The Goal of Analyzing Encoding Algorithms
Malware uses encoding for a variety of purposes. The most common use is for the encryption of network-based communication. Malware will also use encoding to disguise its internal workings. For example, a malware author might use a layer of encoding for these purposes:
To hide configuration information, such as a command-and-control domain
To save information to a staging file before stealing it
To store strings used by the malware and decode them just before they are needed
To disguise the malware as a legitimate tool, hiding the strings used for malicious activities
Our goal when analyzing encoding algorithms will always consist of two parts: identifying the encoding functions and then using that knowledge ...
Get Practical Malware Analysis now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.