GET /api/techniques/370/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"id": 370,
"key": "runtime-function-decryption",
"unprotect_id": "U0523",
"name": "Runtime Function Decryption",
"description": "This technique is used to store the function body in an encrypted form. They will only be decrypted just before the execution of that code and will be re-encrypted after the code has been executed. \r\n\r\nThis technique is used by SmokeLoader to evade anti-virus and EDRs, since the function body is in encrypted form except at the time of execution of the function. It also makes the static analysis of SmokeLoader harder.",
"windows": "",
"linux": "",
"macos": "",
"resources": "https://irfan-eternal.github.io/understanding-internals-of-smokeloader/#encrypted-function-code",
"creation_date": "2024-03-22T06:30:48.583023Z",
"tags": "encryption, smokeloader",
"modification_date": "2024-03-22T06:30:48.583077Z",
"category": [
2
],
"rules": [],
"attachments": [],
"featured_api": [],
"contributors": [
38
]
}
