Thursday, May 3, 2012
Malware Design Strategies (Part 1) - Virus Bulletin
1. Detection of windows x86 emulator for running 32 bit dlls on x64 bit systems.
2. Detailed information about various tactics of VM code detection using memory, registry, Virtual
Machine Configuration Interface (VMCI), Media Access Control (MAC), system processes etc.
These methods are typically used to design anti VM code.
3 DLL injections using Asynchronous Procedure Call (APC)
4. Mutex based detection
5. Explicit run time linking to verify the presence of specific DLLs.
For complete details fetch the paper (require subscription) from - http://www.virusbtn.com/virusbulletin/archive/2012/05/vb201205-malware-design-strategies
We will be continuing our discussion in the part 2 of this paper.