Obfuscation Methods

From ema
Jump to: navigation, search

An Obfuscation Method represents a non-behavioral feature associated with how the code in a malware instance is structured or package. Examples include code encryption (packing) and code compression.


Name Description Associated Attributes Aliases
code compression The 'code compression' Obfuscation Method indicates that the code of the malware instance is compressed using one or more compression algorithms. packing
code encryption The 'code encryption' Obfuscation Method indicates that the code of the malware instance is encrypted using one or more encryption algorithms. Common: encryption algorithm
dead code insertion The 'dead code insertion' Obfuscation Method indicates that the malware instance contains dead intended to impede disassembly.
entry point obfuscation The 'entry point obfuscation' Obfuscation Method indicates that the entry point of the malware instance is obfuscated.
import address table obfuscation The 'import address table obfuscation' Obfuscation Method indicates that the import address table of the malware instance is obfuscated.
interleaving code The 'interleaving code' structural feature refers to a form of obfuscation that splits code into sections that are rearranged and connected by unconditional jumps.
symbolic obfuscation The 'symbolic obfuscation' Obfuscation Method refers to the removing or renaming of textual information in the code of the malware instance.