Debugger Artifacts

From ema
Jump to navigation Jump to search
EMA ID: ema-1272
Description: Detects a debugger by its artifact (window title, device driver, exports, etc.)
Associated Behavior: debugger detect & evade

Supporting Details:
*Mitigation*:

Identify detection routine(s) and patch out or hardware breakpoint and modify register or stack values.


References:
Date Malware Family URL
April 5, 2010 https://gironsec.com/code/packers.pdf