& Obfuscated Files or Information
Jump to navigation Jump to search
|Description:||This corresponds to the EMA 'code obfuscation' behavior.
This may be covered by the ATT&CK Obfuscated File or Information technique. However, the details below are more extensive than given in ATT&CK.
The code in the malware instance is obfuscated to hinder static analysis.
* *Dead Code Insertion*: Inclusion of "dead" code in the malware instance with no real functionality but with the intent of impeding disassembly. * *Fake Code Insertion*: Add fake code similar to known packers or known goods to fool identification. Can confuse some automated unpackers. * *Jump Insertion*: Insertion of jumps to make analysis visually harder. * *Junk Code Insertion*: Insertion of dummy code between relevant opcodes. Can make signature writing more complex. * *Thunk Code Insertion*: Variation on “jump”; also used by some compilers for user-generated functions (ex: Visual Studio /INCREMENTAL.
|Associated Capabilities/Subcapabilities:|| Anti-Static Analysis