How Malware Walks The PEB To Find Modules By Hash

In this video, we will learn how to recognize a common obfuscation technique malware uses; walking the PEB to find loaded modules by hash. This technique is often used in shellcode, packers, and to thwart AV scanners. Learning to quickly recognize the technique and understand how to deal with it is an important technique to know to advance your malware analysis skills.

Download the malware samples at https://malshare.com to review in your own analysis lab:

    1. Example 1: 5d267403191a8786db2062584f298478ba59aa7b4d23adcf850a2c14a55c6d97

    2. Example 2: 58e923ff158fb5aecd293b7a0e0d305296110b83c6e270786edcc4fea1c8404c

https://www.youtube.com/watch?v=Tk3RWuqzvII&feature=youtu.be

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课