How Malware Walks The PEB To Find Modules By Hash

In this video, we will learn how to recognize a common obfuscation technique malware uses; walking the PEB to find loaded modules by hash. This technique is often used in shellcode, packers, and to thwart AV scanners. Learning to quickly recognize the technique and understand how to deal with it is an important technique to know to advance your malware analysis skills.

Download the malware samples at https://malshare.com to review in your own analysis lab:

    1. Example 1: 5d267403191a8786db2062584f298478ba59aa7b4d23adcf850a2c14a55c6d97

    2. Example 2: 58e923ff158fb5aecd293b7a0e0d305296110b83c6e270786edcc4fea1c8404c

https://www.youtube.com/watch?v=Tk3RWuqzvII&feature=youtu.be

[招生]科锐逆向工程师培训(2024年11月15日实地，远程教学同时开班, 第51期)