AnswerBun.com

Polymorphic Analysis

Information Security Asked by user109889 on November 23, 2021

I’m a beginner at malware analysis. For my research studies, I have to identify polymorphic malware based from experiments. I would like to know if there are any guides showing how to analyze the code (assembly language) of polymorphic malware using ollydbg (or other tools) to see where it started to mutate?

malwarereverse engineering

One Answer

In the following articles, the decryption key of the decryption loop is mutated:

https://n1ps.wordpress.com/2008/09/14/w32virut-analysis/ https://n1ps.wordpress.com/2008/09/16/w32virut-analysis-part-2/

There's no universal guide to find all these kinds of mutations with OllyDbg or other tools but you could try to find Crypto code where there're lots of arithmetic/logic instructions as a tip to start your mutation digging journey.

Answered by Minh-Triet Pham Tran on November 23, 2021

Add your own answers!

Related Questions

What’s a “safe” URL shortening algorithm?

3  Asked on December 31, 2020 by bensower

   

Examples of SSH key exchange algorithms requiring encryption-capable host keys

0  Asked on December 30, 2020 by uncaught

       

How can Google know that a Microsoft e-mail account is “not safe”?

1  Asked on December 29, 2020 by gsnail

     

Securing internet connection with hostile ISP

1  Asked on December 29, 2020 by user242761

       

How to block all inbound traffic from a specific Internet address or subnet using TomatoUSB router software (LINUX based)

1  Asked on December 28, 2020 by appdeveloper

       

Is Chrome Browser/ Computer compromised by KMSPico?

0  Asked on December 27, 2020 by waterbyte

         

Constant POST request spam to /cgi-bin/ViewLog.asp endpoint

2  Asked on December 26, 2020

   

Is it safe to allow www-data to execute privileged commands?

4  Asked on December 26, 2020 by userk

     

Web Cache Deception – exploitable without a cache server?

1  Asked on December 26, 2020 by citylight

 

Determine if private key belongs to certificate?

3  Asked on December 25, 2020 by thanatos

     

PostgreSQL exploit not loading in MSFConsole from ExploitDB

1  Asked on December 25, 2020

     

Is splitting a REST API server from a Web server considered a security threat?

6  Asked on December 24, 2020 by acsor

   

John The Ripper and PBKDF2-HMAC-SHA1

1  Asked on December 22, 2020 by canine

         

Filtering http responses for subdomain takeover

0  Asked on December 21, 2020 by kirill-z

 

Sql map Manual Vulnerability Assessment

1  Asked on December 20, 2020 by badddy

         

Unknown folders in OneDrive

1  Asked on December 19, 2020 by user851

     

Can I rely on the CSRF cookie to check if a user is authenticated on the client-side?

2  Asked on December 15, 2020 by turnip

       

Quantify security strength from entropy and lifetime

2  Asked on December 12, 2020 by gethopr

     

Security risks from exposing ssh to a home server

2  Asked on December 8, 2020 by nutle

   

Man In The Middle Attack On File Uploads

2  Asked on December 7, 2020 by mojo

   

Ask a Question

Get help from others!

Recent Answers

Recent Questions

© 2023 AnswerBun.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP