Bypassing Static Heuristic
Created the Monday 18 March 2019. Updated 4 years, 6 months ago.
Dynamic heuristic engines are implemented in the form of hooks (in user-land or kernel-land) or based on emulation. User-land hooks (HIPS) can be easily bypass by malware by patching back the entry point of the hooked function. For kernel-land hook, malware has to run in kernel space by installing a driver or abusing a kernel-level vulnerability.
The resources provided below are associated links that will give you even more detailed information and research on current evasion technique. It is important to note that, while these resources may be helpful, it is important to exercise caution when following external links. As always, be careful when clicking on links from unknown sources, as they may lead to malicious content.