Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Doqu 2.0 analysis
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 06-24-2015, 01:23
gigaman gigaman is offline
Friend
  
Join Date: Jun 2002
Posts: 87
Rept. Given: 0
Rept. Rcvd 3 Times in 2 Posts
Thanks Given: 0
Thanks Rcvd at 14 Times in 11 Posts
gigaman Reputation: 4
Maybe such non-x86 blocks (or the corresponding interpreters) are more likely to trigger antivirus heuristics... so while analysis would certainly be harder, the probability of earlier detection could also be higher.
Reply With Quote
  #2  
Old 06-27-2015, 05:13
dyn!o's Avatar
dyn!o dyn!o is offline
Friend
  
Join Date: Nov 2003
Location: Own mind
Posts: 214
Rept. Given: 1
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 8
Thanks Rcvd at 0 Times in 0 Posts
dyn!o Reputation: 1
You might be right, but then they could implement at least custom virtualization (maintaining actual architecture) + stronger data encryption. Anything, which could slow-down the analysis.
Reply With Quote
  #3  
Old 06-29-2015, 05:20
Stitch Stitch is offline
Friend
  
Join Date: Sep 2014
Posts: 32
Rept. Given: 1
Rept. Rcvd 3 Times in 3 Posts
Thanks Given: 4
Thanks Rcvd at 12 Times in 8 Posts
Stitch Reputation: 3
Quote:
Originally Posted by dyn!o View Post
You might be right, but then they could implement at least custom virtualization (maintaining actual architecture) + stronger data encryption. Anything, which could slow-down the analysis.
Quote:
Originally Posted by gigaman View Post
Maybe such non-x86 blocks (or the corresponding interpreters) are more likely to trigger antivirus heuristics... so while analysis would certainly be harder, the probability of earlier detection could also be higher.


Can you elaborate how this could be done by linking books/tutorials/topic about making it harder to analysis? (I'm not much but new on this area..)
Hope I would get a detailed answer.

-Stitch
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Malware Analysis ldmd General Discussion 7 03-09-2025 18:42
ahk malware analysis dion General Discussion 0 12-20-2021 08:50
About Android Apps Analysis Mayo General Discussion 5 07-23-2014 21:50


All times are GMT +8. The time now is 14:30.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )