Daniel Plohmann daniel.plohmann@fkie.fraunhofer.de @push_pnx @malpedia
e4kWdgu
e4kWdgu
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Malpedia: Status Quo<br />
Disassembler vs. Malpedia: Presence of Anti-Analysis Patterns<br />
33x<br />
1. push <br />
F8<br />
clc<br />
72 01 jb <br />
2. C3 retn<br />
FF<br />
<br />
3. : cmp dword ptr…<br />
Does this<br />
„technique“ appear<br />
in any other families?<br />
some Pony strain<br />
bfe2a403158191c413379c9ef67f9c0bf0e442f7a47d<strong>de</strong>33d8100905123be6f2<br />
„F8 72 01 C3“ ?<br />
60<br />
© Cyber Analysis and Defense Department, Fraunhofer FKIE