vect0r
August 12th, 2008, 15:00
Hi,
I have a question regarding polymorphism in malware. It seems like a simple question so I've posted in this section. I have read alot of material, over 25 seperate papers and a range of articles on VX Heavens, not to mention a number of posts here also and I have found conflicting information and nothing concrete enough to answer my question.
The question - In polymorphic malware, the focus is on obfuscating the decryptors. This decryptor is prepended to the encrypted malware body. What I want to clarify is how is the encryption carried out? What is not made clear, is whether the decryptors are generated first and then the corresponding encryptor is generated or whether an encryptor is created and then the subsequent decryptor then follows?
Any clarification would be welcome
I have a question regarding polymorphism in malware. It seems like a simple question so I've posted in this section. I have read alot of material, over 25 seperate papers and a range of articles on VX Heavens, not to mention a number of posts here also and I have found conflicting information and nothing concrete enough to answer my question.
The question - In polymorphic malware, the focus is on obfuscating the decryptors. This decryptor is prepended to the encrypted malware body. What I want to clarify is how is the encryption carried out? What is not made clear, is whether the decryptors are generated first and then the corresponding encryptor is generated or whether an encryptor is created and then the subsequent decryptor then follows?
Any clarification would be welcome