How Malware Walks The PEB To Find Modules By Hash

In this video, we will learn how to recognize a common obfuscation technique malware uses; walking the PEB to find loaded modules by hash. This technique is often used in shellcode, packers, and to thwart AV scanners. Learning to quickly recognize the technique and understand how to deal with it is an important technique to know to advance your malware analysis skills.

Download the malware samples at 91eK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6E0j5h3I4K6K9r3q4J5k6g2)9J5k6h3y4G2L8b7`.`. to review in your own analysis lab:

    1. Example 1: 5d267403191a8786db2062584f298478ba59aa7b4d23adcf850a2c14a55c6d97

    2. Example 2: 58e923ff158fb5aecd293b7a0e0d305296110b83c6e270786edcc4fea1c8404c

9f7K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2&6L8%4g2@1N6h3u0W2i4K6u0W2j5$3!0E0i4K6u0r3N6$3q4@1j5$3S2Q4x3@1k6$3i4K6y4p5g2r3D9K6f1W2N6#2M7i4A6$3d9f1W2Q4x3U0k6S2L8i4m8Q4x3@1u0X3k6h3q4@1N6i4u0W2i4K6y4p5P5h3!0#2N6s2g2Q4x3X3g2T1k6b7`.`.

[培训]传播安全知识、拓宽行业人脉——看雪讲师团队等你加入！