How Malware Walks The PEB To Find Modules By Hash

In this video, we will learn how to recognize a common obfuscation technique malware uses; walking the PEB to find loaded modules by hash. This technique is often used in shellcode, packers, and to thwart AV scanners. Learning to quickly recognize the technique and understand how to deal with it is an important technique to know to advance your malware analysis skills.

Download the malware samples at https://malshare.com to review in your own analysis lab:

    1. Example 1: 5d267403191a8786db2062584f298478ba59aa7b4d23adcf850a2c14a55c6d97

    2. Example 2: 58e923ff158fb5aecd293b7a0e0d305296110b83c6e270786edcc4fea1c8404c

https://www.youtube.com/watch?v=Tk3RWuqzvII&feature=youtu.be

[培训]《安卓高级研修班(网课)》月薪三万计划，掌握调试、分析还原ollvm、vmp的方法，定制art虚拟机自动化脱壳的方法