Search For Content
Search Result
74 item(s) found so far for this keyword.
EditWordBreakProc
Edit controls, including Rich Edit controls, are a common type of Windows control found in many applications. They can be embedded directly in the application or as subclassed windows.
When these controls display text in multiline mode, they use a callback function called EditWordBreakProc. This function is called every time the control needs to do something related to …
WordWarping
Edit controls are a type of user interface element that allows a user to enter and edit text in a graphical user interface (GUI). They are commonly used in Windows applications and can be embedded directly into a GUI or subclassed as a separate window. Edit controls can be set to display text in multiline mode, in which case they …
Read moreDNS API Injection
DNS API injection is a technique used by malware to evade detection by intercepting and modifying DNS (Domain Name System) requests made by a host system. The technique involves injecting code into the DNS API (Application Programming Interface) of the host system, which is a set of functions and protocols that allow communication with the DNS service. By injecting code …
Read moreBreaking BaDDEr
Dynamic Data Exchange (DDE) is a protocol that allows applications to share data with each other. The Dynamic Data Exchange Management Library (DDEML) is a set of functions that facilitate data sharing using the DDE protocol. DDE and DDEML are commonly used in Microsoft Office to enable data to be shared between applications. In October 2017, a vulnerability was discovered …
Read moreDetecting Online Sandbox
Online sandboxes are widely used for malware analysis. To evade detection, many malware families implement checks to identify if they are running in such environments. Below are examples of detection techniques for Any.Run and Tria.ge.
Detecting Any.Run
-
Any.Run uses a fake root certificate to spy on sandbox traffic. System information can be obtained by querying …
MPRESS
MPRESS is a free packer. It makes programs and libraries smaller, and decrease start time when the application loaded from a slow removable media or from the network.
It uses in-place decompression technique, which allows to decompress the executable without memory overhead or other drawbacks; it also protects programs against reverse engineering by non-professional hackers. Programs compressed with MPRESS …
Read moreThemida
Themida is a commercial known packer that embeds several features including anti-debugging, virtual machine emulation, encryption...
-
Anti-debugger techniques that detect/fool any kind of debugger
-
Anti-memory dumpers techniques for any Ring3 and Ring0 dumpers
-
Different encryption algorithms and keys in each protected application
-
Anti-API scanners techniques that avoids reconstruction …
Alienyze
Alienyze is a software packer designed to compress executable files, allowing them to reduce the file size of their software as much as possible.
-
Anti-Debugger techniques that detect and fool present debuggers
-
Anti-VM techniques that detect sandbox & virtualized environments
-
Protection from disassemblers and software analysis tools
-
Hardware …
AsPack
ASPack is an EXE packer created to compress Win32 executable files and to protect them against reverse engineering.
The solution makes Windows programs and libraries smaller up to 70% what leads to a reduction in the download time of compressed applications in local networks and the Internet because of their smaller size compared to uncompressed apps.
The ASPack …
Read moreAsProtect
ASProtect is a multifunctional EXE packing tool designed for software developers to protect 32-bit applications with in-built application copy protection system.
It includes software compression, provides protection methods and tools for software from unauthorized copying, analysis, disassemblers and debuggers.
ASProtect 32 also provides enhanced work with registration keys and the ability to create a single application that can …
Read more