Evasive Malware by Kyle Cucci

In previous chapters, you’ve learned about several techniques that malware uses to establish context and better understand its current environment. When malware determines that it’s running in an analyst’s lab or in an otherwise hostile environment, it may take evasive measures, such as delaying its execution, creating decoys, or even actively impeding investigation efforts by interfering with the analyst’s tools. This chapter will focus on these and other methods that malware uses to hide from and circumvent analysis tools.