Thwarting Stack-Frame Analysis Anti-Disassembly

Thwarting Stack-Frame Analysis is a technique used by malware to make it more difficult for security analysts to reverse engineer and analyze the code. A stack frame is a collection of data associated with a function, including local variables, arguments passed to the function, and the return address. Disassemblers can use information from the stack frame to understand a function's …

ExeStealth Packers

ExeStealth is a tool that encrypts files to avoid detection and hacking. Designed by WebToolMaster, this free software is simple to implement and one of the best anti-hacking tools on the market, which also makes it effective at hiding malware code in your system.

Themida Packers

Themida is a commercial known packer that embeds several features including anti-debugging, virtual machine emulation, encryption...

Anti-debugger techniques that detect/fool any kind of debugger
Anti-memory dumpers techniques for any Ring3 and Ring0 dumpers
Different encryption algorithms and keys in each protected application
Anti-API scanners techniques that avoids reconstruction …

FSG Packers

The free, simple FSG software compresses both small and large files. While it is popular and commonly used to hide malware code, it is also relatively simple to unpack through a decompression loop that writes the data to the final destination.

Alienyze Packers

Alienyze is a software packer designed to compress executable files, allowing them to reduce the file size of their software as much as possible.

Anti-Debugger techniques that detect and fool present debuggers
Anti-VM techniques that detect sandbox & virtualized environments
Protection from disassemblers and software analysis tools
Hardware …

VMProtect Packers

VMProtect protects code by executing it on a virtual machine with non-standard architecture that makes it extremely difficult to analyze and crack the software. Besides that, VMProtect generates and verifies serial numbers, limits free upgrades and much more.

.Net Reactor Packers

.NET Reactor is used to prevent reverse engineering by adding different protection layers to .NET assemblies. Beside standard obfuscation techniques it includes special features like NecroBit, Virtualization, x86 Code Generation or Anti Tampering.

PESpin Packers

PESpin is a Windows executable files protector, compressor coded in Win32ASM using MASM. Overall, this application will enable the compression of the entire executable - code, data, and resources, thus leaving the file protected against patching or disassembling.

Change Module Name at Runtime Process Manipulating

It is possible to change the name of the current process or any of its modules at runtime. This is achieved by accessing the process PEB's member 'Ldr', in particular it has a member 'InOrderMemoryLinks' which we can iterate through to get a list of the process's modules.

On each iteration it gets a PLDR_DATA_TABLE_ENTRY structure to work with …

Dirty Vanity Process Manipulating

Dirty Vanity is a process injection technique that exploits the Windows forking (process reflection and snapshotting) feature to inject code into a new process.

It uses the RtlCreateProcessReflection or NtCreateProcess[Ex] primitives, along with the PROCESS_VM_OPERATION, PROCESS_CREATE_THREAD, and PROCESS_DUP_HANDLE flags to reflect and execute code in a new process.

The technique also makes use of various methods, …

Search Evasion Techniques

Search Result