In this chapter, we are going to explore different techniques that have been introduced by malware authors to bypass antivirus software static signatures and trick inexperienced reverse engineers, which are mainly, packing, encryption and obfuscation. We will learn how to identify packed samples, how to unpack them, how to deal with different encryption algorithms—from simple ones, such as sliding key encryption, to more complex algorithms, such as 3DES, AES, and Public Key Encryption (PKA)—and how to deal with API encryption, string encryption, and network traffic encryption.
This chapter will help you deal with malware that uses packing and encryption to evade detection and hinder reverse engineering. ...
