How Malware Walks The PEB To Find Modules By Hash

In this video, we will learn how to recognize a common obfuscation technique malware uses; walking the PEB to find loaded modules by hash. This technique is often used in shellcode, packers, and to thwart AV scanners. Learning to quickly recognize the technique and understand how to deal with it is an important technique to know to advance your malware analysis skills.

Download the malware samples at e57K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6E0j5h3I4K6K9r3q4J5k6g2)9J5k6h3y4G2L8b7`.`. to review in your own analysis lab:

    1. Example 1: 5d267403191a8786db2062584f298478ba59aa7b4d23adcf850a2c14a55c6d97

    2. Example 2: 58e923ff158fb5aecd293b7a0e0d305296110b83c6e270786edcc4fea1c8404c

1e3K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2&6L8%4g2@1N6h3u0W2i4K6u0W2j5$3!0E0i4K6u0r3N6$3q4@1j5$3S2Q4x3@1k6$3i4K6y4p5g2r3D9K6f1W2N6#2M7i4A6$3d9f1W2Q4x3U0k6S2L8i4m8Q4x3@1u0X3k6h3q4@1N6i4u0W2i4K6y4p5P5h3!0#2N6s2g2Q4x3X3g2T1k6b7`.`.

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课