1 August 2019 |
| Last Modified | 31 October 2022 |
Behaviors that prevent, obstruct, or evade behavioral analysis of malware--for example, analysis done using a sandbox or debugger. Because the underlying methods differ, separate "detection" and "evasion" behaviors are defined for some anti-behavioral analysis areas.
- Capture Evasion B0036
- Conditional Execution B0025
- Debugger Detection B0001
- Debugger Evasion B0002
- Dynamic Analysis Evasion B0003
- Emulator Detection B0004
- Emulator Evasion B0005
- Executable Code Virtualization B0008
- Hijack Execution Flow F0015
- Memory Dump Evasion B0006
- Sandbox Detection B0007
- Software Packing F0001
- Virtual Machine Detection B0009
[1] Unprotect Project, a database about malware self-defense and protection. https://search.unprotect.it/map
[2] InDepthUnpacking, course content for teaching malware anti-analysis techniques and mitigations, with emphasis on packers. https://github.com/knowmalware/InDepthUnpacking