Evasive Malware by Kyle Cucci

Continuing Part III’s discussion of anti-reversing tactics used by malware, in this chapter we’ll look at covert code execution, in which malware executes code in a stealthy manner, frustrating an analyst’s attempts to follow its logic and code and sometimes evading debugging altogether. This can also serve the purpose of misdirecting the analyst, causing confusion and slowing down the reverse engineering process. Let’s explore a few of the specific covert code execution and misdirection techniques you might encounter.