Instruction Overlap

From ema
Jump to navigation Jump to search
EMA ID: ema-1271
Description: Jumping after the first byte of an instruction. Confuses some disassemblers.
Associated Behavior: linear disassembler prevention

Supporting Details:
*Mitigation*:

Debug. Use different disassembly engine or different options for your disassembly engine.


References:
Date Malware Family URL
April 5, 2010 https://gironsec.com/code/packers.pdf