Search Evasion Techniques
Names, Techniques, Definitions, Keywords
9 item(s) found so far for this keyword.
AddVectoredExceptionHandler technique is an anti-debugging method that can detect the presence of debuggers using Vectored Exception Handlers. This technique works by calling
AddVectoredExceptionHandler(1, ourHandler) to register a top-level exception handler that will catch any exceptions raised by the process, including those generated by debuggers.
After this call has taken place, stepping through the code will trigger an
EXCEPTION_SINGLE_STEP exception, …
ICE 0xF1 Anti-Debugging
ICEBP is an undocumented instruction that serves as a single byte interrupt 1, generating a single step exception. It can be used to detect if the program is traced.
Trap Flag Anti-Debugging
There is a Trap Flag in the Flags register. Bit number 8 of the EFLAGS register is the trap flag. When the Trap Flag is set, a SINGLE_STEP exception is generated.
GetLocalTime, GetSystemTime, timeGetTime, NtQueryPerformanceCounter Sandbox Evasion Anti-Debugging
When a debugger is present, and used to single-step through the code, there is a significant delay between the executions of the individual instructions, when compared to native execution.
Misusing Structured Exception Handlers Anti-Disassembly
Misusing Structured Exception Handlers is a technique used by malware to make it more difficult for security analysts to reverse engineer the code. Structured Exception Handlers (SEH) are functions that are used to handle exceptions in a program. These can be misused by malware to fool disassemblers and make it harder to analyze the code. One way this is done …
Image File Execution Options Injection Process Manipulating
Image File Execution Options Injection, also known as IFEO Injection, is a technique used by malware to evade detection and persist on a compromised system.
The technique involves modifying the Image File Execution Options (IFEO) registry key, which is used by the Windows operating system to set debugging options for executable files. When an executable file is launched, the operating …
Unhandled Exception Filter Anti-Debugging
An application-defined function that passes unhandled exceptions to the debugger, if the process is being debugged. Otherwise, it optionally displays an application error message box and causes the exception handler to be executed.
If an exception occurs and no exception handler is registered, the
UnhandledExceptionFilter function will be called. It is possible to register a custom unhandled exception filter using …
ExeStealth is a tool that encrypts files to avoid detection and hacking. Designed by WebToolMaster, this free software is simple to implement and one of the best anti-hacking tools on the market, which also makes it effective at hiding malware code in your system.
Adding antivirus exception Antivirus/EDR Evasion
Another way for a malware is to add an exception into the antivirus.