Search Evasion Techniques
Names, Techniques, Definitions, Keywords
13 item(s) found so far for this keyword.
The Delphi programming language can be an easy way to write applications and programs that leverage Windows API functions. In fact, some actors deliberately include the default libraries as a diversion to hamper static analysis and make the application "look legit" during dynamic analysis.
The packer goes to great lengths to ensure that it is not running in an analysis …
EXE Packer is able to compress executable files (type EXE) or DLL-files. Already compressed files may also be decompressed with this program. There exist 12 different levels for file-compression. This program is also able to create backups of the files that shall be compressed.
If a file is compressed the physical file-size is reduced on the respective device. A compressed …
UPX is a tool that is used to compress and encrypt executables in order to make them smaller and more difficult to reverse engineer. UPX is free to use, portable, and can be extended with additional features. It is known for its high performance and compatibility with a wide range of executable formats. UPX is commonly used by software developers …
Milfuscator is a tool used to obfuscate the code in a Portable Executable (PE) file by modifying and expanding the existing code in the ".text" section, without creating any new sections. It does this using the Zydis and AsmJit libraries, and is based on the concept of code mutation from a P2C project for the game Counter-Strike: Global Offensive. The …
hXOR Packer is a PE (Portable Executable) packer with Huffman Compression and Xor encryption.
The unpacker will decompress and decrypt the packed PE and execute it directly from memory without needing any hard disk space to execute.
DTPacker is a .NET packer or downloader which although seeing considerable variety in the first stage, uses a second stage with a fixed password as part of the decoding.
The main difference between a packer and a downloader is the location of the payload data which is embedded in the former and downloaded in the latter. DTPacker uses both forms. …
Themida is a commercial known packer that embeds several features including anti-debugging, virtual machine emulation, encryption...
Anti-debugger techniques that detect/fool any kind of debugger
Anti-memory dumpers techniques for any Ring3 and Ring0 dumpers
Different encryption algorithms and keys in each protected application
Anti-API scanners techniques that avoids reconstruction of original import table
Automatic decompilation and scrambling techniques in target application …
Alienyze is a software packer designed to compress executable files, allowing them to reduce the file size of their software as much as possible.
Anti-Debugger techniques that detect and fool present debuggers
Anti-VM techniques that detect sandbox & virtualized environments
Protection from disassemblers and software analysis tools
Hardware ID locking for making applications machine dependant
Integrity checks that detect code …
MPRESS is a free packer. It makes programs and libraries smaller, and decrease start time when the application loaded from a slow removable media or from the network.
It uses in-place decompression technique, which allows to decompress the executable without memory overhead or other drawbacks; it also protects programs against reverse engineering by non-professional hackers. Programs compressed with MPRESS run …
ASPack is an EXE packer created to compress Win32 executable files and to protect them against reverse engineering.
The solution makes Windows programs and libraries smaller up to 70% what leads to a reduction in the download time of compressed applications in local networks and the Internet because of their smaller size compared to uncompressed apps.
The ASPack exe compressor …