Entry point obfuscation (or also “obscuring”) is the technique viruses nested inside .exe files use to call their malicious code. They hide the infection by using unusual places inside the binary from where they jump to the malicious virus code.
If you want to know how exactly EPO works by a real life example Peter Szor wrote a nice document in 2005 (but still valid today).
Download it here.
Understanding the Entry point obfuscation technique.
Jun 27th, 2009 by carrumba
Leave a comment
But please respect the commenting rules. Critizism is appreciated and also general comments of course. If you're rude your comment will be deleted. Also use your personal/nick name but avoid using business names. Thanks!
