In step 1, we run our signature detection script against the polymorphed binary and see that none of the signatures are identified:
Assuming we didn't know this was a polymorphed version of the reverse shell binary we analyzed in Chapter 7, Analyzing a Simple Reverse Shell, we would continue to work through static analysis. We've seen the output of our non-polymorphed version before, so we won't spend too much time on it. Your output should look similar to the following screenshot:
The first instruction is the familiar XOR RAX, ...