Chapter 4. Traversing Across Parallel Dimensions

Understanding the essentials of dealing with packed and encrypted malware is paramount when dealing with real world malware. In tandem, you should also be able to follow malware activity as it goes to and fro between the user mode and the kernel mode, or tries nifty tricks to be as stealthy or destructive as it can be. In this chapter, you will learn the following:

The process of unpacking packed binaries
Kernel mode debugging with IDA Pro, Virtual KD, and VMWare
Windows internals concepts

Compression sacks and straps

The current populous malwares are mostly obfuscated, packed, or encrypted to thwart detection and impede reverse engineering, usually as way to buy more time so that analysis will be made ...

Get Windows Malware Analysis Essentials now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Windows Malware Analysis Essentials by Victor Marak

Chapter 4. Traversing Across Parallel Dimensions

Compression sacks and straps

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly