API Deobfuscator: Resolving Obfuscated API Functions in Modern Packers

by Seokwoo Choi Sept. 18, 2017 via Black Hat submitted by belen_caty

Modern packers use API obfuscation techniques to obstruct malware sandboxes and reverse engineers. In such packers, API call instructions are replaced with equivalent lengthy and complex code. API obfuscation techniques can be categorized into two according to the obfuscation time - static and dynamic. Static obfuscation embeds obfuscated instructions into the executable file. Dynamic obfuscation allocates a new memory block and copies obfuscated API function code into the newly allocated block.


Steven Ulm 4 weeks, 1 day ago

Thank you Choi for sharing this with us, it is one of the few well-explained articles of this niche on the internet .. couldn't find a better one up to now :)