Bad String Format
Created the Monday 18 March 2019. Updated 5 months, 4 weeks ago.
Bad string format is a technique used by malware to evade detection and analysis by OllyDbg, a popular debugger used by security researchers and analysts. This technique involves using malformed strings that exploit a known bug in OllyDbg, causing the debugger to crash or behave unexpectedly.
For example, the malware may use a string with multiple %s inputs, which OllyDbg is not able to handle correctly. This causes the debugger to crash or behave in an unpredictable manner, making it difficult for the analyst to continue their analysis. This technique can be effective in disrupting the analysis process and making it more difficult for the analyst to understand the malware's capabilities and behavior. However, it is only effective against OllyDbg, and other debuggers may not be affected by this technique.
Bad string format OllyDbg Debugger evasion String manipulation
The resources provided below are associated links that will give you even more detailed information and research on current evasion technique. It is important to note that, while these resources may be helpful, it is important to exercise caution when following external links. As always, be careful when clicking on links from unknown sources, as they may lead to malicious content.