From the course: Ethical Hacking: The Complete Malware Analysis Process
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Malware that changes its spots
From the course: Ethical Hacking: The Complete Malware Analysis Process
Malware that changes its spots
- [Instructor] There are two categories of malware that have the ability to change their binary file as they propagate. Polymorphic and metamorphic. By doing this, they can defeat traditional signature based detection. Morphing malware is quite common with research indicating that over 90% of all malicious executable encountered are poly or metamorphic. Polymorphic malware has two parts. One part which is used to remove obfuscation or encryption remains the same in each version of the malware. While the second part, which holds the obfuscated or encrypted malware, changes. Early version of polymorphic malware used simple obfuscation by XORing the body and then XORing at the start of execution to recover the original malware. More contemporary malware uses full encryption to hide the body code and incorporates a decryption routine to recover the body back to it's original form so the malware can execute. Once executed, the malware is reobfuscated or renecrypted with a different key…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
-
(Locked)
Hiding malware5m 31s
-
(Locked)
Malware that changes its spots1m 49s
-
(Locked)
Polymorphic malware5m 37s
-
(Locked)
Using cryptography in ransomware5m 20s
-
(Locked)
Understanding advanced persistent threats1m 30s
-
(Locked)
Analyzing Win32.Sodin3m 50s
-
(Locked)
Analyzing black and grey energy7m 32s
-
(Locked)
Understanding log4shell4m 22s
-
(Locked)
-
-