Behavior-based Detection
2024-08-05
Once malware is running, security software will continue to look for suspicious behavior emitted by running processes.
For example, if a notepad.exe ...
Read More
CreateFile
2024-08-05
CreateFile() is a WinAPI macro (chooses CreateFileA or CreateFileW as appropriate) that creates a new file or opens an existing file. On success, a ...
Read More
Hashing Detection
2024-08-05
Hashing detections are done by saving file hashes of known to be malicious files and comparing them with samples to be analyzed. If the file hashes ...
Read More
malware analysis
2024-08-05
Malware Analysis is the process of understanding the behavior and purpose of a malware sample.
Read More
obfuscation
2024-08-05
Similar to encryption, obfuscation techniques can protect sensitive data from being read. Obfuscation is often deployed as a defense against reverse ...
Read More
Payload Encryption
2024-08-05
Payloads are often encrypted within code to make it more difficult for security softare to detect the malicious activity of the file. Payload ...
Read More
PE Sections
2024-08-05
Portable Executable Sections contain the code and data of an executable.
Sections may contain code, variables, or resource information.
Programs may ...
Read More
Program Database
2024-08-05 pe windows
Program Database (PDB) is a file format on Windows systems used to store debugging information about a program.
PDB files commonly have a .pdb file ...
Read More
Ransomware
2024-08-05
Ransomware is a type of malware that permanently blocks access to a victim’s personal data unless a ransom is paid.
Read More
Sandbox Detection
2024-08-05
Sandboxing is a dynamic detection method in which the scrutinized file (or sample) is executed within a contained environment (sandbox). The behavior ...
Read More