» Blog Archive » Understanding the Entry point obfuscation technique.

Unanonymity 0.1 : PHP script to reveal user data »

Understanding the Entry point obfuscation technique.

Jun 27th, 2009 by carrumba

Entry point obfuscation (or also “obscuring”) is the technique viruses nested inside .exe files use to call their malicious code. They hide the infection by using unusual places inside the binary from where they jump to the malicious virus code.
If you want to know how exactly EPO works by a real life example Peter Szor wrote a nice document in 2005 (but still valid today).

Download it here.

posted in Reading material

But please respect the commenting rules. Critizism is appreciated and also general comments of course. If you're rude, I have to delete your comment. Also use your personal/nick name but avoid using business names. Have fun and thanks for participating the discussion.

Search for
Places
Categories
- Antivirus (4)
- Articles (16)
- Bot sources (1)
- C# (10)
- Carding (4)
- Coders corner (12)
- Crypto (3)
- Deutsch (7)
- External tools (20)
- Info (7)
- News & media (110)
- Off topic (9)
- Phishing (1)
- RAT sources (5)
- Reading material (14)
- Stuff (59)
- Tools & sources (67)
- Worm sources (4)
Recommended
- slotshero.com free slots
Archives
- http://bit.ly/aSf23y who wants to give it a try ? 02:27:09 PM September 01, 2010 from web
- i rewrote the proxy server+the CONNECT method is supported now.the first bots are already there.i'll send updates if sth. intresting happens 08:34:33 AM August 31, 2010 from web
Blogroll

Understanding the Entry point obfuscation technique.

Leave a comment

Search for

Places

Categories

Recommended

Archives

Blogroll