API Deobfuscator: Resolving Obfuscated API Functions in Modern Packers

by Seokwoo Choi
Sept. 18, 2017 1 comment Black Hat belen_caty

Modern packers use API obfuscation techniques to obstruct malware sandboxes and reverse engineers. In such packers, API call instructions are replaced with equivalent lengthy and complex code. API obfuscation techniques can be categorized into two according to the obfuscation time - static and dynamic. Static obfuscation embeds obfuscated instructions into the executable file. Dynamic obfuscation allocates a new memory block and copies obfuscated API function code into the newly allocated block.

https://www.blackhat.com/us-15/briefings.html#api-deobfuscator-resolving-obfuscated-api-functions...

Avatar
Steven Ulm 3 months ago

Thank you Choi for sharing this with us, it is one of the few well-explained articles of this niche on the internet .. couldn't find a better one up to now :)

Reply