How it works...

In step 1, we run our signature detection script against the polymorphed binary and see that none of the signatures are identified:

Assuming we didn't know this was a polymorphed version of the reverse shell binary we analyzed in Chapter 7, Analyzing a Simple Reverse Shell, we would continue to work through static analysis. We've seen the output of our non-polymorphed version before, so we won't spend too much time on it. Your output should look similar to the following screenshot:

The first instruction is the familiar XOR RAX, ...

Get Binary Analysis Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.