In the last episode … As you’ve probably guessed it, this is the second part of my journey to reverse engineer a virtual machine protected binary. If you haven’t read the first part[1], I encourage you to do so, because I will not repeat everything again here. While the first part dealt with explaining the …Taming Virtual Machine Based Code Protection – 2 Read More »| Malware and Stuff
You probably already guessed it from the title’s name, API Hashing is used to obfuscate a binary in order to hide API names from static analysis tools, hindering a reverse engineer to understand the malware’s functionality. A first approach to get an idea of an executable’s functionalities is to more or less dive through the …Deobfuscating DanaBot’s API Hashing Read More »| Malware and Stuff