From the course: Ethical Hacking: The Complete Malware Analysis Process
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Polymorphic malware
From the course: Ethical Hacking: The Complete Malware Analysis Process
Polymorphic malware
- [Man] Let's take a look at some polymorphic code. This is a small program called "Target," written in Matter Assembler, which demonstrates how morphing works. Let's have a quick look at it, and then run it in the debugger to see how it works. The first section of the code injects a malware into this program. It reads a binary file; we'll call it "malware," and writes it into its own code space. This mimics what we'd see with a buffer overflow. We then display a "hello world" message, followed by some code, which finally ends with an exit process. I've loaded the target program into a debugger to show exactly what happens inside the computer when this code runs. I'm using x32dbg. And I've loaded target.exe and positioned to the start of user code. Note that if you want to try this yourself, you'll need to modify the MASM32 assembly and linking file to enable .txt segments to be writeable. We can see the initial inject code here. Let's step through it. The first thing we do, is to…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
-
(Locked)
Hiding malware5m 31s
-
(Locked)
Malware that changes its spots1m 49s
-
(Locked)
Polymorphic malware5m 37s
-
(Locked)
Using cryptography in ransomware5m 20s
-
(Locked)
Understanding advanced persistent threats1m 30s
-
(Locked)
Analyzing Win32.Sodin3m 50s
-
(Locked)
Analyzing black and grey energy7m 32s
-
(Locked)
Understanding log4shell4m 22s
-
(Locked)
-
-