An Obfuscation Method represents a non-behavioral feature associated with how the code in a malware instance is structured or package. Examples include code encryption (packing) and code compression.
|code compression||The 'code compression' Obfuscation Method indicates that the code of the malware instance is compressed using one or more compression algorithms.||packing|
|code encryption||The 'code encryption' Obfuscation Method indicates that the code of the malware instance is encrypted using one or more encryption algorithms.||Common: encryption algorithm|
|dead code insertion||The 'dead code insertion' Obfuscation Method indicates that the malware instance contains dead intended to impede disassembly.|
|entry point obfuscation||The 'entry point obfuscation' Obfuscation Method indicates that the entry point of the malware instance is obfuscated.|
|import address table obfuscation||The 'import address table obfuscation' Obfuscation Method indicates that the import address table of the malware instance is obfuscated.|
|interleaving code||The 'interleaving code' structural feature refers to a form of obfuscation that splits code into sections that are rearranged and connected by unconditional jumps.|
|symbolic obfuscation||The 'symbolic obfuscation' Obfuscation Method refers to the removing or renaming of textual information in the code of the malware instance.|