GET /api/techniques/75/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"id": 75,
"key": "api-obfuscation",
"unprotect_id": "U0217, B0032.001",
"name": "API Obfuscation",
"description": "API obfuscation is a technique used by malware to make it more difficult for security analysts to understand and analyze the code. This is typically done by using a technique called API hashing, which replaces the names of API functions with a hashed value. When an analyst runs the malware through a disassembler tool, the hashed values are printed instead of the actual names of the functions, making it more difficult to understand the code and identify any potentially malicious behavior.\r\n\r\nThis technique is often used to hide suspicious API calls from the Import Address Table (IAT), which is used to store the addresses of functions imported from other libraries. By hiding these calls, malware authors can make it harder for analysts to identify and analyze their code.",
"resources": "https://www.ired.team/offensive-security/defense-evasion/windows-api-hashing-in-malware",
"creation_date": "2019-03-18T13:48:59Z",
"tags": "hashing, API, obfuscation, API hashing,\r\nImport Address Table (IAT),\r\nCode obfuscation,",
"modification_date": "2023-10-04T10:44:20.085000Z",
"category": [
5
],
"rules": [],
"attachments": [],
"featured_api": [
2,
7,
376,
425
],
"contributors": []
}
